The Cybersecurity and Infrastructure Agency (CISA) said hackers managed to gain access to the U.S. Department of the Treasury and Department of Commerce through a flaw in the SolarWinds Orion platform. The security breach allows an attacker to access network traffic management systems: According to CISA, the only known mitigation measure available as of this time is disconnecting affected devices.
Cybersecurity firm FireEye said the hackers inserted malicious code into legitimate updates for the SolarWinds software, enabling outside parties to access a target system remotely. The code was designed to not alert targets to any breach, with attackers going to significant lengths to blend into normal network activity.
FireEye added that the Federal Bureau of Investigation (FBI) is currently investigating the breach dating from the spring months. The firm has been in touch with the FBI, SolarWinds and other important stakeholders regarding the matter.
Meanwhile, SolarWinds exhorted customers to upgrade their Orion platform to a recent version. If they are unable to upgrade immediately, SolarWinds advised them to disable internet access to the platform and limit ports and connections to only the necessary ones. The firm released a security patch for the platform on Dec. 15, saying that the hacking "was likely the result of a highly sophisticated, targeted and manual supply chain attack." (Related: New York Times admitted in 2018 that Dominion voting machines are hackable.)
Two days before SolarWinds released a security patch, CISA issued a directive in response to the breach. The Dec. 13 Emergency Directive 21-01 calls on federal agencies to "immediately disconnect or power down SolarWinds Orion products" after checking their systems for any signs of compromise.
On the other hand, Dominion kept mum and did not respond to a request for comment and a voicemail The Epoch Times sent. The company has been in the spotlight in recent weeks because of its involvement in fraudulent election results: Dominion's election machines and systems are widespread in the country.
A number of cybersecurity specialists have come forward to raise issues regarding Dominion voting machines.
Cybersecurity expert Col. Phil Waldron, who was one of the witnesses President Donald Trump's legal team invited, is among these individuals. During a Nov. 30 hearing in Arizona, he warned the state's lawmakers that Dominion voting machines are vulnerable to onsite and offsite manipulation. Waldron also pointed out that the machines could be connected to the internet and "be hacked to manipulate votes." (Related: Forensic audit finds that security log files were deleted from all Dominion machines to hide vote switching.)
A later audit of Dominion's voting machines in Michigan found that its election software was "intentionally designed" to affect election results. Allied Security Operations Group performed the audit at the behest of Michigan plaintiff William Bailey, in support of his lawsuit against Antrim County. Bailey's complaint alleges that a "glitch" that caused votes for Trump to be counted for Democratic nominee Joe Biden may not have been the result of a human error.
Allied co-founder Russell Ramsland, Jr. reported that the Dominion system "intentionally generates an enormously high number of ballot errors." These erroneous ballots are then transferred to bulk adjudication "with no oversight, no transparency and no audit trail … [leading] to voter or election fraud. The audit by Ramsland and his team concluded that "the Dominion voting system should not be used in Michigan … [and] the results of Antrim County should not have been certified."
Learn more about the security issues in Dominion voting machines at VoteFraud.news.
Sources include: