Smith stressed that such movement was not due to programming errors on Microsoft’s part but on poor configurations and other controls on the customer’s part, including cases “where the keys to the safe and the car were left out in the open”. At many of the victims, the hackers manipulated those programs to access new areas inside their targets. Microsoft disclosed last week that the hackers had been able to read the company’s closely guarded source code for how its programs authenticate users. This is the largest and most sophisticated sort of operation that we have seen Brad Smith Smith said many techniques used by the hackers have not come to light and that the attacker might have used up to a dozen different means of getting into victim networks during the past year.
“It’s a little bit like a burglar who wants to break into a single apartment but manages to turn off the alarm system for every home and every building in the entire city,” he added. It puts the entire world at greater risk.” “To disrupt or tamper with that kind of software is to in effect tamper with the digital equivalent of our public health service. “The world relies on the patching and updating of software for everything,” Smith said.
SolarWinds functions as a network monitoring software, working deep in the infrastructure of information technology systems to identify and patch problems, and provides an essential service for companies around the world. Smith said the hacking operation’s success was due to its ability to penetrate systems through routine processes. “This is the largest and most sophisticated sort of operation that we have seen,” Smith told senators. Brad Smith, the Microsoft president, said its researchers believed “at least 1,000 very skilled, very capable engineers” worked on the SolarWinds hack.