Big Russian hack used a technique experts had warned about for years


The disastrous Russian hack of federal government networks last year relied on a powerful new trick: Digital spies penetrated so deeply that they were able to impersonate any user they wanted. It was the computer network equivalent of sneaking into the State Department and printing perfectly forged U.S. passports.

Cybersecurity researchers had warned for years that such an attack was possible. Those from one firm, FireEye, even released hacking tools in 2019 showing exactly how to do it — in hopes that the revelation would spur the widespread deployment of better defenses.

It didn’t.

Now there is urgent debate within cybersecurity circles about how best to respond to the hack, which was so extensive that experts describe it as historic.

Some are calling for stronger walls to keep out would-be intruders or better burglar alarms to alert network administrators that a hack had begun. Others, arguing that there’s no practical way to keep the most sophisticated hackers from breaking into important networks, say the smarter investment would be in building better tools for hunting and ejecting intruders once they inevitably get past security perimeters.

Meanwhile, questions remain about why this surge of corrective action didn’t happen earlier for a type of hack that had been discussed for years within cybersecurity circles and whether, even now, the potential solutions are being deployed widely enough to prevent future catastrophes.

Two months after the hack was discovered in December, cybersecurity researchers say spies are probably still active in some of the hundreds of breached networks. Victims included the departments of State, Treasury, Homeland Security, Energy and Commerce, and the National Institutes of Health and the National Nuclear Security Administration. Also penetrated were private companies in the consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia and the Middle East, as well as FireEye itself, which first reported the attack on Dec. 8.

Russian hack was ‘classic espionage’ with stealthy, targeted tactics

The Russians used a variety of sophisticated tricks to penetrate the networks in last year’s attack. But once inside, they often manipulated a piece of Microsoft software, Active Directory Federation Services, that vouches for the identities of authorized users by issuing digital identity documents called “SAML tokens.” An Israeli researcher had first described this technique, dubbed a “Golden SAML Attack,” in 2017, but it had not been seen in a major network intrusion until now, experts say.

Such systems for authenticating users are essential to securing the cloud services used widely by government agencies, corporations, hospitals, universities and most other places where people collaborate across long distances. And the ability to forge SAML tokens lets hackers roam widely among these cloud-based services, while also minimizing the chances of getting quickly caught.

“All of this outward security doesn’t mean squat if you don’t have this one thing locked up,” said Matthew D. Green, a Johns Hopkins cybersecurity and cryptology expert. “This is crazy.”

Authenticated SAML (rhymes with “camel”) tokens let intruders move easily among the computer systems affiliated with an organization, even if the individual elements are run by different companies, such as Microsoft, Amazon Web Services or Dropbox. Hackers can present these tokens as they seek access to different troves of valuable data — email, document repositories, payroll systems — while sidestepping common defensive measures, such as strong passwords and two-factor authentication.


RSS Latest Press Release

  • Smart Toilet Market Size to Reach $15181.4 Million by 2027
    Global Smart Toilet Market is valued at USD 7452.1 Million in 2020 and Anticipated to reach USD 15181.4 Million by 2027 with a Growing CAGR of 10.7% over the forecast period. Global Smart Toilet Market: Global Size, Trends, Competitive, Historical & Forecast Analysis 2021-2027, Rising adoption of innovative hygiene technologies such as UV lighting, supportive […]
  • Ideal Keepsake Boxes Add an Extra Touch to Saving Beautiful Memories
    Dallas, TX: November 29, 2021 – Family business Wayfaren is delighted to announce the release of its beautifully understated Keepsake Boxes - an ideal gift for loved ones to safely store treasured memories.   Their Keepsake Boxes, available in either maple or walnut, are thoughtfully designed and meticulously crafted for those who don't want to sacrifice style […]
  • Guru Printers Provides Exceptional Service in Sheet Labelling
    Los Angeles: November 29, 2021 – When it comes to branding your business in the right way, Guru Printers have developed a series of eye-catching solutions to enable companies to stand out from competitors.   With over a decade of printing experience, the Los Angeles-based company has created a robust line of printing services to meet […]
  • Plasterfix Australia Delivers Professional Plaster Solutions for Home and Business
    Alexandria NSW – Plasterfix Australia has increasingly become the go-to plastering services company for businesses and homeowners who are looking for a professional and perfect finish.   Plasterfix is anchored by the skills of master craftsman Pedro Pires, who has been honing the craft of plastering for 30 years. He learnt from his father, who passed […]