‘This is not ‘espionage as usual,’ even in the digital age.’

Microsoft president Brad Smith warned that the wide-ranging hack of the SolarWinds’ Orion IT software is “ongoing,” and that investigations reveal “an attack that is remarkable for its scope, sophistication and impact.” The breach targeted several US government agencies and is believed to have been carried out by Russian nation-state hackers.

Smith characterized the hack as “a moment of reckoning” and laid out in no uncertain terms just how large and how dangerous Microsoft believes the hack to be. It “represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” Smith argues.

He believes that it “is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency.” Though the post stops short of explicitly accusing Russia, the implication is very clear. “The weeks ahead will provide mounting and we believe indisputable evidence about the source of these recent attacks,” according to Smith.

To illustrate just how far-reaching the hack was, Smith included a map that used telemetry taken from Microsoft’s Defender Anti-Virus software to show people who had installed versions of the Orion software that contained malware from the hackers.

Microsoft has also been working this week to notify “more than 40 customers that the attackers targeted more precisely and compromised through additional and sophisticated measures,” according to Smith. Approximately 80 percent of those customers are located in the US, but Microsoft also identified victims in Canada, Mexico, Belgium, Spain, the UK, Israel, and the UAE. “It’s certain that the number and location of victims will keep growing,” Smith said.

Investigations into the hack are ongoing. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) issued a joint statement on Wednesday to say that they were coordinating a “whole-of-government response to this significant cyber incident.” And Smith warned that “we should all be prepared for stories about additional victims in the public sector and other enterprises and organizations.”

Earlier on Thursday, Reuters reported that Microsoft had been hacked as part of the breach and that “it also had its own products leveraged to further the attacks on others.” But Microsoft denied that claim in a statement to The Verge:

Microsoft has been responding to the hack since December 13th, including blocking versions of SolarWinds Orion that contained the malware. Microsoft and a coalition of tech companies also seized control a domain that played a key role in the SolarWinds breach, ZDNet reported.

SolarWinds has also taken the step of hiding a list of high-profile clients from its website, perhaps to protect them from negative publicity. The list included more than 425 of the companies on the Fortune 500.

As for Microsoft, Smith used his post to call for a more organized, communal response against cyberattacks, both at a government level and amongst private institutions. “We need a more effective national and global strategy to protect against cyberattacks,” he writes. Microsoft is also looking for “stronger steps to hold nation-states accountable for cyberattacks.”

Source: The Verge

GENEVA/COPENHAGEN (Reuters) - An international mission led by the World Health Organization (WHO) is expected to go to China in the first week of January to investigate the origins of the virus that sparked the COVID-19 pandemic, a member and diplomats told Reuters on Wednesday.

The United States, which has accused China of having hidden the outbreak’s extent, has called for a “transparent” WHO-led investigation and criticised its terms, which allowed Chinese scientists to do the first phase of preliminary research. China reported the first cases of a pneumonia of unknown cause in Wuhan, central China, to the WHO on Dec. 31 and closed a market where the novel coronavirus is believed to have emerged. Health ministers called on the WHO in May to identify the source of the virus and how it crossed the species barrier. Now a team of 12-15 international experts is finally preparing to go to Wuhan to examine evidence, including human and animal samples collected by Chinese researchers, and to build on their initial studies. Thea Fischer, a Danish member, said that the team would leave “just after New Year’s” for a six-week mission, including two weeks of quarantine on arrival.

“Phase 1 was supposed to be completed by now, according to the terms of reference, and we should have some results. If that’s what we get when we come to China...that would be fantastic. Then we are already in phase 2,” she told Reuters. Keith Hamilton, an expert at the World Organization for Animal Health (OIE) who will take part, told reporters on Tuesday: “I anticipate the mission will take place quite soon.” WHO spokesman Tarik Jasarevic said in an emailed reply to Reuters inquiry that the international team was working on logistical arrangements to travel to China as soon as possible. “We hope the team will be able to travel in January,” he said. A Western diplomat said that the team was expected to leave in early January, ahead of WHO’s executive board opening on Jan. 18, adding: “There is strong pressure on China and on WHO.” Hamilton said a similar but not identical virus was identified in a horseshoe bat, indicating that it was transmitted first to an animal, or intermediate host, before infecting humans. “When we are doing animal surveillance, it’s difficult, it’s rather like looking for a needle in a haystack,” he said. Peter Ben Embarek, the WHO’s top expert in animal diseases, said last month the mission would like to interview market workers about how they were infected with the virus. “There is nothing to indicate that it would be man-made,” he added. Chinese state media have suggested the virus existed abroad before it was discovered in Wuhan, citing its presence on imported frozen food packaging and scientific papers claiming it had been circulating in Europe last year. Some Western countries have voiced concern at the delay in sending international experts. One senior Western diplomat complained of a lack of transparency while experts were not on the ground talking to clinicians and researchers or inspecting lab samples. But another Western diplomat said that the mission was on a “good footing” and that the WHO had to accept China’s terms to secure access.

Source: Reuters

The UK’s Investigatory Powers Commissioner’s Office (IPSO) that oversees work of British intelligence agencies domestically and abroad has just unveiled a report into their activities through 2019.

The non-profit group Reprieve has signalled some concerns over work of the UK’s Secret Intelligence Service (SIS) or MI6 after a IPSO report revealed that the agency had failed to make it clear to the foreign secretary that a high-risk agent operating overseas “may have been involved in, or have contemplated ... serious criminality.”

The issue relates to a MI6 submission outlined in IPSO’s 2019 review, seeking to authorise activities of an unidentified agent under section 7 of the Intelligence Services Act, often called the “license to kill”. According to the report, MI6 identified that the SIS agent was at risk of being “involved in serious criminality overseas”.

The secret service did not encourage this conduct, the report said, and set out “some clear ‘red lines’” for the agent, meaning that his or her work would result in termination if they would be crossed.

However, the Commissioner’s Office noted in the report, six month after their original submission, that the MI6 asked the foreign minister – either Jeremy Hunt or Dominic Raab at that time – to renew the agent’s authorisation. According to their application, there was a serious possibility that the agent had actually engaged in criminal activity, but the intelligence agency did not make this transparent, IPSO said.

“Whilst the submission referred to SIS’s ‘red lines’ provided information about criminality that may have occurred and noted an increased risk in the case, it did not make expressly clear that SIS’s ‘red lines’ had probably been crossed.”

The office concluded that the MI6 submission “did not provide a comprehensive overview of available information”. In response, the agency “immediately” updated the Foreign & Commonwealth Office on the issue, the report added.

It is not clear whether the agent was granted a renewed authorisation from the Foreign Office in the end.

After the report into 2019 activities was unveiled this week, campaigners from Reprieve said that revelations like that and other controversies mentioned in the review showed that the UK government “urgently needs to get a grip on unchecked lawbreaking by agents”.

“While our intelligence agencies do a vital job, this report rings alarm bells in its account of agents run amok,” deputy director of Reprieve Dan Dolan told the Guardian.

Dolan also slammed the ministers from “rushing through legislation which places no clear limits on the crimes they [agents] can commit”.

According to the published review, the Secret Intelligence Service also asked the foreign office to approve two cases involving a “serious risk of torture” and seven more with “serious risk of cruel, inhuman or degrading treatment” back in 2019. It was not made clear though whether these requests have been granted a permission.

The Investigatory Powers Commissioner's Office is tasked with providing “independent oversight and authorisation” into the work of MI5 and MI6 services, as well as the Government Communications Headquarters intelligence office and police forces.

Source: Sputnik/Guardian