Former SolarWinds CEO Blames Intern for “solarwinds123” Password Leak

by



[ad_1]

The password in question, “solarwinds123”, was discovered in 2019 on the public internet by an independent security researcher who warned the company that the leak revealed a SolarWinds file server.

Several U.S. lawmakers tore up SolarWinds over the password issue on Friday during a joint hearing of the House Oversight and Homeland Security committees.

“I have a stronger password than ‘solarwinds123’ to prevent my kids from watching too much YouTube on their iPad,” said Rep. Katie Porter. “You and your company were supposed to stop the Russians from reading Defense Ministry emails!”

Microsoft President Brad Smith, who also testified at Friday’s hearing, later said there was no evidence the Pentagon was actually affected by the Russian spy campaign. Microsoft is among the companies that conducted the forensic investigation into the hacking campaign.

“There is no indication, to my knowledge, that the DoD has been attacked,” Smith told Porter.

Microsoft tells lawmakers there is 'substantial evidence' Russia was behind devastating hack

Representatives for SolarWinds told lawmakers on Friday that as soon as the password issue was reported, it was fixed within days.

But it’s still unclear what role, if any, the leaked password may have played in allowing suspected Russian hackers to spy on multiple federal agencies and companies in one of the country’s most serious security breaches. history of the United States.

Stolen credentials are one of three possible avenues of attack SolarWinds investigates as it attempts to uncover how they were first compromised by hackers, who then hid malicious code in upgrades. software updates that SolarWinds then passed on to some 18,000 customers, including many federal agencies.

Other theories SolarWinds is exploring, said Sudhakar Ramakrishna, CEO of SolarWinds, include brute-force guessing of company passwords, as well as the possibility that hackers may have entered through compromised third-party software.

Confronted by Rep. Rashida Tlaib, former SolarWinds CEO Kevin Thompson said the password problem was “a mistake made by an intern.”

“They violated our password policies and they posted that password to an internal account, their own private Github account,” Thompson said. “As soon as it was identified and brought to the attention of my security team, they removed it.”

Neither Thompson nor Ramakrishna have explained to lawmakers why the company’s technology allowed these passwords in the first place.

Ramakrishna later said the password was used as early as 2017.

“I believe it was a password that an intern used on one of his Github servers in 2017,” Ramakrishna told Porter, “which was reported to our security team and it was immediately deleted. “

This delay is considerably longer than what was reported. The researcher who uncovered the leaked password, Vinoth Kumar, previously told CNN that before the company fixed the problem in November 2019, the password had been accessible online since at least June 2018.

Emails between Kumar and SolarWinds showed that the leaked password allowed Kumar to log in and successfully drop the files onto the company’s server. Using this tactic, Kumar warned the company that any hacker could upload malware to SolarWinds.

During the hearing, FireEye CEO Kevin Mandia said it may be impossible to fully determine the damage caused by the alleged Russian hack.

“Bottom line: we may never know the full range and extent of the damage, and we may never know the full range and extent of how stolen information benefits an adversary.” , Mandia said.

In order to conduct a damage assessment, Mandia said, officials must not only list the data they have accessed, but also imagine all the ways the data could be used and misused by foreign actors – a monumental task.

[ad_2]

Source link