Password123. That was pretty much all you needed in 2019 if you wanted to access the update server at SolarWinds, the network-management firm that was the victim of a massive cyber intrusion reportedly discovered only recently. That’s the latest according to Reuters, which updated the story it broke on Sunday.
Rewind: Some unknown person appears to have snuck an update into certain products from SolarWinds, and possibly as early as March. Reuters reported Tuesday that the firm was told in 2019 that it had left its update server considerably vulnerable to hackers — by leaving the password as “solarwinds123.” That backdoor through the update server allowed hackers to steal information like emails and across multiple federal agencies. The list of known victims so far includes the U.S. Treasury, Commerce and Homeland Security Departments.
The Senate on Tuesday received a “classified briefing on Russia’s cyberattack [that] left me deeply alarmed, in fact downright scared,” Sen. Richard Blumenthal, Democrat from Connecticut, tweeted Tuesday evening.
Russia is apparently responsible for an “information warfare” attack on Poland designed to put them at odds with Lithuania, the Polish government insists today. The Lithuanian Foreign Ministry called it “a complex cyber-information attack.”
How did it work? A fake press release published last week that appeared to come from Lithuania’s border guards alleged “a Polish diplomat was caught smuggling narcotics, firearms, explosives and extremist materials into Lithuania,” the Associated Press reports. A fake Facebook account spread the fake news, too. More here.
Also: Russian and French forces were caught fighting a disinformation battle with each other on a small corner of Facebook. Ben Nimmo of the digital forensics firm Graphika explains what happened there in a Twitter thread, here.
One more cyber thing: Allegedly unsophisticated Iranian hackers are targeting Israeli software firms and they’re actually having surprisingly good success, Haaretz reports.
On tactics: “[T]he current assessment is that they managed to penetrate the Israeli systems with the help of some remote access service - very likely a VPN, or virtual private network - and then used open-code software available for free online to actually break into the systems,” Haaretz writes, adding, “This bodes poorly for Israel.”
From Defense One
Defense One Radio, Ep. 82 // Defense One Staff: NATO Secretary General Jens Stoltenberg in conversation with Kevin Baron.
Will COVID Finally Force Us to Think Differently About National Security? // Kevin Bilms: The “softer” approaches of irregular war offer outsized benefits during competition and armed conflict alike.
Sweeping Hack Gives Biden a Mandate to Reorient America’s Cyber Strategy // Bonnie Kristian: It’s long past time to wrest the focus from offense back to defense.
How Science Beat the Virus / Ed Yong, The Atlantic: And what it lost in the process.
Welcome to this Wednesday edition of The D Brief from Ben Watson. Send us tips from your community right here. And if you’re not already subscribed to The D Brief, you can do that here. On this day in 1907, U.S. President Theodore Roosevelt sent 16 battleships of the Navy — along with 14,000 sailors and marines — on a trip around the world showcasing America’s blue-water capabilities, and showcasing them to the powerful Japanese navy, in particular. Said POTUS26: "I want all failures, blunders and shortcomings to be made apparent in time of peace and not in time of war." The ships’ hulls were all painted white, which lent the group its “Great White Fleet” nickname. This ambitious trip around the world, which involved dodging a cholera epidemic in Manilla as well as surviving a harrowing typhoon near the South China Sea, would take more than 14 months to complete.
Russia just tested another anti-satellite missile, U.S. Space Command said today. It was a ground-launched “direct-ascent” missile, as distinct from a space-based one, the command said. Fox has a bit more here.
One big problem with these tests? The likelihood of sending deadly debris into orbit, as we explained in our “War in space” podcast from March.
Top U.S. military officials are making four public appearances today. Those include Space Force’s Lt. Gen. Nina Armagno and Lt. Gen. John Thompson; Armagno speaks at a virtual Washington Space Business Roundtable event scheduled for noon ET; and Thompson speaks at TechCrunch's Space 2020 virtual event, which begins at 2 p.m.
The Navy’s James “Hondo” Geurts talks about technology and the future in an event today with the Atlantic Council. That’s at noon, ET, and you can read more about it, here.
And the Army’s Maj. Gen. John George talks about modernization and technology in a 2 p.m. virtual Heritage Foundation event. More here.
Senators today are looking into alleged “irregularities” from the November election with a 10 a.m. ET hearing at the Homeland Security and Governmental Affairs Committee. No evidence of widespread irregularities has yet come to light, despite dozens of lawsuits filed on behalf of Trump and his campaign.
Attending: Chris Krebs, the fired former director of the Cybersecurity and Infrastructure Security Agency. He’s one of six witnesses who’ve been called to testify before the GOP-chaired committee — and the only one expected to highlight the lack of evidence of widespread fraud, Just Security reports. Watch it on C-SPAN, here.
And in the afternoon, Hong Kong refugees will be the focus of the Senate’s Judiciary Subcommittee on Border Security and Immigration. Find that on C-SPAN at 2 p.m. ET, here.
Iran deal redux? It’s certainly too soon to know what will happen, but Germany, France and Britain all want Iran to come back to the nuclear negotiating table in the coming months, AP reports from Berlin.
Tehran is in no rush to change its strategy, Iran’s Supreme Leader Ayatollah Ali Khamenei said today. More from Reuters, here.
The U.S. Marine Corps is teaching chess to grunts. The game will be added to the West Coast basic infantry course as part of a larger rethinking aimed at building Marines “adept in ground weaponry that can tackle the higher-end threats they will face on the dispersed battlefields of the future,” U.S. Naval Institute News reported Tuesday.
Another private American company just sent a rocket into space. The company is called Astra, and it “was incorporated just over four years ago in October 2016," NBC News reports. The firm "has raised about $100 million to date, from investors including Advance (the investment arm of the family of the late billionaire S.I. Newhouse), ACME Capital, Airbus Ventures, Canaan Partners and Salesforce founder Marc Benioff."
Its rocket "stands about 40 feet tall, putting it in the category of small launch vehicles," NBC writes. And that's a pretty stark contrast from SpaceX's Falcon 9, "which stands at 230 feet tall and can carry up to 22,800 kilograms to low Earth orbit." Read more about Astra’s skeleton launch crew, as well as its planned pricing package, designed to compete with more established firms like Rocket Lab, here.
And finally today: Walmart says robot trucks will help with deliveries next year, The Verge reported Tuesday. Operations are expected to begin in Arkansas and with the help of a company called Gatik. The vehicles have so far travelled 70,000 miles in tests without a driver. Read on, here.