Top executives at Texas-based software company SolarWinds, Microsoft and cybersecurity firms FireEye and CrowdStrike Holdings defended their conduct in breaches blamed on Russian hackers and sought to shift responsibility elsewhere in testimony to a U.S. Senate panel on Tuesday.
This report produced by Chris Dignam.
U.S. SENATOR MARK WARNER: "Preliminary indications suggest that the scope and scale of this incident are beyond any that we’ve confronted as a nation, and its implications are significant." Senator Mark Warner of the Select Committee on Intelligence on Tuesday chaired the panel's first hearing on the massive hack of U.S. government agencies and private companies that was discovered in December.
Top executives from Microsoft, CrowdStrike, FireEye and SolarWinds - whose software was hijacked to breach other companies - said the cyber attack was likely worse than previously thought.
BRAD SMITH: "This was an act of recklessness in my opinion." Microsoft President Brad Smith said the true scope of the hack is still unknown because most victims are not legally required to disclose information about it, and appealed for government help.
SMITH: "We do need to enhance the sharing of threat intelligence." But CrowdStrike CEO George Kurtz, whose cybersecurity firm is helping SolarWinds recover from the breach, turned the blame on Microsoft, calling its complicated architecture "antiquated." KURTZ: "The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network." Amazon Web Services was also invited to testify, but the company declined to attend the hearing, irking the senators on panel, including Florida's Marco Rubio.
The massive breach, which has widely been blamed on Russian hackers, is one of the worst hacks and U.S. intelligence failures on record, affecting at least nine federal agencies and more than 100 U.S. companies - including the four that participated in Tuesday's hearing.
