Fired chief of CISA is slammed for dismissing Trump’s claims of voter fraud as its revealed Russia compromised the entire US government for NINE months on his watch
- Christopher Krebs was fired by Donald Trump after disputing Trump’s claims of election fraud in the weeks following President-elect Joe Biden’s victory
- Krebs was slammed by some Republican senators this week in a hearing
- The alleged Russia hack of the government is casting new scrutiny on Krebs
- The hack was believed to have originated in March, when Krebs was still leading CISA well before his November dismissal
Christopher Krebs’ tenure as director of the agency in charge of cybersecurity is drawing new scrutiny after this week’s revelation of a wide-ranging cyber attack on the US government.
The Cybersecurity and Infrastructure Security Agency (CISA) wrote in an alert this week that ‘U.S. government agencies, critical infrastructure entities, and private sector organizations’ were compromised, beginning as early as March 2020, with all signs pointing to Russia.
The attack appears to have targeted at least the Departments of Energy, State, Defense, Homeland Security, Treasury and Commerce and began during Krebs’ tenure as director of CISA.
Fox News slammed Krebs and noted that the hack began on Krebs’ watch, though his name hasn’t come up often in relation to the incident. Krebs was fired by Trump last month after he publicly dismissed the president’s claims of fraud in the presidential election.
Former CISA director Christopher Krebs is drawing new scrutiny with the hack
Krebs was in charge of CISA in March 2020, when the hack is believed to have started
According to Microsoft’s analysis, this Russian hack has affected at least 40 organizations
Krebs testified in front of the Senate just this week in regards to election security, which he defended in a session CBS News termed to be ‘contentious.’
‘While elections are sometimes messy, this was a secure election,’ Krebs said during the hearing. ‘Of that I have no doubt.’
Still, there are plenty like Sen. Rand Paul who do doubt that, and the hacking revelation will only add to those questions.
‘The fraud happened,’ Sen. Paul said during the hearing. ‘The election in many ways was stolen and the only way it will be fixed is by in the future reinforcing the laws.’
‘I think we’re past the point where we need to be having conversations about the outcome of this election. I think that continued assaults on democracy and the outcome of this election, that only serves to undermine confidence in the process, is ultimately corrosive to the institutions that support elections,’ Krebs said.
The president fired back after the hearing, saying Krebs was ‘totally excoriated and proven wrong’ during the Senate session.
Krebs spent this week defending the security of the election in front of the Senate
Krebs was fired by Donald Trump in November after disputing Trump’s fraud charges
This week, Krebs tweeted about his old agency, saying he had the ‘utmost confidence’ in CISA
The specifics of the hack are still emerging and its not clear there are any ties between the hack and election security, which Krebs has consistently defended. But cybersecurity under CISA does fall under the Department of Homeland Security, which was compromised in the attack.
Allegations of fraud remain unfounded and the Electoral College has confirmed President-elect Joe Biden’s victory in the contest.
But the knowledge that there has been a hack of the government going on since months before the election even began casts more uncertainty on the cybersecurity of the country.
Krebs posted about the hack on Twitter, saying ‘As news breaks about what looks to be a pretty large-scale hack, I have the utmost confidence in the @CISAgov team and other Federal partners. I’m sorry I’m not there with them, but they know how to do this. This thing is still early, I suspect. Let’s let the pros work it.’
Microsoft has already identified at least 40 agencies and companies linked to the hack, which will likely only grow in scope over the coming months.
Krebs was succeeded by Brandon Wales, who has been running the agency for the past month.
But Krebs is likely to face more scrutiny as more information becomes available, as it appears the hack began under his watch for at least nine months.
How hackers used legitimate software updates as camouflage for the ‘SUNBURST’ attack
The U.S. Cybersecurity and Infrastructure Security Agency on Thursday released an alert detailing what it knows about the breach, which has been called the biggest in U.S. history.
CISA says that hackers were able to compromise the supply chain of network management software from SolarWinds, specifically recent versions of the SolarWinds Orion products.
Beginning in March 2020, hackers used SolarWinds software updates to install a secret network backdoor, which authorities are calling SUNBURST.
The malicious code was signed by the legitimate SolarWinds code signing certificate. An estimated 18,000 customers downloaded the compromised updates.
Once installed on a network, the malware used a protocol designed to mimic legitimate SolarWinds traffic to communicate with a domain that has since been seized and shut down.
The initial contact domain would often direct the malware to a new internet protocol (IP) address for command and control. The attackers used rotating IPs and virtual private servers with IP addresses in the target’s home country to make detection of the traffic more difficult.
‘Taken together, these observed techniques indicate an adversary who is skilled, stealthy with operational security, and is willing to expend significant resources to maintain covert presence,’ CISA said in the alert.
CISA said that once inside a network, the hackers seemed focused on gathering information, and would frequently target the emails of IT and security staff to monitor any countermeasures.
Without offering further details, the agency warned that the hackers used ‘other initial access vectors beyond SolarWinds Orion,’ meaning even groups that do not use the network software could be compromised.