Current and former senior Solarwinds executives blame a company trainee for a dangerous flaw in password security that appears to have gone undiagnosed for years.
And an independent security researcher warned SolarWinds in 2019, after discovering the presence of a password (Solarwinds123), that its use may lead to the leakage of the company´s servers files.
This incident was the subject of controversy on Friday among US lawmakers, in a joint hearing by the House Oversight and Homeland Security committees regarding the incursion of the SolarWinds company at the end of last year.
Rep. Katie Porter said, "I have a stronger password than (solarwinds123) to prevent my children from viewing many YouTube videos on their devices." At the Ministry of Defense. "
Microsoft chief Brad Smith, who was testifying at Friday’s session, said later that there was no evidence that the Pentagon had actually been affected by the Russian spying campaign. Microsoft is among the companies that led the criminal investigation into the hacking campaign.
"There is no indication, to my knowledge, that the Department of Defense was attacked," Smith told Porter, and Microsoft told lawmakers that there was "substantial evidence" that Russia was behind the devastating breach.
SolarWinds representatives told lawmakers on Friday that once the password issue was reported, it was corrected within days, but it remains unclear how much the leaked password might have played in enabling suspected Russian hackers to spy on a number of federal agencies and companies. One of the most serious security breaches in the history of the United States.
The stolen credentials is one of 3 possible methods of attack that SolarWinds is investigating as it tries to uncover how it was first compromised by hackers who have continued to hide malicious code in software updates that SolarWinds sold to nearly 18,000 customers, including a number of agencies. Federalism.
Sudakar Ramakrishna, CEO of SolarWinds, said that other theories being explored by SolarWinds include the correct guessing of the company´s passwords, as well as the possibility of hackers entering through compromised third-party programs.
In the face of Representative Rashida Tlaib, the former CEO of SolarWinds, Kevin Thompson, said that the password problem was "a mistake made by a trainee."
Thompson added, "They violated our password policies and posted this password on their internal account on Github, and as soon as it was identified and brought to the attention of my security team, they removed it."
But Thompson and Ramakrishna did not explain to lawmakers why the company´s technology allowed these passwords in the first place, and Ramakrishna later stated that the password had been in use since 2017.
"I think this was a password that was used by a trainee on one of his GitHub servers in 2017, which was reported by our security team and removed immediately," Ramakrishna told Porter.
As for the researcher who discovered the leaked password, Phinoth Kumar , he told CNN previously that before the company corrected the problem in November 2019, access to the password was available online since June 2018 at the least.
Emails between Kumar and SolarWinds showed that the leaked password allowed Kumar to log in and successfully upload files to the company´s server. Using this strategy, Kumar warned the company that any hacker could download malware onto SolarWinds.
During the hearing, FireEye CEO Kevin Mandia said it might be impossible to determine how much damage was caused by the suspected Russian hack.
"The bottom line: We may never know the full extent and amount of damage, and we may never know the full extent and true extent of how an opponent could benefit from the stolen information," Mandia said.
In order to conduct a damage assessment, Mandia said officials should not only index the accessed data, but also envision all the ways in which the data could be used and misused by foreign actors, which is a huge task.
Source: CNN