Forget Russia: Did the CIA Get Caught Using a Global Spy Network?

Perhaps the most extensive cybersecurity threat was revealed to the public this week, and the CIA may have been behind it.

Nation States and large corporations have been scrambling to secure their network infrastructure after what may be the most widespread cyberattack in history was revealed last Sunday. The revelation shook the world when it was revealed that almost every branch of the Federal Government is currently affected by a highly sophisticated networking hack deployed in March of this year.

Blame was immediately directed at Russia with most mainstream media reports naming the Kremlin as the prime suspect of the unprecedented ‘attack.’ News articles have been rife with anonymous “officials familiar to the matter” pointing at Russia while presenting no evidence besides the fact that Putin’s regime is assumed to have the capability of executing a hack of this magnitude.

The Russians quickly responded to the allegation releasing a statement which denies their involvement, although no reasonable person would expect them to claim responsibility had they been involved.

The first legitimate allegation publically made by a government official came on Friday when the former Director of the Central Intelligence Agency (CIA) and now current Secretary of State Mike Pompeo said in a radio podcast that “we can say pretty clearly that it was the Russians that engaged in this activity.” Mainstream media jumped all over the disclosure, possibly publishing more stories of Pompeo’s Russian allegation than the scant coverage of the actual hack.

Although major news outlets are touting that Russia is responsible with the same fervency as they had for the “collusion” scandal following the 2016 election, some conservative corners have been eyeing China as a potential culprit.

China does appear to be a better suspect than Russia. The Chinese Communist Party (CCP) is dramatically outpacing the Kremlin in nearly all aspects including technologically, economically, influentially, and they have an observably greater desire to exert control over the American Government.

From a technological perspective, it is China that just completed a successful space-mission to the moon this week, having placed their golden-starred flag on its surface and delivered samples of the celestial soil safely back to earth. It is China who is quickly becoming a communications and technology powerhouse with Huawei rising globally on the back of massive infrastructure contracts.

Compared economically to Russia which has a meager gross domestic product barely surpassing that of Mexico, China is the undisputed champion with a GDP that is exponentially larger, ten-times more to be precise. China is also America’s greatest competitor having global economic growth that is outpacing our own, and if the trend continues, is poised to overtake the U.S. to become the world’s largest economy within a decade.

Let’s not forget the burgeoning evidence that the CCP has maintained an active physical presence within positions of power in the U.S. government and corporations around the globe. Certainly, when capability and motive are the only considerations between the two, the Peoples Republic of China should be the prime suspect.

But misinformation can be prevalent, whether intentional or not. The meaningful accuracy of news content is sacrificed for the urgent desire to break a story. Media outlets compete having time constraints of mere minutes. To be the first to break a story can result in an exponential increase in monetization. Sensational claims and click-bait subjects rule the roost. Decrying Russia drives ad revenue while patient research rewards no one.

Even President Donald Trump, who is perhaps the most briefed person on this new cyber-threat, tweeted on Saturday: “The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”

You may have also read that the cyberattack has ‘targeted’ almost every branch of the Federal Government. A non-exhaustive list of affected U.S. agencies includes the Department of Homeland Security, the Treasury Department, the State Department, the Department of Commerce, the Department of Energy, the National Nuclear Security Administration, the National Institutes of Health, and even the Cybersecurity and Infrastructure Security Agency (CISA) – the organization tasked with defending against such intrusions.

A slew of private and public companies have fallen victim with up to 450 companies listed on the Fortune 500 index and the 10 biggest telecommunications companies in the United States. SolarWinds, the company whose networking software was used to distribute the hack, has disclosed that nearly 18,000 clients using their Orion software are now vulnerable.

To get to the crux of the matter, we need to split-hairs on what is actually taking place, and more importantly, what the “cyberattack” really is.

Let’s look at some details.

We know the vulnerability was manually inserted into a software-update distributed to computers running the SolarWinds Orion platform, a prominent networking and IT program used by large corporations and government agencies worldwide. The update file, residing on the SolarWind’s corporate server, had been modified to also include software which provides backdoor access for the hackers. This is reported to have taken place as early as March of this year. The update file was then distributed worldwide to every network operating the SolarWinds Orion software.

While sensational headlines and media reports have asserted that federal agencies were “targeted”, no actual evidence has been put forward to back the claims. The facts are that all networks using the Orion software platform were affected by the vulnerability, and we also don’t know who the intended targets were. Remember, the exploit was deployed worldwide, it was not limited to U.S. government agencies or companies.

Comparatively, think about it like this; if evidence emerged that an unknown nation-state had placed a backdoor into the update for Apple products giving the perpetrators access to all iPhones, why should it be immediately concluded that the U.S. government was the primary target while other nations around the world would also be affected? Indeed, why would you not consider the U.S. a possible suspect?

This recent cyber-threat has been described by security experts as requiring significant resources, years to execute and must be the product of a nation-state.

It was disclosed yesterday that the SolarWinds update files have been subjected to exploitation by ‘hackers’ since October 2019 who, at the time, were patiently testing and monitoring their exploit before implementing the ‘backdoor’ application in March.

Keep in mind that the vulnerability was designed to only be effective for the those who created it. This means that the group or agency which implemented the hack can wield it for their own clandestine purposes while having no risk of intrusion themselves as they alone hold the key.

The national news media has reported, through anonymous sources, that Russia is likely behind the hack because it shares ‘similarities’ to past suspected cyberattacks attributed to the Kremlin. But cybersecurity experts who are actively working to untangle the current threat are reporting that this hack demonstrates highly advanced and novel methods never witnessed before.

When evidence of the hack was first announced on Dec. 8 by FireEye, the cybersecurity company that discovered it, the CEO Kevin Mandia described it saying: “Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.“

Although claims by the media does not fit well with the facts, there is something which has been consistent in the reporting; the SolarWinds hack is extraordinarily extensive while demonstrating a superior complexity that only a highly advanced nation-state with established clandestine operations can achieve.

If you were to ask which organization has the most well funded, far-reaching, and technologically advanced espionage program that also has direct access to globally deployed American software, the answer would easily be the Central Intelligence Agency of the United States of America.

Make a list of powerful clandestine organizations capable of this exploit and rank them by sheer power and access to SolarWinds software. Who’s at the top of your list?

The motive is there. The exploit provides what has been referred to as “God Mode” administrative privileges into every compromised system – they only need to ping their target. A backdoor into all networks using SolarWinds Orion software would provide the CIA with access to the servers of competing nation-states worldwide.

It is possible that FireEye has unwittingly exposed an effective tool which had been implemented by our government – not some nefarious overseas actor.

And if that’s the case, perhaps the revelation and exposure is for the best.

But here we are. Our former CIA director is pointing his finger at the Kremlin, our lawmakers are calling for Russian reprisals, and the media is actively publishing headlines proclaiming the hack to be an “act of war”.

Meanwhile, our President nonchalantly makes light of the situation and says China, maybe.

© 2023 Enfield Media Group LLC - All Rights Reserved.