Ted S. Warren / AP, file
The Microsoft Corp. logo is displayed outside the Microsoft Visitor Center in Redmond, Wash. Microsoft is infusing generative AI tools into its Office software, including Word, Excel and Outlook emails. The company said Thursday, March 16, 2023 the new feature, named Copilot, is a processing engine that will allow users to do things like summarize long emails, draft stories in Word and animate slides in PowerPoint.
Sunday, March 19, 2023 | 2 a.m.
View more of the Sun's opinion section
Foreign aggression has many faces today and bitter wars — not all bloodless in the end — are fought in cyberspace. Enemies who seek to penetrate our computer systems are no different than enemies who spill over borders in hordes.
While the United States has proven adept at defending against foreign threats, over the past week, news of a major vulnerability in Microsoft Office and Outlook on Windows platforms has caused a great deal of concern among the world’s intelligence community, IT professionals and everyday users alike. Known as CVE-2023-23397, this vulnerability allows attackers to take control of a user’s computer simply by sending them an email.
We have not seen an attack like this before, as it requires no interaction on the part of the user to be successful. Once the email is received, malicious coding is immediately triggered, allowing attackers to authenticate themselves as the victim and have full access to any systems available to that user.
The exploit is known to have been used, and believed to have been created by, Russia’s GRU military hackers. It has been “in the wild” for almost a year already and the Russian military is believed to have used it to engage in multiple attacks against U.S. allies in Europe. Among the targets are government, logistics, energy, defense and transportation technology and infrastructure in Poland, Romania, Turkey and Ukraine.
Now that it has been identified, the exploit can be recognized and defended against. Microsoft has already issued a patch to safeguard Windows from new attacks using this approach. Only Windows systems have the vulnerability; Macs, Unix, iOS and Android systems are safe.
Because the Russians enjoyed a year of ready access to victims’ computers and associated networks, it remains unclear how much clean-up will be necessary and how many back doors or other malicious code the intruders might have installed while they had access. It’s also unclear what information was taken.
Microsoft announced that the vulnerability is known to have been used in “targeted attacks against a limited number of organizations in government, transportation, energy and military sectors in Europe.” Evidence also points to its use in a variety of ransomware attacks against businesses. At this juncture, it’s not known how many U.S. computers might have been compromised, but it’s naïve to believe U.S. computer systems were not targeted too.
Thus the disturbing central fact remains: Russian actors gained deep access to a wide variety of the world’s computers. This is an act of profound aggression and should be regarded as such.
The exploit was discovered by Ukraine’s renowned Computer Emergency Response Team, which immediately alerted the world to the threat.
Anyone in the United States who wonders about the value of having allies should take note because Ukraine just protected Americans from further attack. Thus, not only is Ukraine preventing Russia from taking over a chunk of Europe militarily, it quite literally just halted an ongoing cyber assault that jeopardized Americans, our allies and our national interest.
Valuable friends to have, indeed.
Last week, while news of Russia’s use of the CVE-2023-23397 vulnerability against us and our allies was being reported, Florida Gov. Ron DeSantis went on Fox News to declare that Russia’s invasion of Ukraine is nothing more than a “territorial dispute” that poses no threat or interest to U.S. national security.
Just hours later, U.S. Rep. Marjorie Taylor Greene, R-Ga., took to Twitter to decry U.S. support for the war in Ukraine, saying, “We’re paying for a war, a proxy war with Russia when I’ve never seen Putin show in any detail his plans to invade Europe. No one has shown me that.”
Only a shill would imply that Russian President Vladimir Putin has no plans to invade Europe while Putin is actively engaged in an invasion of a country in Europe.
The Putin fangirls and fanboys like Rep. Greene and Tucker Carlson should answer for their adoration in light of the discovery of this latest cybercrime by the Russians. And they should thank the Ukrainians for defending us.
Not only does Putin have plans to attack our NATO allies in Europe, he has been waging digital warfare for years. It is only because of our support of Ukraine that we are now aware of a vulnerability that could have endangered everyone in Europe and the United States.
It is past time for those Americans who defend Putin to face the truth that the Russian leader is an enemy to the entire free world and is focused on harming the United States. Those same players who imagine an America alone should also remember that last week, the value of good allies was proven yet again.
