Current and former senior managers of SolarWinds accuse a company trainee of committing serious password security errors. The problematic password “solarwinds123” was discovered on the public internet in 2019 by an independent security researcher who warned the company against detecting a password leak. SolarWinds File Server.On Friday, during a joint hearing between the House Oversight Committee and the Homeland Security Committee, several US lawmakers shot SolarWinds over the passwords issue.
being able to:
“I have a password stronger than Solarwinds123” to prevent my kids fromIPAD“You were watching a lot of YouTube,” said Representative Katie Porter. But you and your company aim to stop the Russians from reading Defense Department emails! “
Microsoft chief Brad Smith also testified at the hearing on Friday, where he later stated that there was no evidence that the Pentagon had actually been affected by Russian espionage. Microsoft is one of the companies leading the forensic investigation of piracy activities. Microsoft told lawmakers there was “strong evidence” that Russia was behind the devastating hackers.
SolarWinds representatives told lawmakers Friday that once the password issue was reported, it was corrected in a few days.
But it remains unclear what role (if any) the leaked password might have played in allowing suspected Russian hackers to monitor multiple federal agencies and companies in one of the most serious security breaches in US history. The stolen credentials is one of three potential attack vectors SolarWinds is investigating as they try to figure out how to hack them in the first place. Hackers keep hiding malicious code in software updates. SolarWinds then pays out to nearly 18,000 customers, including several federal agencies.
SolarWinds CEO Sudhakar Ramakrishna said other theories explored by SolarWinds include the rough guesswork of company passwords and the potential for hackers to enter through compromised third-party software.
Facing the question of Rep. Rashida Tlaib, former SolarWinds CEO Kevin Thompson said the password issue was “a mistake made by a trainee”. “They violated our password policy. They posted this password internally and on their Github account. It was discovered and brought to the attention of my security team, and they removed it.” Thompson and Ramakrishna did not explain to lawmakers why the company’s technology allowed these passwords to be used in the first place. Ramakrishna later testified that the password had been in use since 2017.
“I think it was a password that a trainee used on one of their Github servers in 2017. Our security team was informed of this and it was deleted immediately.”
However, this time period is much longer than the reported time. Vinoth Kumar, the researcher who discovered the leaked password, previously told CNN that the password would be available online from at least June 2018 until the company corrects the problem in November 2019.
An email between Kumar and SolarWinds revealed that the leaked password allowed him to log in and successfully save the file on the company server. Kumar cautioned that with this strategy, any hacker could download malware into SolarWinds.
At the hearing, FireEye CEO Kevin Mandia said it may not be possible to quantify the amount of damage the suspected Russian infiltrators caused. We may never know the scope and extent of the damage and may never know how stolen information benefits an opponent. ”
In order to conduct damage assessments, officials must not only index the data accessed, but also visualize all the ways in which the data could be used and misused by foreign actors, and this is a difficult task.