Connect with us

Hi, what are you looking for?


Network Security

Despite Hacks, US Not Seeking Widened Domestic Surveillance

The Biden administration is not planning to step up government surveillance of the U.S. internet even as state-backed foreign hackers and cybercriminals increasingly use it to evade detection, a senior administration official said Friday.

The Biden administration is not planning to step up government surveillance of the U.S. internet even as state-backed foreign hackers and cybercriminals increasingly use it to evade detection, a senior administration official said Friday.

The official said the administration, mindful of the privacy and civil liberties implications that could arise, is not currently seeking additional authority to monitor U.S.-based networks. Instead, the administration will focus on tighter partnerships and improved information-sharing with the private-sector companies that already have broad visibility into the domestic internet, said the official, who spoke to reporters on condition of anonymity.

The comment was an acknowledgement of the fraught political debate surrounding domestic government surveillance — nearly eight years after former National Security Agency contractor Edward Snowden triggered a scandal with leaked agency documents — and a recognition of the challenges in balancing the growing cyber defense imperative against privacy concerns that come with stepped-up monitoring.

Foreign state hackers are increasingly using U.S.-based virtual private networks, or VPNs, to evade detection by U.S. intelligence agencies, who are legally constrained from monitoring domestic infrastructure.

In the crucial second stage of the SolarWinds hacking campaign, for instance, the suspected Russian intelligence operatives used U.S.-based VPNs to siphon off data through backdoors in victims’ networks, establishing an account that made it seem like they were in the U.S.

That hack detected in December compromised at least nine federal agencies, and exposed “significant gaps in modernization and in technology of cybersecurity across the federal government,” the official said. Dozens of private-sector companies were also hit, the telecommunications and software sector most heavily.

The U.S. is also addressing a separate, far more widespread and indiscriminate hack that cyber sleuths blame on China and which became a global crisis last week.

Advertisement. Scroll to continue reading.

It has exposed tens of thousands of servers running Microsoft’s Exchange email program to intrusion. Though Microsoft has patched the vulnerability, affected server owners had only a “short window” to get vulnerable servers fixed, the official said. Criminal and state-backed hackers seeking to exploit the underlying flaw are apt to cause more havoc, the administration says.

The official said President Joe Biden has been briefed on the incident, and private-sector cybersecurity sleuths were brought in to confer with White House officials on a response.

When it comes to the pursuit of new surveillance or monitoring authorities, the official described the administration’s posture as “not yet, not now.” The official said the administration is committed at the moment to improving the flow of information with cloud providers and private companies who have good visibility into U.S. networks but aren’t bound by the same government constraints.

Predictions from the cybersecurity community were proving correct, meanwhile, that ransomware attacks leveraging compromised Exchange servers would be inevitable given the scope of the hack.

Microsoft said it has detected a new family of ransomware, dubbed DearCry, exploiting the compromises. Ransomware expert Brett Callow of the cybersecurity firm Emsisoft said the website ID Ransomware had so far received six submissions of the malware — from victims in the United States, Australia, Austria, Canada and Denmark.

Microsoft said in a tweet that it was blocking the ransomware, but, said Callow, “That’ll not necessary stop attacks.” Antivirus products detect and block a lot of known ransomware — but hackers often disable those products prior to deployment, he said.

The global ransomware scourge — primarily the work of Russian-speaking and North Korean cybercriminals — has cost businesses, local governments, health care providers and even K-12 school districts tens of billions of dollars in the past few years.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...