Among those who testified at the hearing was Sudhakar Ramakrishna, the new CEO of SolarWinds, who resumed weeks after the breach was discovered and has since removed the layers of the intrusion. He told the Senate committee that the code had been eradicated from the company’s products. But this is of little use to government agencies and businesses that have already been breached, because once hackers are inside their targeted computer networks, they are free to roam.
Mr Ramakrishna also said that SolarWinds still did not know how Russian hackers got into the software it was developing, integrating into it as early as fall 2019. Asked about the possibility that software tools created by JetBrains, which speed up code development and testing, was the way, Mr Ramakrishna said there was still no evidence. The New York Times reported in January that JetBrains was under investigation, but senior executives at the company, some of whom are Russian, said there was no evidence.
Mr Smith, who called for a “digital Geneva convention” that would begin to create standards prohibiting certain types of attacks, estimated that “at least a thousand highly skilled and capable engineers” were involved in the hacking .
“It was a reckless act, in my opinion,” he said, as it infected thousands of systems that the Russians had no interest in giving them access to only a few. “It was done in a very blind way.”
Mr Warner, Sen. Marco Rubio of Florida, the rank Republican on the committee, and others have repeatedly noted that Amazon – which runs the CIA’s network cloud services and looks for other contracts federal officials – was the only company that refused to send a senior executive. to explain its role in hacking. Amazon has not said anything publicly about what it knows about the command and control operation performed from its servers in the United States.
This is a critical question, as hackers seem to understand that US intelligence agencies do not have the right to examine network activity in the United States. Thus, by launching the attack inside US borders, they were taking advantage of national privacy protections to avoid detection.
Several senators said they were concerned that such a technique, once known, would be widely used by others. “The fundamental question is how did we miss this, and what are we still missing?” Mr. Rubio said.