Sealed US Court Records Exposed In SolarWinds Breach (krebsonsecurity.com) 27
An anonymous reader quotes a report from Krebs On Security: The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a discovery that its own systems were compromised as part of the SolarWinds supply chain attack. That intrusion involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for some 18,000 users of its Orion network management software as far back as March 2020.
"The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary's Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings," the agency said in a statement published Jan. 6. "An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation," the statement continues. "Due to the nature of the attacks, the review of this matter and its impact is ongoing."
The AO declined to comment on specific questions about their breach disclosure. But a source close to the investigation told KrebsOnSecurity that the federal court document system was "hit hard," by the SolarWinds attackers, which multiple U.S. intelligence and law enforcement agencies have attributed as "likely Russian in origin." The source said the intruders behind the SolarWinds compromise seeded the AO's network with a second stage "Teardrop" malware that went beyond the "Sunburst" malicious software update that was opportunistically pushed out to all 18,000 customers using the compromised Orion software. This suggests the attackers were targeting the agency for deeper access to its networks and communications. The report notes that AO's court document system "may contain highly sensitive information, including intellectual property and trade secrets, or even the identities of confidential informants."
While it doesn't hold documents that are classified for national security reasons, "the system is full of sensitive sealed filings -- such as subpoenas for email records and so-called 'trap and trace' requests that law enforcement officials use to determine with whom a suspect is communicating via phone, when and for how long."
"The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary's Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings," the agency said in a statement published Jan. 6. "An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation," the statement continues. "Due to the nature of the attacks, the review of this matter and its impact is ongoing."
The AO declined to comment on specific questions about their breach disclosure. But a source close to the investigation told KrebsOnSecurity that the federal court document system was "hit hard," by the SolarWinds attackers, which multiple U.S. intelligence and law enforcement agencies have attributed as "likely Russian in origin." The source said the intruders behind the SolarWinds compromise seeded the AO's network with a second stage "Teardrop" malware that went beyond the "Sunburst" malicious software update that was opportunistically pushed out to all 18,000 customers using the compromised Orion software. This suggests the attackers were targeting the agency for deeper access to its networks and communications. The report notes that AO's court document system "may contain highly sensitive information, including intellectual property and trade secrets, or even the identities of confidential informants."
While it doesn't hold documents that are classified for national security reasons, "the system is full of sensitive sealed filings -- such as subpoenas for email records and so-called 'trap and trace' requests that law enforcement officials use to determine with whom a suspect is communicating via phone, when and for how long."
CEO (Score:2)
Re: (Score:2)
Re:CEO (Score:5, Interesting)
Re: (Score:2)
This is going to Congressional hearings like Equif (Score:2)
Oh yeah this will not be forgotten. We're going to have a bunch of Congressional hearings and all that, just like Equifax but probably bigger.
Re: (Score:2)
While they're talking, maybe they can discuss how maybe corporations shouldn't be leading the charge on cyber war with other nation states. If the US government is outsourcing national defense to private companies, they need to be investing on the appropriate scale. The government made them a target, so they should be responsible when they are breached.
Re: (Score:2)
What do you have in mind that the federal government should be doing?
Re: (Score:2)
The short answer is "something." The slightly longer answer is to at least acknowledge some responsibility instead of shifting all blame.
Re: (Score:2)
> The short answer is "something."
That reminds me of a particular danger.
Sometimes people think the government should "do something".
So when the politician proposes something, people support it.
The government should do something, and Senator Jackass's bill is something.
Re: (Score:1)
Nahh, the entirely corrupt corporation M$ is involved, we will have record payouts to Lobbyists and their corrupt politicians to ensure, M$ gets of scot free or is the Russia free or is that with extra Russia, Russia, Russia. That hack has been such a PR=B$ con job to escape criminal negligence charges.
Re: (Score:2)
Re:CEO (Score:4, Insightful)
Just fine. He gets a golden parachute and tell me again the last time a CEO did jail time?
Re: (Score:2)
... tell me again the last time a CEO did jail time?
Best I can tell, December 2020: https://www.justice.gov/usao-s... [justice.gov]
Re: (Score:2)
So that case again Bailey was pretty clearly a "you lied to avoid taxes" case, something the US will frown upon without the proper bribes being prepaid -- not really the same sort of situation.
Re: (Score:2)
So that case again Bailey was pretty clearly a "you lied to avoid taxes" case, something the US will frown upon without the proper bribes being prepaid -- not really the same sort of situation.
You asked "tell me again the last time a CEO did jail time?" I gave you an answer. If you have a new question post it as such, don't goalpost move your old one.
Re: (Score:2)
Re: (Score:2)
the last time a CEO did jail time?
I can do you a whole set. [msn.com]
Officially sanctioned backdoors (Score:1)
Re: (Score:1)
SolarWinds (Score:2)
Re: (Score:2)
Look at it another way - let's say Boeing designs a fighter jet for the government. If it turns out that the jet is shot down because of a weakness in the stealth technology, who is on the hook? If the US loses a war, do they sue the defense contractors?
It's time to acknowledge that companies like Solarwinds are put in the same position. They are a huge target for nation states to attack in large part because governments use them. National defense is not their job, at least formally.
I'm not saying they
Re:SolarWinds (Score:4, Insightful)
Re: (Score:3)
In which case Solarwinds will receive a contract extension, extra and bonus payments, a revised schedule to 2030, and induction into the military-industrial-snooping complex hall of fame - just like Boeing.
The only way this happens (Score:2)
is for management, administrators and the employees to completely ignore any of their security policies, procedures and guidelines. How does that happen?
Wonder what low level peasant will take the hit for this, so that the shakers and movers that caused it can skate off in to the sun set with their cash.
Priorities of the company culture, CEO fired, sued (Score:4, Insightful)
I've seen it more than once - the top leadership sets the tone, a company culture that doesn't value security. Then nobody in the company acts like security is important.
It's also been noted that they moved their programming overseas to countries where anti-American interests have significant influence. Meaning that some of the engineers producing the product were likely not fond of the US, and Moscow had the ability to get to them and to the infrastructure.
> Wonder what low level peasant will take the hit for this, so that the shakers and movers that caused it can skate off in to the sun set with their cash.
The CEO and CFO have already been hit with class action suits. The CEO Departed the company a few days before the hack was announced publicly. He has been retained to assist in the investigation as needed. He'll be called to answer for his actions before Congress and all that, so he's going to have a very bad year.
Several other Solarwinds executives are also unemployed now.
too much data (Score:5, Funny)
Russian 1: There is so much data from this SolarWinds hack, we'll never get through it all. How will we find what is important and what is not?
Russian 2: Check the news.
Switch Focus from Stupidity of Backdoors... (Score:2)
Russia has become the new Goodyear Blimp.