Federal court documents and DOJ emails compromised in cybersecurity breach
Image from Shutterstock.com.
The federal courts and the U.S. Department of Justice have announced that they were apparently affected by a hack of widely used network management software known as SolarWinds.
The DOJ said Wednesday about 3% of its emails were “potentially accessed,” but there is no indication at this point that any classified systems were affected.
Russia is thought to behind the software hack, which installed malicious code on users’ systems through a SolarWinds software update, according to Ars Technica.
Federal courts are also investigating an apparent compromise of the confidentiality of the federal courts’ electronic filing system, according to a memo and press release by the Administrative Office of the U.S. Courts.
Bloomberg Law and Law360 have coverage.
Federal courts should accept highly sensitive documents only in paper form or on a secure electronic device, such as a thumb drive, according to new procedures announced Wednesday. Such documents should be stored in a secured stand-alone computer system and should not be uploaded to the Case Management/Electronic Case Files system, known as CM/ECF.
Lawyers told Bloomberg Law that the hack could have revealed sensitive corporate information about products, finances and sales figures.
“Everything from the algorithms ERISA providers use to evaluate investments to pharmaceutical companies’ formulations and chemical processes could be exposed via court documents,” the article says.
The exposed information could be used in stock trades or by foreign companies looking for a competitive advantage, the article says.
Information revealed in criminal cases could jeopardize government investigations and be used for blackmail, lawyers said.
The administrative office is working with the Department of Homeland Security to audit the CM/ECF system after discovery of the apparent compromise that was also due to the SolarWinds intrusion.
The federal courts suspended all use of the SolarWinds network monitoring and management tool after the DHS’s Cybersecurity and Infrastructure Security Agency warned of a known compromise in December.
The breach is thought to have affected about 250 federal agencies and businesses, according to the New York Times. A private security company, FireEye, had disclosed the hack in December.
Other agencies that were infiltrated in the cyberattack include the Treasury Department, the State Department, the Commerce Department, the Energy Department and parts of the Pentagon, according to the New York Times.
Updated Jan. 7 at 3:30 p.m. to include info from Bloomberg Law.