- U.S. senators questioned the technology companies involved in last year’s extensive cyber attacks.
- SolarWinds, Microsoft, FireEye and CrowdStrike all testified while Amazon refused to participate.
- Microsoft’s president said evidence points to Russia, where officials suspect the attack originated.
- Visit the Insider business section for more stories.
The U.S. Senate on Tuesday questioned the top executives of SolarWinds and other technology companies in a hearing after unknown attackers suspected of having links to Russia infiltrated the company’s software last year, compromising thousands of organizations, including major federal agencies.
SolarWinds participated in the hearing of FireEye, the cybersecurity company that discovered malware in December, as well as Microsoft, whose president, Brad Smith, was present during the procedure. CrowdStrike CEO George Kurtz also testified. His cybersecurity firm was apparently able to ward off the hackers.
During the hearing, Smith gave the strongest indication that the cyberattack originated in Russia, while Kurtz and FireEye CEO Kevin Mandia did not confirm or deny the origin of the attackers. But Mandia said the attack was in line with Russian behavior.
Several senators noted that Amazon ̵
The cyber attack began in March and was undetected for several months. SolarWinds told the Securities and Exchange Commission that about 18,000 of its 300,000 customers were targeted in the attack. Senior government data was left exposed – the Trump administration confirmed in December that hackers had in fact infiltrated important networks, including the US Treasury Department and the Department of Commerce.
Read more: Why the impact of the unprecedented SolarWinds hack that hit federal agencies is ‘gigantic’ and could harm thousands of businesses, according to cybersecurity experts
Fortune 500 companies – including Microsoft, AT&T and McDonald’s – were among SolarWinds’ vulnerable customer base. Microsoft has said that its products, including the Office 365 suite and the Azure cloud, were not used in the hack, but that they were targeted, with the attackers striking out with some of its source code. And FireEye researchers say hackers appear to be able to send emails and access calendars on Microsoft’s 365 suite.
Read more: Microsoft said its software and tools were not used ‘in any way’ in the SolarWinds attacks. New findings suggest a more complicated role
The White House has said it could respond to SolarWinds hackers in a matter of weeks, which could include sanctions against the Russian government.
Insider reported that Tuesday’s hearing was a crucial moment in the relationship between the US government and the cyber security world, namely in how the industry could help federal officials avert the nation state’s attacks in the future.
The live blog is now over. Below are some highlights from the three-hour hearing.
Senator Mark Warner said the committee invited Amazon to attend the hearing, but the company declined
Democratic Sen. Mark Warner of Virginia started the hearing, noting that Amazon rejected the Senate’s invitation to testify at Tuesday’s hearing. Florida Republican Senator Marco Rubio also touched on the company’s lack of participation, saying, “It would be most helpful in the future if they actually participated in these hearings.” Amazon did not immediately respond to Insider’s request for comment.
Collins said that if the tech giant did not decide to testify, the committee should “look at the next steps.” Republican Senator Ben Sasse of Nebraska and Warner also expressed concern about the company’s absence. The Senate committee is expected to upload additional documents in a few weeks.
Microsoft President Brad Smith said the full scope of the attack is still unfolding
In his introductory statement, Smith said there was much we still did not know about the scale of the cyber attack and that there needs to be a reform of the relationship between Silicon Valley’s cyber security arm and the federal government. He also said he believed Russia was behind the attack.
Mandia, FireEye’s CEO, used his opening statement to declare the attack “unusually difficult to detect” and later said it was a planned hack. “The question is, where’s it next? And where are we going to find it?” Said Mandia.
Smith says all evidence points to Russia
Smith said earlier that “at this time we have seen significant evidence pointing to the Russian foreign embassy and we have not seen any evidence pointing to anyone else.” He said in the hearing that more than 80% of the units targeted by the attack were non-governmental organizations.
Mandia and Kurtz, CrowdStrike’s CEO, agreed that the attacker was a nation-state player. But no executive said who they thought was behind it. Mandia said his firm analyzed forensics and found it was “most consistent with espionage and behavior we have seen out of Russia.”