The US has suffered a cyberbreach. It's hard to overstate how bad it is

I haven’t been following this story extensively, but when did we conclude that SVR was behind the hack? Schneier writes as if it’s a certainty.<p>Why is it always FireEye blaming the Russians, and why do they never share their evidence of attribution?

“ The only reason we know about this breach is because, earlier this month, the security company FireEye discovered that it had been hacked. During its own audit of its network, it uncovered the Orion vulnerability and alerted the US government.”<p>:&#x2F;

Now that’s what I call a pentest! Expect more of these. And expect vendors new and old to sell hindsight-based protection.

Hold on... this is legal? I knew the countries spy on each other all the time, but I assumed it was illegally done.