Colorado Representative Says SolarWinds Hack Could Be 'Cyber Equivalent of Pearl Harbor'

A Democratic Colorado congressman compared the recent SolarWinds hack to one of the most infamous events in American history from nearly 80 years ago.

"The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor," Representative Jason Crow wrote in a tweet Friday.

"Our nation is under assault. This cyberattack could be the largest in our history. We don't yet know the extent of the damage, but we know that we weren't prepared & have our work cut out for us," he wrote in another tweet. "We can't wait for leadership, we need it now. @realdonaldtrump, where are you."

The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor.

— Rep. Jason Crow (@RepJasonCrow) December 18, 2020

Crow's comments come just a few days after news broke that software from SolarWinds Orion had been compromised, dating as far back as March. Orion is a platform used by a number of top governmental agencies and several Fortune 500 companies, and hackers were able to place malware in software updates that were downloaded by thousands of SolarWinds users.

The hack was discovered by FireEye, a cybersecurity company that uses SolarWinds Orion, after it published a detailed writeup of its own systems being infiltrated.

During an interview with Bloomberg, Charles Carmakal, senior vice president and chief technical officer at Mandiant, FireEye's incident response division, said: "We looked through 50,000 lines of source code, which we were able to determine there was a backdoor within SolarWinds."

In this photo, a computer hacker's silhouette stands in front of a green binary code background. Colorado Rep. Jason Crow compared the SolarWinds hack to the "cyber equivalent of Pearl Harbor." Bill Hinton/Getty

When asked about his comparison to Peal Harbor, Crow told Newsweek that as he was getting briefings and hearing more information about the hack, "it just kind of drew that comparison in my mind because we have been caught off guard."

"We knew that the potential was there but we one, have been caught off guard and number two, because we weren't prepared for it, the damage is very deep," he said. "I hope that this, like Pearl Harbor, wakes us up and is a call to arms to respond to this very deep threat to our country."

He continued: "This is very deep and very broad and potentially extremely damaging to our national security."

In a filing with the Securities and Exchange Commission (SEC), SolarWinds said that it "has been advised that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state, but [that] SolarWinds has not independently verified the identity of the attacker."

While the U.S. has not publicly accused any nation of being responsible for the attack, several people familiar to the incident told Reuters that Russia was suspected of orchestrating the attack.

In response, the Russian Embassy in Washington D.C. disputed the reports. In a Facebook post, the embassy wrote: "We declare responsibly: malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations. Russia does not conduct offensive operations in the cyber domain."

Several other cybersecurity experts, lawmakers and government officials have also made similar comments about the severity of the hack—including the Cybersecurity and Infrastructure Security Agency (CISA), and Theresa Payton, who served as the chief information officer overseeing IT operations under former President George W. Bush.

Newsweek reached out to SolarWinds for comment, but did not receive a response in time for publication.