SolarWinds hackers accessed Homeland Security emails

The intelligence value of hacking the DHS's emails is unknown, but the symbolism is clear

Suspected Russian hackers who carried out the massive SolarWinds hack last year breached email accounts belonging to the former acting head of the Department of Homeland Security (DHS) and senior members of the DHS's cybersecurity division (CSD).

Citing current and former government officials, the Associated Press says the hackers gained access to then-DHS Secretary Chad Wolf's emails. In addition they were able to compromise the accounts of senior CSD officials, whose jobs included identifying threats from foreign countries.

The outlet interviewed more than a dozen government officials, who spoke on the condition of anonymity.

The intelligence value of the breach of Wolf and his staff's email accounts is not publicly known, although the AP says the symbolism is 'stark' - with people questioning how the US government will protect its institutions, firms and individuals if it cannot secure its own agencies and departments.

"The SolarWinds hack was a victory for our foreign adversaries and a failure for DHS," said Rob Portman, top Republican on the Senate homeland security committee.

"We are talking about DHS's crown jewels."

The White House administration is trying to keep a tight lid on the extent of the SolarWinds hack as it plans retaliatory action against Russia.

The attack, which sent shockwaves through the USA and globally, was disclosed in December, after the US Treasury Department and the US Department of Commerce's National Telecommunications and Information Administration (NTIA) were compromised in a massive cyber campaign.

The government said that the hackers were 'backed by a foreign government'.

Cyber security firm FireEye revealed that the attackers had compromised SolarWinds' network monitoring software Orion by 'inserting malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim's environment'.

At least nine federal agencies and dozens of private firms were hacked as a result, including security vendor Mimecast, whose source code was stolen.

AP says its investigation has revealed new details about the breach at multiple federal agencies, including the DHS and the Department of Energy.

One former official said the hackers managed to obtain the private schedules of officials at the DoE, including then-Secretary Dan Brouillette.

Another official confirmed that the Federal Aviation Administration (FAA) was breached, claiming that the agency struggled for several weeks to identify how many of its servers were running SolarWinds software.

When asked about the impact of the breach on the FAA in mid-February, the agency claimed that it was not affected. However, a few days later, it issued a second statement saying that it was investigating any potential impact of the hack on its network.

Recently Swiss cybersecurity firm Prodaft identified a global cyber-espionage campaign, dubbed Silverfish, with links to the SolarWinds attack. Organisations targeted by the 'extremely skilled' threat group included Fortune 500 firms, governmental institutions, global IT providers, defence contractors, automotive manufacturers and aviation firms in the US, Italy, and other countries.