Current and former senior managers of Solar Winds allege that a company made serious mistakes in password protection. The complex password “Solarwinds 123” was discovered on the public Internet in 2019 by an independent security researcher, who warned the company that the password leak exposed the solar wind file server.On Friday, during a joint investigation between the House Oversight Committee and the Homeland Security Committee, several U.S. officials were arrested.
“I have a stronger password than‘ Solarwinds 123 ’to prevent my childrenIPodTake a closer look at YouTube, “said President Katie Porter.” But you and your company should stop the Russians from reading the emails of the Ministry of Defense! “
Microsoft chief Brad Smith also testified at the trial on Friday. He later said there was no evidence that the Pentagon was actually harmed by Russian intelligence. Microsoft is one of the companies leading the forensic investigation into hacking activities. Microsoft told lawmakers that there was “substantial evidence” that Russia was behind the destructive hackers.
Solar Winds representatives told lawmakers Friday that the password issue was fixed within days of being reported.
But the role (if any) of the leaked password is still unclear in allowing suspected Russian hackers to spy on several federal organizations and companies, one of the most serious security breaches in U.S. history. Stolen credentials are one of the three possible attack vectors that Solar Winds investigates because it seeks to determine how it was first hacked. Hackers continue to hide malicious code in software updates. Solar Winds has since pushed about 18,000 customers, including several federal agencies.
Solar Winds CEO Sudhakar Ramakrishna said other theories that Solar Winds is exploring include the possibility of hacking hackers through the company’s passwords, crude guessing and compromised third – party software.
Kevin Thompson, the former CEO of Solar Winds, who was questioned by Delegate Rashida Dalai Lama, said the password issue was “a mistake made by a coach”. “They violated our password policy. They released this password locally and in their personal Kithu account. It was discovered and brought to the attention of my security team, who removed it.” Both Thomson and Ramakrishna did not explain to lawmakers why the company’s technology allowed such passwords to be used in the first place. Ramakrishna later testified that the password was still in use in 2017.
“I believe this is a password used by a trainer on a KIT server in 2017. It was reported to our security team and immediately removed.”
However, this period is much longer than the announced time. Researcher Vinod Kumar, who discovered the leaked password, previously said that the password for CNN would be available online at least from June 2018 until the company fixes the issue in November 2019.
An email between Kumar and Solar Winds, leaked password allowed him to log in and successfully save the file to the company’s server. Kumar warned that using this strategy, any hacker could upload malicious programs to Solar Winds.
At the inquest, Kevin Mandia, chief executive of FireE, said the Russian hacker could not fully determine how much damage the suspect had caused. We will never know the purpose and extent of the damage and will never know how the stolen information will benefit the adversary. ”
In order to conduct damage assessments, officials must not only list the accessed data, but also imagine all the ways in which the data could be used and misused by foreign actors.This is a difficult task.