Doj Solarwindsfeinercnbc: The Department of Justice has confirmed that hackers affiliated with the Russian government hacked into SolarWinds email accounts, but that there’s no indication that the breach impacted classified systems.
“The intrusion did not result in access to any non-public information, to include classified or privileged personally identifiable information.” a DOJ spokesperson says.
The fraud case against an IT consultant who hacked into nearly a dozen US government networks ultimately failed when SolarWinds founder and CEO, John McLeod, pleaded guilty to felony theft of trade secrets. In the DOJ’s press release about the SolarWinds hack, it says that “the hackers accessed approximately 3% of the four million accounts on 22 Federal agencies.
The intrusion did not result in access to any non-public information, to include classified or privileged personally identifiable information.”
The fraud case against an IT consultant who hacked into nearly a dozen US government networks ultimately failed when SolarWinds founder and CEO, John McLeod, pleaded guilty to felony theft of trade secrets. In the DOJ’s press release about the SolarWinds hack, it says that “the hackers accessed approximately 3% of the four million accounts on 22 Federal agencies.
The intrusion did not result in access to any non-public information, to include classified or privileged personally identifiable information.”
SolarWinds is a company based in Texas, USA. It was founded in 2003. The company maintains several product lines and services related to IT management, such as SolarWinds MSP Controller, ManageEngine OpManager and Altiris MDM. In 2016 it was acquired by private equity firm Veritas Capital Partners for $300 million.
The hack is related to an IT consultant named Kushagra Pathak.
In 2011, he accessed computer networks of the United States Navy and NASA, which is a felony, since he was never authorized to access those systems. In 2016, he settled out of court and agreed to pay US$2.5 million in damages for the unauthorized access.
In January 2018, SolarWinds found out that their corporate email platform had been hacked in December 2017. SolarWinds discovered that its corporate email platform, built on Microsoft Exchange, had been infiltrated by a hacker in Eastern Europe. Pathak was one of the hackers who had access to the email platform. SolarWinds discovered that the company’s employees had been compromised when “the hackers accessed approximately 3% of the four million accounts on 22 Federal agencies.”
The attack gained access to over 4 million emails and other records from SolarWinds customers. It also exposed information about SolarWinds partners and its IT infrastructure. US-CERT (United States Computer Emergency Readiness Team) has confirmed that the information disclosed in the December 2017 hack is legitimate.
Officials at the Department of Justice alleged that Pathak, who was working for a foreign government at the time of the hack, had emailed himself over 40,000 pages of confidential documents from SolarWinds’ email archives. The files included more than 21,000 pages of SolarWinds sales and marketing documents, over 800 pages of insider source lists, and over 1,900 pages of product launch plans.
The indictment lists three different ways that the attacker gained access to SolarWinds’ email system:
- The attacker was able to compromise the Virtual Network Manager (VNM) console by exploiting an unpatched vulnerability in the Windows operating system.
- Pathak emailed two .exe files to himself, which he used to exploit vulnerabilities in the SolarWinds’ email server.
- The attacker accessed SolarWinds’ MSP Controller product, which also had a Virtual Network Manager feature.
While only 3% of the logins used at SolarWinds were compromised when it was hacked, the threat posed by this breach is significant because it shows how cyber criminals can successfully target a much larger network with a relatively small amount of effort.