New Delhi, Delhi, India

The United States government has suffered a major hack last night in which 12 federal agencies and 18,000 users have been compromised.

Advertisment

However, the breach is far more serious than what many had imagined as the US nuclear weapons agency was hacked too.

The American Energy Department and the American national nuclear security administration were hit by a cyber attack. The significance of these two being hit is that these agencies maintain America's nuclear stockpile.

The US Energy Department has issued a statement claiming the hack didn't affect "mission-essential national security functions." This means that America's nukes are safe, but it also underlines the fact that they are also vulnerable and this cyber attack is proof.

Advertisment

Have a look| SolarWinds compromised: How hackers attacked software used by US government departments

It has hit the highest offices and departments in America such as the US State Department, the department of homeland security, the Pentagon and now the US Nuclear Weapons Agency.

Hackers targeted the highest levels of American government; they were all compromised.

Advertisment

American investigators are blaming Russia for the hack but the bigger question that arises here is how did the hackers break the American government firewalls?

Also read| Microsoft says it found malicious software in its systems

The hackers made move way back in March which went on for months. They broke into Solarwinds which is a Texas-based IT management company. It serves several government agencies and many private companies that are on the Fortune 500 list. Microsoft, too, was targetted in this breach and some of its products were reportedly used to attack the victims.

How did the hackers get in?

The hackers corrupted the code of the SolarWinds software. So, when the company sent software updates to government systems — similar to ones people receive on phones and computers. As a result, 18,000 people downloaded a corrupted update and the update exposed their systems.

Microsoft's breach had a similar pattern. It has identified 40 victims which includes government agencies, companies and think tanks. Nearly half of them are private technology companies.

"This latest cyber-assault is effectively an attack on the united states and its government and other critical institutions, including security firms," Microsoft said in a statement.

American investigators say the hackers had access to government emails and systems for months. It is still not clear how many emails or other systems they accessed.

American has for long self-patted their backs and claimed to be the world leader in technology. However, this breach has come as an embarrassment for America as the superpower seems to have failed to protect its own digital infrastructure and the top levels of its government.

It not only failed to prevent the attack, but it also failed to detect the attack as the cyberattack was not discovered by government officials, but by a private firm called FireEye. This is a private cybersecurity firm which was the first to raise the red flag because this company too was breached.

A report describes FireEye as the "First call for government agencies and companies around the world" when they fear they have been attacked. This time, however, FireEye itself was breached.

With this was the level of sophistication, the goal of the hackers seems to have been espionage.

The United States hasn't officially blamed Russia yet but investigators have found Russian fingerprints all over this breach. Moscow, however, as always is rejecting the charge.

Cyber tools that have never been seen before were used in this attack which raises concerns about the extent and the depth of this hacking because if they were able to go undetected for months, they could have potentially used their access to shut down systems, corrupt or even destroy data.