by Andrew Eversden and Mark Pomerleau
WASHINGTON – The military and intelligence community is scrambling to conduct a daunting hunt across disconnected networks to assess potential damage from an extensive federal cybersecurity breach by suspected Russian hackers.
As it searches for lurkers, one complicating factor is that the cybersecurity arm of the Department of Homeland Security warned Thursday that hackers used other means to access government and business networks beyond a software platform from contractor SolarWinds, used by the Pentagon, the military and intelligence offices. That network management platform was "not the only initial infection vector," the Cybersecurity and Infrastructure Security Agency alert said.
…
Rick Pina, former chief technology officer of the Army, told C4ISRNET that officials would look for indicators of stolen data, newly created accounts with elevated privileges, or compromised accounts.
Officials are looking for "anything that we can capture that actually would provide a synopsis to senior leadership on … what happened," said Pina, now chief technical advisor for World Wide Technology.
Following a 2008 breach involving USB drives, Pina said that there were daily briefings to the defense secretary, the staff and service secretaries on the aftermath and steps to deal with it.
