“The U.S. Treasury and Commerce departments, along with untold numbers of government and corporate computer networks, have been breached in what may be an espionage attempt by the Russian government. (The Russians are, of course, denying responsibility.)
The avenue was reportedly a malicious software update pushed through SolarWinds Inc., an Austin-based network management company that counts both the federal government and hundreds of major U.S. companies among its clients. Essentially, the hackers slipped some malicious code into a software update; if you were on the infected networks that installed the update, this gave the hackers backdoor access to your data.”
…
“It’s worthwhile to consider these developments in the light of law enforcement’s efforts to weaken encryption protections. When officials insist that individuals should not have access to strong encryption unless the government can bypass those protections and access our data, they don’t acknowledge that police won’t be the only ones exploiting those back doors. Others with malicious intent, be they criminals or foreign governments (or both), will figure out how to get through too. It has happened before to our own very own government, as another country, possibly China, figured out how to access a cybersecurity bypass that had been installed for the National Security Agency.”