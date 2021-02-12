The March 2020 attack by Russian cyber soldiers using malware that spread undetected to 18,000 private and U.S. government computer networks – including the agency that protects and transports the U.S. nuclear arsenal – is being called the largest, most sophisticated ever by the president of tech giant Microsoft. The company's president, Brad Smith, appears in Bill Whitaker's investigation into the unprecedented cyberattack on the next edition of 60 Minutes, Sunday, February 14, at 7 p.m. ET/PT on CBS.

The attack came through SolarWinds, a software company whose information technology software is used by organizations worldwide to connect, manage and monitor their computer networks. By the time Smith learned of its presence in Microsoft's network last November, it had already stolen proprietary material. How did a software giant like Microsoft not detect it? "I think that when you look at the sophistication of this attacker, there's an asymmetric advantage for somebody playing offense," says Smith. And the attackers had huge resources he says. "When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000."

"I think from a software engineering perspective, it's probably fair to say that this is the largest and most sophisticated attack the world has ever seen," Smith tells Whitaker.

"One of the really disconcerting aspects of this attack was the widespread and indiscriminate nature of it. What this attacker did was identify network management software from a company called SolarWinds. They installed malware into an update for a SolarWinds product. When that update went out to 18,000 organizations around the world, so did this malware," says the Microsoft president.

The Russians' attack was detected by FireEye, a cybersecurity firm. But detection doesn't mean the attack is over. "It's still ongoing," says John Miller, a former hacker who creates sophisticated cyber weapons for U.S. intelligence agencies. "New companies are getting breached. We'll see new companies breached today that weren't breached this morning. Where it's different in a lot of ways is normally when you catch someone in the act, they stop. That's not the case with this breach," says Miller.

He says the Russians have demonstrated they are able to compromise supply chains, the software that enables all the devices commonly used today such as phones, laptops and tablets. "Whether it's financial data, source code, the functionality of these products. They can take control." He says they could destroy whole networks if they wanted to. "The malware that they deployed off of SolarWinds, it didn't have the functionality in it to do that. But to do that is trivial. Couple dozen lines of code," Miller says.

The Russians spent months inside the computers of U.S. government agencies accessing email traffic. In addition to the National Nuclear Security Administration, the departments of Justice, Commerce, Treasury, Energy, the national labs, and the NIH were all reportedly affected. The Department of Homeland Security spent billions on a program called "Einstein" to detect cyberattacks on the government, but the Russians outsmarted it. They were able to launch their attacks from servers set up anonymously in the U.S. without fear of detection because the U.S. government cannot surveil America's private sector computer networks.

"That winds up making it more difficult for us," says Chris Inglis, a former deputy director of the National Security Agency who commanded cyber warriors. He says eradicating the malware from the systems takes a lot of time. Even then, he says, you can't be sure it's gone unless radical, astronomically expensive tactics are taken. "The only way you'll have absolute confidence that you've gotten rid of it is to get rid of the hardware, to get rid of the systems," he tells Whitaker.