It’s been a bad few days for the Internet. Google, Amazon, security firm FireEye, and several federal agencies — like the Department of Commerce — have all suffered major incidents or outages recently.
The government attack, involving widely-used management software named Solar Winds, gave hackers access to critical U.S. systems for at least nine months. Some news outlets are blaming a Russian-based crime gang for that attack.
Researchers have not tied these incidents together. After all, all these entities are under attack, and bandwidth pressure, all the time. But it’s hard not to imagine something serious is happening.
First thing Monday morning, exhausted teachers up and down the east coast cried for mercy as a widespread Google outage hampered virtual learning. Google Docs, Google Classroom, Slides, and many other vital Google school tools were knocked offline at around 7 a.m. Service was mainly restored after about an hour, Google said.
Google’s outage impacted a wide variety of products, including YouTube, Gmail, Google Drive, and even some Internet of Things gadgets.
I’m sitting here in the dark in my toddler’s room because the light is controlled by Home. Rethinking… a lot right now.
The stunning Monday-morning incident comes on the heels of reports on Sunday from the Washington Post and Reuters that computers at the US Treasury Department and the US Department of Commerce’s National Telecommunications and Information Administration (NTIA) had been infiltrated. The Post story blamed a group known as Cozy Bear, a Russian-based crime gang accused of hacking the White House and the Pentagon in the past.
The alleged CozyBear attack has security professionals reeling because it involved “poisoning” software known as Solar Winds, which is in widespread use by U.S. government agencies and other organizations. Criminals were able to sneak a Trojan horse into a Solar Winds software update back in March, according to FireEye, which called the attack “highly evasive.” Then, as IT departments updated their software, they were unwittingly creating a backdoor that criminals could use to access secret government files.
The problem goes beyond Uncle Sam, however. On Solar Winds’ website, the firm says that 425 of the Fortune 500 companies use its software. So do hundreds of colleges. That page also notes that all five branches of the U.S. military, as well as the office of the President of the United States, uses Solar Wind.
In an announcement on its website, Solar Winds blamed the attack on state-sponsored hackers, but didn’t specify Russians.
“We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack,” the firm said.
FireEye, the security firm, itself said it was hacked last week, with criminals stealing critical penetration testing tools the firm uses to test security at large organizations. In the wrong hands, those tools would be powerful weapons for criminal hackers. It was not immediately clear if the FireEye incident was related to the Solar Winds incident.
Because the SolarWindws attack had been ongoing for many months, and the criminals behind it almost certainly preferred to maintain a low-profile so they could extract the maximum value out of their targets, there is no immediate reason to connect the Google outage and the government attacks.
Still, the timing is curious, and Google offered little information about its incident. The firm posted on a Gmail service dashboard that it was aware of the incident at 6:55 a.m. ET, then said Gmail service had been restored by 7:52 a.m. YouTube separately acknowledged the incident on Twitter. As of mid-morning on Monday, there was no company-wide statement about the nature of the outage.
The Google incident — which reminded users around the world just how much they rely on Google — evoked a similar reaction to the Amazon Web Services outage that hit consumers in late November. That incident took down everything from doorbells to robot vacuums. Amazon later blamed the outage on an upgrade that went sideways.
While ill-timed for teachers, the Google attack— and the earlier Amazon outage — were short-lived, ultimately not much more than a nuisance for consumers. The FireEye theft and Solar Winds compromises will have far more wide-ranging consequences. Follow Kim Zetter throughout the day for the broadest perspective on that.