'Sick, distracted and now under cyberattack': Ex-Trump security adviser sounds alarm on 'ongoing' Russian hack of US government
Russian President Vladimir Putin (Photo: Screen capture)

One of President Donald Trump's former national security advisers sounded the alarm about a grave new -- and ongoing -- threat to the United States.

Tom Bossert, who served under Trump and George W. Bush, published a column in the New York Times on the hack, apparently by the Russian intelligence agency SVR, of two tech companies that serve the U.S. federal government.

"At the worst possible time, when the United States is at its most vulnerable — during a presidential transition and a devastating public health crisis — the networks of the federal government and much of corporate America are compromised by a foreign nation," Bossert wrote. "We need to understand the scale and significance of what is happening."

The publicly traded tech company SolarWinds reported to the SEC that supply-chain malware was on its software from March to June, and as many as 18,000 organizations -- including most most federal government unclassified networks and more than 425 Fortune 500 companies -- downloaded the corrupted update and were potentially exposed to the hackers.

"The magnitude of this ongoing attack is hard to overstate," Bossert warned.

"The Russians have had access to a considerable number of important and sensitive networks for six to nine months," he wrote. "The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call 'persistent access,' meaning the ability to infiltrate and control networks in a way that is hard to detect or remove."

The hackers didn't have enough time to gain complete control over every network that was exposed, but they most certainly did for hundreds of them -- and Bossert said it could take years to understand the damage.

"The actual and perceived control of so many important networks could easily be used to undermine public and consumer trust in data, written communications and services," he wrote. "In the networks that the Russians control, they have the power to destroy or alter data, and impersonate legitimate people. Domestic and geopolitical tensions could escalate quite easily if they use their access for malign influence and misinformation — both hallmarks of Russian behavior."

The malicious code will be difficult to remove, and funding for that lengthy and complicated work is caught up in partisan bickering, but Bossert said Congress must act now -- and he called on the outgoing president to take action and for President-elect Joe Biden to start planning what he'll do to counter the hack.

"President Trump must get past his grievances about the election and govern for the remainder of his term. This moment requires unity, purpose and discipline," Bossert wrote. "An intrusion so brazen and of this size and scope cannot be tolerated by any sovereign nation."

"We are sick, distracted, and now under cyberattack," he added. "Leadership is essential."