Russians outsmarted DHS cyberattack detection program in hack ...

Bill Whitaker reports on how Russian spies used a popular piece of software to unleash a virus that spread to 18,000 government and private computer networks.President Biden inherited a lot of intractable problems, but perhaps none is as disruptive as the cyber war between the United States and Russia simmering largely under the radar. Last March, with the coronavirus spreading uncontrollably across the United States, Russian cyber soldiers released their own contagion by sabotaging a tiny piece of computer code buried in a popular piece of software called "SolarWinds." The hidden virus spread to 18,000 government and private computer networks by way of one of those software updates we all take for granted. What this attacker did was identify network management software from a company called SolarWinds. Bill Whitaker: Is it still going on?Brad Smith: Almost certainly, these attacks are continuing.The world still might not know about the hack if not for FireEye, a three-and-a-half billion dollar cybersecurity company run by Kevin Mandia, a former Air Force intelligence officer.Kevin Mandia: I can tell you this, if we didn't do investigations for a living, we wouldn't have found this. But we do know this: It is in the wrong hands.And Microsoft's Brad Smith told us it's almost certain the hackers created additional backdoors and spread to other networks.The revelation this past December came at a fraught time in the U.S. President Trump was disputing the election, and tweeted China might be responsible for the hack. But it can't run with confidence if major governments are disrupting and attacking the software supply chain in this way.Bill Whitaker: That almost sounds like you think that they went in to foment chaos?Brad Smith: What we are seeing is the first use of this supply chain disruption tactic against the United States. NotPetya, a 2017 attack by the GRU, Russia's military spy agency, used the same tactics as the SolarWinds attack, sabotaging a widely-used piece of software to break into thousands of Ukraine's networks, but instead of spying - it ordered devices to self-destruct.Brad Smith: It literally damaged more than 10% of that nation's computers in a single day. Because it's only a stone's throw from a computer network attack.Chris Inglis spent 28 years commanding the nation's best cyber warriors at the National Security Agency – seven as its deputy director – and now sits on the Cyberspace Solarium Commission – created by Congress to come up with new ideas to defend our digital domain.Bill Whitaker: Why didn't the government detect this?Chris Inglis: The government is not looking on private sector networks. And the only way you'll have absolute confidence that you've gotten rid of it is to get rid of the hardware, to get rid of the systems.Bill Whitaker: Wow. So unless you get rid of all the computers and all the computer networks, you will not be sure that you have gotten this out of the systems.Chris Inglis: You will not be.Jon Miller: We've never been left with a breach like that before where we know months into it that we're only looking at the tip of the iceberg.