The United States Department of Justice said today that it is investigated a data breach in the federal courts system that dates back to early 2020.
Sound familar? That's because the SolarWinds hack, backed by Russian state actors, breached the same system during the same year. But the DOJ's new investigation is centered on a different hack that goes beyond the SolarWinds breach.
At this point, you could be forgiven for mistaking the US government's cybersecurity for swiss cheese. Are any solutions available that could help shore up our security in the near future?
What to Know About the New 2020 Hack
The hack was first publically disclosed today by House Judiciary Committee Chair Jerrold Nadler.
“Three hostile foreign actors,” Nadler said, had attacked the U.S. Court document filing system in early 2020, in a “system security failure,” while noting that the House Judiciary Committee had only learned the “startling breadth and scope” of the hack as of March 2022.
He also clarified that the hack was separate from SolarWinds, in which hackers backed by the Russian government accessed more than a dozen federal agencies' networks in 2020 — the federal courts systems included.
What's the Damage?
It's not yet clear how much damage was done, but it doesn't look great. Assistant Attorney General for National Security Matthew Olsen, when asked how many cases had been impacted by the breach, said he could not “think of anything in particular,” according to Politico.
In addition, Senate Intelligence Committee member Senator Ron Wyden said in a statement that he had “serious concerns that the federal judiciary has hidden” the extent of the breach's consequences from both Congress and the public.
As for any response? Procedures for handing in highly sensitive documents like confidential or sealed records were updated in January 2021 to include physical paper documents and secure electronic devices.
Staying Safe Online
Meanwhile, the SolarWinds hackers remain active. At least, they're active as of November of last year, when we covered their new targets: Microsoft mailbox owners. As Tech.co Senior Writer Aaron Drapkin put it then:
“The advice to all teams using Microsoft mailboxes is to review all the accounts and groups that have the Application Impersonation role assigned to them and remove them. Limiting what mailboxes this role will permit a user or application to access is also suggested.”
Drapkin has the full story in his article, but it's worth noting that it's the shortcuts and other automated processes of modern software that are providing the openings that allow these hacks to happen.
Switching to physical documents is a cumbersome but helpful solution for the US government. For the rest of us, multifactor authentication and a good password manager tool are also solid safeguards.