U.S. Internet Security Gap exploited by hacks, linked to Russia & China

U.S. lawmakers and security experts are concerned as foreign governments are staging cyberattacks using servers in the U.S., in an apparent effort to avoid detection by the National Security Agency- America’s principal cyberintelligence organization.

According to an analysis by the threat intelligence company DomainTools LLC, hackers employed U.S.-based computers from at least four service providers recently to mount their attack targeting servers running Microsoft Corp.’s widely used Exchange software.

Last week, Microsoft disclosed that the attack affected at least tens of thousands of customers and has been linked to China-based hackers. The Chinese Embassy in Washington on Tuesday didn’t directly address the charge that China was behind the Microsoft hack but they referred to earlier comments from Beijing in which the government said it “opposes and combats cyberattacks and cyber thefts in all forms.”

In the past few months, it is the second major suspected nation-state hack unearthed to have used U.S. servers as a launchpad. Russian hackers are suspected to have used U.S.-based cloud services to support key stages of their attack that leveraged a hack at SolarWinds Corp. In both cases, the hacks were disclosed by private-sector researchers, not the U.S. government.

The NSA is one of the main U.S. government organizations responsible for protecting the country in cyberspace. 

Former general counsel at the NSA, Glenn Gerstell said, “The combination of these two attacks definitely has pushed us to a tipping point in terms of the policymakers and the executive branch recognizing now that we need to do something.”

Cloud-computing systems run by Microsoft and Amazon.com Inc. were used by the SolarWinds hackers to launch their attacks.

Microsoft Corporate Vice President for customer security Tom Burt said “This is a sophisticated actor that apparently took the time to research legal authority. It knew that by operating from servers in the United States, it could evade some of the U.S. government’s best threat hunters.”

Joe Slowik, a researcher with DomainTools said that based on the internet addresses used, the hack emanated from lesser-known service providers such as DigitalOcean Inc., as well as servers in Hong Kong, the Netherlands, China, and other jurisdictions. According to the DomainTools analysis, about half the servers identified as connected to the Exchange hack were in the U.S. DigitalOcean refused to respond to messages seeking comment.

The Biden administration and Microsoft have organized the Senate Intelligence Committee to receive separate briefings this week on the Microsoft Exchange hack, a committee aide said.