It could take years to evict Russia from the US networks it hacked, leaving it free to destroy or tamper with data, ex-White House official warns
- Tom Bossert, a former homeland security advisor to President Trump, in a New York Times op-ed sounded the alarm about a recent Russian hack of US systems.
- "The Russians have had access to a considerable number of important and sensitive networks for six to nine months," he wrote.
- He said that it could take years to remove the hackers, and Russia could use its access to monitor or alter government data, and spread chaos.
- The hackers were able to install malware at US government agencies including the State Department and Department of Homeland Security by infiltrating SolarWinds computer software.
Russian hackers have likely seized control of hundreds of US federal government computer networks, and it could take years to work out how many and remove them, a former advisor to President Donald Trump has warned.
Tom Bossert in a New York Times op-ed Wednesday wrote that the "magnitude of this national security breach is hard to overstate."
Bossert was Trump's homeland security advisor from shortly after the 2016 election until April 2018. He previously served as a homeland security advisor to President George W. Bush.
He wrote: "The Russians have had access to a considerable number of important and sensitive networks for six to nine months." He said that Russia's foreign intelligence agency, the SVR, was likely behind the attack.
"While the Russians did not have the time to gain complete control over every network they hacked, they most certainly did gain it over hundreds of them," he wrote. "It will take years to know for certain which networks the Russians control and which ones they just occupy."
"The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated."
The Russian embassy in the US has denied that Russia is behind the attack.
Bossert goes on to describe how the hackers could exploit their access.
"The actual and perceived control of so many important networks could easily be used to undermine public and consumer trust in data, written communications and services," he writes.
"In the networks that the Russians control, they have the power to destroy or alter data, and impersonate legitimate people."
President-elect Joe Biden, as he prepares to take control of addressing the crisis, he wrote, "has to assume that communications about this matter are being read by Russia, and assume that any government data or email could be falsified."
The attacks were revealed last week by the Reuters news agency, which reported that the State Department the Department of Homeland Security were among the agencies compromised.
The Treasury and Commerce Department were also infiltrated by the hackers, as well as the National Institutes of Health and the Pentagon, according to reports.
Many private sector companies and organizations were also hit.
Bossert's op-ed is one of the starkest warnings yet by a former senior US government security official on the likely extent of the hack and the full damage it could inflict.
The hackers were able to gain acces to the computers through hacking software made by SolarWinds, a firm that provides remote-access capabilities to IT specialists working for hundreds of US government and corporate clients.
The Russian malware allowing it to access, monitor, and control compromised system, was hidden in a routine software update.
The Russian hackers are believed to have had access to US government computer systems since about March, according to The Washington Post, monitoring and potentially stealing sensitive information.
President Donald Trump has so far not commented on the attacks.