Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security United States

SolarWinds Hackers Accessed DOJ Emails, But there's No Indication They Reached Classified Systems (cnbc.com) 44

Hackers who tapped into government networks through SolarWinds software potentially accessed about 3% of the Justice Department's email accounts, but there's no indication they accessed classified systems, a DOJ spokesperson said in a statement Wednesday. From a report: The DOJ Office of the Chief Information Officer learned of the hack the day of Christmas Eve, according to the statement, where agents accessed the Department's Microsoft Office 365 email environment. "As part of the ongoing technical analysis, the department has determined that the activity constitutes a major incident under the Federal Information Security Modernization Act, and is taking the steps consistent with that determination," the spokesperson said. "The department will continue to notify the appropriate federal agencies, Congress, and the public as warranted."
This discussion has been archived. No new comments can be posted.

SolarWinds Hackers Accessed DOJ Emails, But there's No Indication They Reached Classified Systems

Comments Filter:
  • by kot-begemot-uk ( 6104030 ) on Wednesday January 06, 2021 @03:36PM (#60904100) Homepage
    I already pointed this out many times. The Russian origin software found in the process of the investigation was MORE THAN TWO YEARS OLD.

    We have:

    Case A. Best Case Scenario, someone grabbed a Russian APT from somewhere and took it for a spin.

    Case B. This is a Russian hack and it dates from the time the software was in circulation. The software was not updated to a newer one in order not to jeopardise the hack in progress. That means that for two years, the Russians have had GOD level access to the networks of DOJ, CIA, NSA, GCHQ and most NATO government. That is the level of access you get with SolarWinds Orion. It is an NMS which is entitled to query everything, deploy its own agents, update its own agents (apparently without cryptographic verification) and alter system settings at will. The hack appears to be so deep that it reached the selected few machines of the team which has access to the current Microsoft Windows source for the purposes of er.... you better not know. If this has continued for THREE F*CKING YEARS, the idea that "no classified data was harmed in this experiment" is absolutely preposterous.

    So which one is it? Case A or Case B. If it is Case A then it is possible that no classified data was accessed. If it is Case B, can we stop putting lipstick on the pig. It is time to kiss it and say the vows.

    • Classified systems are air-gapped on a separate network (at least, they are supposed to be). We should be more concerned about compromised individuals in the US with security clearance. Being able to physically go into a classified secure area and physically access PCs connected to the network is far more viable than remote access from overseas.
      • You would be amazed at what sloppy hubristic idiots using laptops in airliners sometimes expose (large scale voice audio storage system mid to late '90s, looked like a commercial proposal to government). Also at other forms of slop. I was a 14-15 year old high school student when I first heard of CORONA by name, though without program details, simply by living in the right DC area neighborhood around the time of the 6 Day War.
      • Who cares about air gapping if Solar Winds was used as the NMS for the classified systems (they are no longer systems nowadays, they have their classified network segments). The only open question which is left in that case is "did they figure out the mechanism to transmit data back out of the more classified domains to the less classified". In an environment where you control the NMS for 3 years, that is not a matter is not a matter of if, it is a matter of when.

        So back to my statement. If the Russians h

    • by anegg ( 1390659 )

      Regardless of whether it is "Case A" or "Case B" it is unlikely that classified information was accessed, or at least unlikely that *much* classified information was accessed. US government classified information is not (generally) kept on systems attached to unclassified networks, and classified networks aren't just "firewalled" off unclassified networks, they are air-gapped albeit sometimes with a carefully-controlled "write up" capability.

      How badly someone got hit by Solarwinds as a vector for an attac

  • A group of terrorists have pushed past DC and capitol police [cnn.com] in an attempt to storm the House chamber. Officers have drawn their guns at one of the terrorists who was trying to gain access.

    Video from the Senate floor shows a terrorist at the Senate dias. Members of Congress have been evacuated to undisclosed locations. Reports of possible pipe bombs at several locations throughout Washington, D.C. have been reported.

    Federal law enforcement officers have been called in to bolster the defenses. One can onl

  • What?br> Everytime a Federal Government system is breached, the prosecution lists "Access to Classified" information.>br> Plus, there is information that isn't yet "Classified" that is protected and illegal to give/have/read.
    What an uninformed article!
  • Because, hey, REAL hijackers leave REAL IDs around, like it's September 2001!
  • Hackers did not install the SolarWinds software updates. The victims hoisted themselves by their own petards though their own incompetence.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...