Security News > 2021 > January > Sealed U.S. court records possibly accessed by SolarWinds attackers

The Administrative Office of the U.S. Courts has revealed on Wednesday that it is investigating whether sealed U.S. court records had been accessed by the SolarWinds attackers.

The AO is now working with the Department of Homeland Security "On a security audit relating to vulnerabilities in the Judiciary's Case Management/Electronic Case Files system that greatly risk compromising highly sensitive non-public documents stored on CM/ECF" and has announced new security procedures to protect highly sensitive confidential documents filed with the courts.

From now on, these types of documents "Will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system," and not be uploaded to CM/ECF. Sealed court records may contain a variety of very sensitive information, such as details about how law enforcement managed to get information during an investigation and names of people that haven't yet been arrested but for whom indictments have been drawn up.

Add to this the Wednesday confirmation that the SolarWinds intruders also managed to access the Department's Microsoft O365 email environment and the mailboxes of 3 percent of U.S. Justice Department email accounts, and it's easy to see how thusly gleaned sensitive information may help hackers.

Texas-based SolarWinds have first called in CrowdStrike to help with the investigation.

Krebs, who was the first director of the Cybersecurity and Infrastructure Security Agency and was fired from the post by President Trump in November 2020, and Stamos, who served as CSO at Yahoo, Facebook, and is a security and privacy advisor consultant for Zoom, have told the Financial Times that it could take years before all of the compromised systems can be made completely secure again.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/xnB1zp11-wg/