Security News > 2021 > January > US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents

The SolarWinds hack exposed sealed US court documents - which could have a serious effect on Western sanctions against state-backed hackers.

Infosec journalist Brian Krebs reported a US Courts Administrative Office statement about the impact of the Russian-backed SolarWinds hack, quoting an anonymous source as saying that the agency was "Hit hard".

Referring to the US federal courts' Case Management/Electronic Case Files system, the body said in a statement that the SolarWinds hack had risked "Compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings," adding: "An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation."

That's important because US federal prosecutors and security agencies targeting state-backed hackers build their cases outside the public eye, under the cover of the court sealed case documents.

Over the past few years the US Department of Justice has adopted a policy of announcing domestic criminal charges against other countries' hackers, mostly resulting in the names of individual Russians becoming known in the West.

While nobody really expects criminal charges against SVR hackers to result in a court trial on American soil, charging individuals serves two main purposes: it ensures they can never safely travel to a country that has a US extradition treaty; and it signals to non-aligned states what Western cyber-norms are.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/08/solarwinds_court_docs/