Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Courts

Sealed US Court Records Exposed In SolarWinds Breach (krebsonsecurity.com) 27

An anonymous reader quotes a report from Krebs On Security: The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a discovery that its own systems were compromised as part of the SolarWinds supply chain attack. That intrusion involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for some 18,000 users of its Orion network management software as far back as March 2020.

"The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary's Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings," the agency said in a statement published Jan. 6. "An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation," the statement continues. "Due to the nature of the attacks, the review of this matter and its impact is ongoing."

The AO declined to comment on specific questions about their breach disclosure. But a source close to the investigation told KrebsOnSecurity that the federal court document system was "hit hard," by the SolarWinds attackers, which multiple U.S. intelligence and law enforcement agencies have attributed as "likely Russian in origin." The source said the intruders behind the SolarWinds compromise seeded the AO's network with a second stage "Teardrop" malware that went beyond the "Sunburst" malicious software update that was opportunistically pushed out to all 18,000 customers using the compromised Orion software. This suggests the attackers were targeting the agency for deeper access to its networks and communications.
The report notes that AO's court document system "may contain highly sensitive information, including intellectual property and trade secrets, or even the identities of confidential informants."

While it doesn't hold documents that are classified for national security reasons, "the system is full of sensitive sealed filings -- such as subpoenas for email records and so-called 'trap and trace' requests that law enforcement officials use to determine with whom a suspect is communicating via phone, when and for how long."
This discussion has been archived. No new comments can be posted.

Sealed US Court Records Exposed In SolarWinds Breach

Comments Filter:
  • I wonder how he's feeling.
  • Wasn't Australia and the US not intending to reduce cryptography and forcing vendors to implement backdoors? Would that make us more secure? Guess not... But that never stopped a politician. Hopefully this debacle shows what is possible when determined people try to get to the throve of information hidden behind these backdoors!
  • should really be shut down over this. Yes you can point fingers all day long, but in the end, they screwed up, massively. Their one job security was a failure. Terminate them.
    • Look at it another way - let's say Boeing designs a fighter jet for the government. If it turns out that the jet is shot down because of a weakness in the stealth technology, who is on the hook? If the US loses a war, do they sue the defense contractors?

      It's time to acknowledge that companies like Solarwinds are put in the same position. They are a huge target for nation states to attack in large part because governments use them. National defense is not their job, at least formally.

      I'm not saying they

      • Re:SolarWinds (Score:4, Insightful)

        by stabiesoft ( 733417 ) on Friday January 08, 2021 @10:32AM (#60910856) Homepage
        Not a very good analogy IMO. Boeing A, is too big to fail, SolarWinds not so much. B. as you say it was stupid on SolarWinds part. So yes, if Boeing put a giant piece of aluminum foil on the side of the stealth jet, yes, they should be put out of their misery even with being too big to fail, because well, massively stupid. In SW's case, massive booboo and not too big to fail makes it an easy decision.
      • In which case Solarwinds will receive a contract extension, extra and bonus payments, a revised schedule to 2030, and induction into the military-industrial-snooping complex hall of fame - just like Boeing.

  • " intrusion involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for some 18,000 users"
    is for management, administrators and the employees to completely ignore any of their security policies, procedures and guidelines. How does that happen?

    Wonder what low level peasant will take the hit for this, so that the shakers and movers that caused it can skate off in to the sun set with their cash.
    • by raymorris ( 2726007 ) on Friday January 08, 2021 @10:10AM (#60910796) Journal

      I've seen it more than once - the top leadership sets the tone, a company culture that doesn't value security. Then nobody in the company acts like security is important.

      It's also been noted that they moved their programming overseas to countries where anti-American interests have significant influence. Meaning that some of the engineers producing the product were likely not fond of the US, and Moscow had the ability to get to them and to the infrastructure.

      > Wonder what low level peasant will take the hit for this, so that the shakers and movers that caused it can skate off in to the sun set with their cash.

      The CEO and CFO have already been hit with class action suits. The CEO Departed the company a few days before the hack was announced publicly. He has been retained to assist in the investigation as needed. He'll be called to answer for his actions before Congress and all that, so he's going to have a very bad year.

      Several other Solarwinds executives are also unemployed now.

  • by Kludge ( 13653 ) on Friday January 08, 2021 @09:42AM (#60910696)

    Russian 1: There is so much data from this SolarWinds hack, we'll never get through it all. How will we find what is important and what is not?
    Russian 2: Check the news.

  • Russia has become the new Goodyear Blimp.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...