Powerful tradecraft: How foreign cyber-spies compromised America

Revelations of the attack come at a vulnerable time as the US govt grapples with a contentious presidential transition and a spiraling public health crisis

Speaking at a private dinner for tech security executives at the St Regis Hotel in San Francisco in late February, America's cyber defense chief boasted how well his organizations protect the country from spies.

US teams were understanding the ad­versary better than the adversary understands themselves, a said General Paul Nakasone, boss of the National Security Agency (NSA) and US Cyber Command, according to a Reuters reporter present at the February 26 dinner. His speech has not been previously reported.

Yet even as he spoke, hackers were embedding malicious code into the network of a Texas software company called SolarWinds Corp, according to a timeline published by Microsoft and more than a dozen government and corporate cyber researchers.

A little over three weeks after that dinner, the hackers began a sweeping intelligence operation that has penetrated the heart of America’s government and numerous corporations and other institutions around the world.

The results of that operation came to light on December 13, when Reuters reported that suspected Russian hackers had gained access to US Treasury and Commerce Department emails. Since then, officials and researchers say they believe at least half-a-dozen US government agencies have been infiltrated and thousands of companies infected with malware in what appears to be one of the biggest such hacks ever uncovered.

Secretary of State Mike Pompeo said on Friday Russia was behind the attack, calling it a grave risk to the United States. Russia has denied involvement.

Revelations of the attack come at a vulnerable time as the US government grapples with a contentious presidential transition and a spiraling public health crisis. And it reflects a new level of sophistication and scale, hitting numerous federal agencies and threatening to inflict far more damage to public trust in America’s cybersecurity infrastructure than previous acts of digital espionage.

Much remains unknown — including the motive or ultimate target.

Seven government officials have told Reuters they are largely in the dark about what information might have been stolen or manipulated — or what it will take to undo the damage. The last known breach of US federal systems by suspected Russian intelligence — when hackers gained access to the unclassified email systems at the White House, the State Department and the Joint Chiefs of Staff in 2014 and 2015 — took years to unwind.

Trump signs Bill that can remove Chinese stocks from US markets

President Donald Trump on Friday signed legislation that could kick Chinese companies off of US exchanges unless American regulators can review their financial audits, a move likely to further escalate tensions between the two countries.

The measure, which could affect corporate giants like Alibaba Group Holding Ltd. and Baidu Inc., serves as another parting shot at Beijing before Trump leaves office in January.

The president has long railed against China for what he calls unfair trading practices, and slapped tariffs on billions of dollars in imports. Reuters