Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

How FireEye Cybersecurity Company Discovered Major Government Systems Hack

MARY LOUISE KELLY, HOST:

You can be forgiven if you're having a hard time keeping track of all the players, all the twists and turns in the story of the vast cyberattack on American government and industry. To quickly review what we know, it seems Russia is behind it, though President Trump has suggested it might have been China. As the days have passed, the list of government agencies affected has grown and grown to include the Treasury Department, the State Department, the Energy Department and the National Nuclear Security Administration, the latter to maintain the nuclear stockpile.

I want to bring in Kevin Mandia. He is CEO of FireEye. FireEye is the cybersecurity company that sounded the alarm because it was the first to discover this massive breach. Kevin Mandia, welcome.

KEVIN MANDIA: Thank you very much for having me - appreciate it.

KELLY: We're glad to have you with us. Start with that discovery. What was that moment like when you're figuring out it's your company which has been hacked, which no company wants...

MANDIA: Yeah.

KELLY: ...But certainly not a cybersecurity company...

MANDIA: Right.

KELLY: ...And not just you - but that this might be really big. I mean, your heart must have just sank.

MANDIA: Well, you know, it's not something you welcome, you know? But at the same time frame, part of me expected it. If you wrote down the reasons why another nation might want to compromise FireEye, you can come up with some reasons. What we do is we track attackers. And quite frankly, we out them. We try to figure out, here's their fingerprints. Let's share those fingerprints with everybody so they can't get away with what they're doing.

In this incident early on, the briefing that I got upfront, there was enough operational security by the attacker that I knew it was professional. This wasn't the first rodeo for these attackers. In fact, they followed a tradecraft that the more I learned, the more this was a unit that's been operational for a decade or more. They knew what they were doing. They had novel techniques. So we turned over every rock, every stone, to figure out every bit of security-relevant data that we could find to figure out what happened.

KELLY: You said this is not these hackers' first rodeo.

MANDIA: Right.

KELLY: Who is behind this attack?

MANDIA: Well, you know, we're going to get it right. We're going to do the work to get it right. And, you know, there are a lot of folks talking about it. For me, it's definitely a nation. You're looking at somebody who's patient, professional. And in our full investigation, what made this interesting to me is I felt they were more interested in staying surreptitious and clandestine than they were about accomplishing their mission.

KELLY: You said this is a nation.

MANDIA: Yeah.

KELLY: What nations have this kind of capability?

MANDIA: Not a lot. You know, it's...

KELLY: What's the shortlist?

MANDIA: Yeah, it's very consistent with what Russia could do. There might be a group out of China that might be able to do it. And that's probably it.

KELLY: So what now? There's a statement from the FBI and the director...

MANDIA: Yeah.

KELLY: ...Of national intelligence and the cybersecurity arm of the Department of Homeland Security that says this breach is ongoing. What efforts are underway or should be underway right now to secure these networks?

MANDIA: Well, I think as folks are being, you know, notified or learning that they're compromised, they're going to have a lot of work to do. I think you step out of the immediate tactical of - you have to respond to the incident when you're a victim of it. It is an opportunity for the government, you know, with the new administration coming in, to start getting doctrine down. You have some folks saying this is an act of war, and you have others saying this is just an intelligence operation. And maybe it's somewhere in between those things.

But one thing that's definitely clear to me - the attackers have no idea what are the rules of engagement. And so what I've seen is 2020 has been about the hardest year, period, to be an information security officer at any company in the United States. It's time this nation comes up with some doctrine on what we expect nations' rules of engagement to be and what will our policy or proportional response be to folks who violate that doctrine because right now, there's absolutely an escalation in cyberspace. We're a nation losing billions of dollars to ransomware, and we are a nation that just had potentially one of the most successful cyber espionage campaigns ever done on it.

KELLY: Mr. Mandia, thank you.

MANDIA: Thank you very much.

KELLY: Kevin Mandia is CEO of the private cybersecurity firm FireEye, which sounded the alarm and which was itself among the companies breached. Transcript provided by NPR, Copyright NPR.