DESPITE HACKS, U.S. NOT SEEKING WIDESPREAD DOMESTIC SURVEILLANCE
The Biden administration is not planning to step up surveillance of the US internet even as state-backed foreign hackers and cybercriminals increasingly use it to evade detection, a senior administration official said Friday, Eric Tucker and Frank Bajak reported for the Associated Press (AP).
The official said the administration, mindful of the privacy and civil liberties implications that could arise, is not currently seeking additional authority to monitor US-based networks. Instead, the administration will focus on tighter partnerships and improved information-sharing with the private-sector companies that already have broad visibility into the domestic internet, said the official, who spoke to reporters on condition of anonymity.
The comment was an acknowledgment of the fraught political debate surrounding domestic government surveillance — nearly eight years after former National Security Agency (NSA) contractor Edward Snowden triggered a scandal with leaked agency documents — and a recognition of the challenges in balancing the growing cyber defense imperative against privacy concerns that come with stepped-up monitoring.
Foreign state hackers are increasingly using US-based virtual private networks (VPNs), to evade detection by US intelligence agencies, who are legally constrained from monitoring domestic infrastructure. In the crucial second stage of the SolarWinds hacking campaign, for instance, the suspected Russian intelligence operatives used US-based VPNs to siphon off data through backdoors in victims’ networks, establishing an account that made it seem like they were in the US.
That hack detected in December compromised at least nine federal agencies, and exposed “significant gaps in modernization and in technology of cybersecurity across the federal government,” the official said. Dozens of private-sector companies were also hit, the telecommunications and software sector most heavily.
The US is also addressing a separate, far more widespread, and indiscriminate hack that cyber sleuths blame on China and which became a global crisis last week.