SolarWinds: Russian hackers broke into email accounts at US attorney offices

Department of Justice says 27 prosecutors’ offices breachedAll four New York offices may have lost sensitive material

A Solarwinds logo is seen displayed on a smartphone with stock market percentages on the background. A Solarwinds logo is seen displayed on a smartphone with stock market percentages on the background. Photograph: Omar Marques/SOPA Images/REX/ShutterstockA Solarwinds logo is seen displayed on a smartphone with stock market percentages on the background. Photograph: Omar Marques/SOPA Images/REX/Shutterstock

Associated Press in New YorkSat 31 Jul 2021 11.16 EDT

Russian hackers behind the massive SolarWinds cyber-espionage campaign broke into the email accounts of some of the most prominent US federal prosecutors’ offices last year, the Department of Justice has said.

The US has suffered a massive cyberbreach. It's hard to overstate how bad it is | Bruce Schneier

The department said 80% of Microsoft email accounts used by employees in the four US attorney offices in New York were breached. All told, the DoJ said 27 US attorney offices had at least one employee email account compromised.

The justice department said on Friday it believes the accounts were compromised from 7 May to 27 December last year. That timeframe is notable because the SolarWinds attack, named for the company which made the affected product and which infiltrated dozens of companies and think tanks as well as at least nine government agencies, was discovered and publicized in mid-December.

In April, the Biden administration announced sanctions, including the expulsion of diplomats, in response to SolarWinds and Russian interference in the 2020 US election. Russia has denied wrongdoing.

Jennifer Rodgers, a lecturer at Columbia Law School, said when she was a federal prosecutor in New York, office emails frequently contained sensitive information including case strategy discussions and names of confidential informants.

“I don’t remember ever having someone bring me a document instead of emailing it to me because of security concerns,” she said, noting exceptions for classified materials.

The Administrative Office of US Courts confirmed in January it was also breached, giving the SolarWinds hackers another entry point to steal confidential information like trade secrets, espionage targets, whistleblower reports and arrest warrants.

The list of affected district attorneys included high-profile offices in Los Angeles, Miami, Washington and the eastern district of Virginia. The southern and eastern districts of New York, where large numbers of staff were hit, handle some of the most prominent prosecutions in the country.

“New York is the financial center of the world and those districts are particularly well known for investigating and prosecuting white-collar crimes and other cases, including investigating people close to” Donald Trump, said Bruce Green, a professor at Fordham Law School and a former prosecutor in the southern district.

The DoJ said all victims had been notified and it was working to mitigate “operational, security and privacy risks”. The department said in January it had no indication that any classified systems were affected.

The DoJ did not provide detail about what kind of information was taken and what impact such a hack may have on ongoing cases. Members of Congress have expressed frustration with the Biden administration for not sharing more information about the impact of the SolarWinds campaign.

SolarWinds hackers also gained access to email accounts belonging to the then-acting homeland security secretary, Chad Wolf, and members of cybersecurity staff, whose jobs included hunting threats from foreign countries.


Leave A Reply

Your email address will not be published.