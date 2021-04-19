Codecov hackers breached hundreds of restricted customer sites: sources

FILE PHOTO: Man holds laptop computer as cyber code is projected on him in this illustration picture
Joseph Menn and Raphael Satter
·3 min read

By Joseph Menn and Raphael Satter

SAN FRANCISCO (Reuters) - Hackers who tampered with a software development tool from a company called Codecov used that program to gain restricted access to hundreds of networks belonging to the San Francisco firm's customers, investigators told Reuters.

Codecov makes software auditing tools that allow developers to see how thoroughly their own code is being tested, a process that can give the tool access to stored credentials for various internal software accounts.

The attackers used automation to rapidly copy those credentials and raid additional resources, the investigators said, expanding the breach beyond the initial disclosure by Codecov on Thursday.

The hackers put extra effort into using Codecov to get inside other makers of software development programs, as well as companies that themselves provide many customers with technology services, including IBM, one of the investigators said on condition of anonymity.

The person said both methods would allow the hackers to potentially gain credentials for thousands of other restricted systems.

IBM and other companies said that their code had not been altered, but did not address whether access credentials to their systems had been taken.

"We are investigating the reported Codecov incident and have thus far found no modifications of code involving clients or IBM," an IBM spokeswoman said.

The FBI's San Francisco office is investigating the compromises, and dozens of likely victims were notified on Monday. Private security companies were already beginning to respond to assist multiple clients, employees said.

Codecov did not respond to Reuters' request for comment on Monday.

Security experts involved in the case said the scale of the attack and the skills needed compared to last year's SolarWinds attack. The compromise of that company's widely used network management program led hackers inside nine U.S. government agencies and about 100 private companies.

It is unclear who is behind the latest breach or if they are working for a national government, as was the case with SolarWinds.

Others among Codecov's 19,000 customers, including big tech services provider Hewlett Packard Enterprise, said they were still trying to determine if they or their customers had been hurt.

"HPE has a dedicated team of professionals investigating this matter, and customers should rest assured we will keep them informed of any impacts and necessary remedies as soon as we know more," said HPE spokesman Adam Bauer.

Even Codecov users who had seen no evidence of hacking were taking the breach seriously, a corporate cybersecurity official told Reuters. He said his company was busy resetting its credentials and that his counterparts elsewhere were doing the same, as Codecov recommended.

Codecov earlier said hackers began tampering with its software on Jan. 31. It was only detected earlier this month when a customer raised concerns.

Codecov's website says its customers include consumer goods conglomerate Procter & Gamble Co, web hosting firm GoDaddy Inc, The Washington Post, and Australian software firm Atlassian Corporation PLC. Atlassian said it had not yet seen any impact nor signs of a compromise.

The Department of Homeland Security's cybersecurity arm and the FBI declined to comment.

(Reporting by Joseph Menn, Raphael Satter and Christopher Bing; Editing by Sam Holmes)

Recommended Stories

  • Geico admits fraudsters stole customers' driver's license numbers for months

    Geico, the second-largest auto insurer in the U.S., has fixed a security bug that let fraudsters steal customers' driver's license numbers from its website. In a data breach notice filed with the California attorney general's office, Geico said information gathered from other sources was used to "obtain unauthorized access to your driver’s license number through the online sales system on our website." The insurance giant did not say how many customers were affected by the breach but said the fraudsters accessed customer driver's license numbers between January 21 and March 1.

  • Idaho woman charged in ‘egregious’ case surrounding missing grandchild’s death

    Police say they found the child’s body in a car in Emmett.

  • These Illegal Baby Names That Have Been Banned Around the World

    In the United States, almost anything goes when it come to baby names. While parents have to deal with the joy and drama of choosing a baby name, taking into account the most popular baby names along with whether or not the rest of the family will hate it, very few names are actually forbidden.

  • 'Get out of my pub!': Landlord tells Starmer to leave during Bath walkabout

    The Labour leader was ordered to leave during a walkabout in the Somerset city.

  • George Floyd news: Jury retires in Chauvin trial as judge says Maxine Waters could overturn verdict

    Follow latest updates from the Hennepin County Courthouse

  • Trial gig with no social distancing to pilot reopening of UK live events

    The band will play to a crowd of 5,000 in Liverpool on 2 May in a trial event at Sefton Park — gaining admission with a negative coronavirus test.

  • U.S. House of Representatives approves cannabis banking bill

    The bill clarifies that proceeds from legitimate cannabis businesses would not be considered illegal and directs federal regulators to craft rules for how they would supervise such banking activity. Banks have generally been unwilling to do business with companies that sell marijuana or related products, fearing they could run afoul of federal laws. That has left companies in the marijuana industry with few options, including relying on just a handful of small financial institutions or doing business in cash.

  • Fort Hood unveils gate and plaque honoring Vanessa Guillén

    Fort Hood will be memorializing slain soldier Vanessa Guillén with a gate named in her honor, days before the anniversary of when she first went missing.

  • New 'Jeopardy!' guest host Anderson Cooper takes over, as Aaron Rodgers signs off

    The first of the CNN anchor's 10 episodes aired Monday.

  • In Pivotal Move, Sen. Manchin Announces Support For Pro-Union Legislation

    "I look forward to working with my colleagues, on both sides of the aisle, to move this bill through a legislative process," Manchin said

  • A man was split in two on Okeechobee Road in Miami-Dade. Do you know who he is?

    A man might’ve taken his own life on Okeechobee Road in Northwest Miami-Dade in January, but also might’ve given up his identity in the process.

  • Eighth horse dies at Santa Anita since the start of the season

    Multiplier, a 7-year-old gelding, became the second horse to die within two days of racing at Santa Anita after sustaining injuries in a race Sunday.

  • ‘Give back her socialist cash’: Democrats pushed to return campaign donations from Alexandria Ocasio-Cortez

    NRCC launches ‘Socialist Give Back’ website slamming those ‘bankrolled by radical socialist Alexandria Ocasio-Cortez’

  • Biden Choice for Justice Dept.'s No. 2 Is Seen as a Consensus Builder

    WASHINGTON — Lisa Monaco was President Barack Obama’s top counterterrorism adviser when she was handed an intractable problem: Fix the administration’s ineffective response to the kidnappings of Americans by Islamic State group fighters, which had prompted outcries from victims’ families, without changing the government’s refusal to make concessions to terrorists. Monaco quickly instituted a change, according to Matthew Olsen, a former director of the National Counterterrorism Center. She mandated that the families, who had been kept in the dark about the government’s restrictions and had even faced threats of prosecution should they pay ransoms themselves, be brought into the fold. Most had lost faith in the government, and she sought them out to ensure that a new hostage policy was fair and credible. “For the administration to realize it was not handling this right was a lot to Lisa’s credit,” said Diane Foley, whose son James Foley was the first American to be beheaded by the Islamic State in 2014. After Monaco’s team completed its review, the administration adopted a policy that included advising families of all their options and refraining from threats of prosecution. Obama acknowledged that the government should have treated them as “trusted partners.” Sign up for The Morning newsletter from the New York Times Now Monaco, 53, a veteran of national security roles, is poised to become the deputy attorney general — the Justice Department’s No. 2 official — where her ability to broker consensus on politically charged issues will quickly be tested. Among other matters, she is expected to be a key player in the Biden administration’s push to combat domestic extremism, embodied most publicly in the Justice Department’s investigation into the deadly Capitol attack on Jan. 6 by a pro-Donald Trump mob. Her experience with cyberissues will help give her office an influential voice as the Biden administration confronts threats from countries like Russia, which it penalized Thursday for hacking U.S. government agencies and companies and for interfering in the 2020 presidential election. Monaco will also work closely with Attorney General Merrick Garland to rebuild trust in the Justice Department after it became a target of Trump and his allies. Her resume makes her uniquely suited to tackle the department’s biggest issues, which include not only domestic extremism but also foreign cyberattacks, a sensitive investigation into Biden’s son and an open special inquiry into the roots of the Russia investigation. Monaco is also known for being careful to build support for her views. “Good ideas die all the time because people don’t go to the right congressman or Cabinet secretary and get buy-in,” said Ken Wainstein, who was Monaco’s predecessor as head of the Justice Department’s national security division. “That’s the kind of thing that Lisa is masterful at.” The Senate Judiciary Committee voiced unanimous support for her nomination last month, and a bipartisan coalition of senators is expected to confirm her in the coming days. The riot investigation is a major undertaking that will be part of Monaco’s purview, should she be confirmed. “After 9/11, a key challenge for FBI and Justice Department was protecting the country from foreign and foreign-influenced attackers while respecting privacy, civil rights and civil liberties,” said Jessie Liu, a partner at Skadden, Arps, Slate, Meagher & Flom and a former U.S. attorney in Washington. She worked briefly with Monaco when they were both prosecutors in the U.S. attorney’s office in Washington. “Today, they face a similar challenge as the department seeks to counter violent domestic extremism.” Investigators and prosecutors quickly charged more people after the Capitol breach than in any other investigation in department history, but they sometimes disagreed on aspects of the inquiry, including whether to approach the attack as a straightforward criminal investigation or a national security intelligence operation, what to do about pleas and how aggressively to charge rioters, according to two people with knowledge of the discussions. Monaco will not only referee internal disputes; she will also weigh in on consequential and potentially politically fraught decisions, like whether to charge rioters with sedition. Republicans could criticize such a charge as a way to target Trump’s supporters. Democrats, who often refer to the rioters as insurrectionists and domestic terrorists, could be angered if no sedition case is brought. Amplifying pressures on the department, Senate committees have held public hearings on the security failures leading up to the attack, and House Democrats have requested related intelligence from federal agencies and local law enforcement. A native of the Boston suburbs, Monaco graduated from Harvard University and the University of Chicago Law School before serving as counsel to Janet Reno, then the attorney general. She worked as a federal prosecutor in Washington and joined the Enron task force, helping lead the prosecution of five former Enron executives. The Enron case fast-tracked her career. In 2006, she worked as counselor and then chief of staff to the FBI director at the time, Robert Mueller. In 2011, she became head of the Justice Department’s national security division. Two years later, she went to the White House to serve as Obama’s top homeland security adviser, where she coordinated the administration’s response to threats like the Ebola outbreak in 2014 and the mass shooting in 2016 at the Pulse nightclub in Orlando, Florida, which was deemed an act of domestic terrorism. Monaco always had a knack for anticipating the next big threat, former colleagues said. During her time leading the department’s national security division, she initiated its effort to go after Chinese cyberthreats. That ultimately led to the 2014 indictment of five members of China’s People Liberation Army on charges of stealing proprietary information from U.S. Steel and other companies, in a case that has helped the government push back on China’s efforts to use stolen trade secrets and academic research to bolster its global standing. “We should be calling out and imposing costs against these malicious cyberactors,” Monaco said at a conference in 2018, noting that hackers in Iran, North Korea and Russia had taken aim at U.S. companies. “The Trump administration has basically kept that philosophy but accelerated it, and rightly so.” Monaco had ample opportunity to learn about navigating bureaucracy under Mueller, who faced pressure to prevent a major terrorist attack and to break up the FBI as the government’s failures leading up to the Sept. 11 attacks were revealed. Instead, he transformed it into an agency that served two missions: both its traditional role of investigating crimes and an intelligence-gathering function working with the intelligence community to thwart any attacks. “She was directly involved in the development and mobilization of every FBI initiative, ensuring that the bureau coordinated and integrated that work with the rest of the government, getting buy-in from main Justice and, when necessary, the White House and lawmakers,” Wainstein said. Monaco has a reputation for working and preparing relentlessly. She is even-tempered and exhibits a quiet, firm confidence, even under pressure, friends and former colleagues said. She does not raise her voice. Friends called her funny and warm and self-deprecating in the face of praise. When a fellow department alumnus took note of her remarkable career, she replied, “I’ve been very, very lucky.” As Obama’s homeland security adviser, she presided over decisions with difficult operational, policy and legal dimensions, and they often involved military action. A disagreement or a provocative question could derail hours of work, and it could be hard to get people back on track, former colleagues said. “She was a lawyer at a table with military leaders. She had to earn their respect and lead them toward the conclusion that was consistent with what the president wanted from the process,” Olsen said. “She was able to pull that off time and time again.” “Her trial lawyer experience in D.C. superior court likely served her well,” Olsen said. “Not everything will go as planned. Your police officer won’t show up to testify, and you have to keep a poker face before the jury.” You manage your way through that “by keeping calm and appealing to people’s better natures. I’ve seen her do that in the Situation Room” at the White House, Olsen added. In 2013, the Boston Marathon bombing tested her skills and resolve. The attack happened in Monaco’s hometown as her brother stood among the crowd, cheering on the runners. Her knowledge of domestic extremism and the workings of the government, her work ethic and her ability to corral colleagues were crucial to helping the Obama administration respond, Olsen said. Reflecting on the Boston Marathon bombing, Sept. 11 and other national security challenges, Monaco warned in 2016 that “the terrorist threat has evolved, and it’s done so dramatically.” “It is broader, more diffuse and less predictable than at any time since 9/11,” she said at an event hosted by the Council on Foreign Relations. “Terrorism today is increasingly defined by small cells or lone actors, sometimes with little or no direct contact with terrorist organizations. Those people have succumbed to violent extremism.” This article originally appeared in The New York Times. © 2021 The New York Times Company

  • Federal ethics agency won’t certify Kanye West’s financial disclosures from failed presidential campaign

    ‘Birthday Party’ candidate claims exemption from listing Kim Kardashian’s assets, citing ‘no knowledge’ of them

  • President Biden doesn’t need to reinvent the wheel on infrastructure: Sen. John Thune

    Opposing View: If Joe Biden will work with Republicans, we can expand infrastructure and economic opportunity — instead of the federal government.

  • Police officer’s powerful TikTok message on Daunte Wright goes viral

    Officer Brian B says someone shouldn’t be doing a police job if they can shoot someone in heat of moment

  • Justice department files complaint against unproven Covid treatment promoted by Steve Bannon

    First scheme to be investigated under Covid-19 Consumer Protection Act

  • Secret Republican memo that ‘would burn down the internet’ revealed

    Republican lawmakers seek to modify Section 230 to rein in big technology firms

  • Kamala Harris turns road warrior for the Biden infrastructure and jobs plan

    Vice President Kamala Harris planned two stops in North Carolina to promote the multitrillion-dollar Biden agenda at a college and a buses plant.