Current and former senior Solarwinds executives blame a company trainee for a dangerous flaw in password security that appears to have gone undiagnosed for years.
And an independent security researcher warned SolarWinds in 2019, after discovering the presence of a password (Solarwinds123), that its use may lead to the leakage of the company's servers files.
This incident was the subject of controversy on Friday among US lawmakers, in a joint hearing by the House Oversight and Homeland Security committees regarding the hacking incident of SolarWinds at the end of last year.
Rep. Katie Porter said, "I have a stronger password than (solarwinds123) to prevent my children from watching many YouTube videos on their devices." The deputy told the company president, saying, "It was supposed to prevent you and your company from reading private emails. At the Ministry of Defense. "
Microsoft chief Brad Smith, who was testifying at the Friday session, said at a later time that there was no evidence that the Pentagon had actually been affected by the Russian spying campaign. Microsoft is among the companies that led the criminal investigation into the hacking campaign.
"There is no indication, to my knowledge, that the Department of Defense was attacked," Smith told Porter, and Microsoft told lawmakers that there was "substantial evidence" that Russia was behind the devastating breach.
SolarWinds representatives told lawmakers Friday that once the password issue was reported, it was corrected within days, but it remains unclear how much of the role the leaked password may have played in enabling suspected Russian hackers to spy on a number of federal agencies and companies. One of the most serious security breaches in the history of the United States.
The stolen credentials is one of 3 possible methods of attack that SolarWinds is investigating as it tries to uncover how it was first compromised by hackers who have continued to hide malicious code in software updates that SolarWinds sold to about 18,000 customers, including a number of agencies. Federalism.
Microsoft is among the companies that led the criminal investigation into the (French) hacking campaign
Sudakar Ramakrishna, CEO of SolarWinds, said that other theories being explored by SolarWinds include the correct guessing of the company's passwords, as well as the possibility of hackers entering through compromised third-party programs.
Facing Representative Rashida Tlaib, the former CEO of SolarWinds, Kevin Thompson, said that the password problem was "a mistake made by a trainee."
"They violated our password policies and posted this password on their internal account on Github, and as soon as it was identified and brought to the attention of my security team, they removed it," Thompson added.
But Thompson and Ramakrishna did not explain to lawmakers why the company's technology allowed these passwords in the first place, and Ramakrishna later stated that the password had been in use since 2017.
"I think this was a password that was used by a trainee on one of his GitHub servers in 2017, and it was reported to our security team and it was promptly removed," Ramakrishna told Porter.
As for the researcher who discovered the leaked password, Phinoth Kumar, he told CNN previously that before the company corrected the problem in November 2019, access to the password was available online since June 2018 at the least.
Emails between Kumar and SolarWinds showed that the leaked password allowed Kumar to log in and successfully upload files to the company's server. Using this strategy, Kumar warned the company that any hacker could download malware onto SolarWinds.
During the hearing, FireEye CEO Kevin Mandia said that it might be impossible to determine how much damage was caused by the suspected Russian hack.
"The bottom line: We may never know the full extent and amount of damage, and we may never know the full extent and true extent of how an opponent could benefit from the stolen information," Mandia testified.
In order to conduct a damage assessment, Mandia said that officials should not only index the accessed data, but also visualize all the ways in which the data could be used and misused by foreign actors, which is a huge task.
Special thanks to
@steemcurator01
@steemcurator02
@booming01
@booming02
@booming03
@booming04
Because your support for us is the key for me to continue developing and continuing forward
yeah... always blame the trainee!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit