Executive leadership from SolarWinds testified to House Committees on Oversight and Reform and Homeland Security last week. The hearing revealed some new information on the attack we had not seen before. First, the breach was traced back to a weak password created by an intern. The password ‘solarwinds123’ was used to protect a server at the company, and then was posted publicly on June 17, 2018.
“…they violated our password policies and they posted that password on their own private GitHub account,” former CEO Kevin Thompson said. “As soon as it was identified and brought to the attention of my security team, they took that down.”
Lawmakers did not hold back their opinion on the password failure. “I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad,” said Rep. Katie Porter. “You and your company were supposed to be preventing the Russians from reading Defense Department emails!”
A researcher communicated with the company in 2018 and showed how he could access and move files onto the server at that time. The company did not correct the issue until November of 2019, so the password was public, and the server was accessible for almost a year and a half.
In addition to the password failure, NASA and the FAA were added to the list of government agencies infiltrated by the hackers. This brings the list of breached agencies to nine: Departments of State, Justice, Commerce, Homeland Security, Energy, Treasury, the National Institutes of Health, the National Aeronautics and Space Administration, and the Federal Aviation Administration.
The digital forensic team identified at least 100 private sector companies also breached. “In addition to this estimate, we have identified additional government and private sector victims in other countries, and we believe it is highly likely that there remain other victims not yet identified, perhaps especially in regions where cloud migration is not as far advanced as it is in the United States,” Microsoft President Brad Smith said during the hearing.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.