The CEO explained that the SolarWinds server that caused the 'most serious cyberattack in the last 10 years' had a password of 'solarwinds123' as an 'intern's mistake'
On February 26, 2021, the United States of America was involved in a large-scale hacking attack by a large company such as the U.S. government and Microsoft / Cisco using the software 'Orion Software ' provided by SolarWinds, which develops network management software. A public hearing was held by the House of Representatives. When asked by lawmakers about the fact that SolarWinds' servers were protected by a less secure password called 'solarwinds123,' the CEO of SolarWinds explained that it was related to an 'intern's mistake.'
Oversight and Homeland Security Committees Discussed Next Steps for Government and Private Tech Following SolarWinds Breach | House Committee on Oversight and Reform
https://oversight.house.gov/news/press-releases/oversight-and-homeland-security-committees-discussed-next-steps-for-government
Former SolarWinds CEO blames intern for 'solarwinds123' password leak --CNNPolitics
https://edition.cnn.com/2021/02/26/politics/solarwinds123-password-intern/index.html
Former SolarWinds CEO Blames Intern for Password Security Breach
https://www.makeuseof.com/former-solarwinds-ceo-blames-intern-for-password-security-breach/
In December 2020, cybersecurity company FireEye reported that someone had stolen an internal hacking tool used to test products. In the announcement, FireEye concluded that 'attacks are from countries with top-notch offensive capabilities.'
Cyber security company FireEye is hacked into 'a country with top-notch offensive capabilities'-GIGAZINE
Further investigation revealed that the attack on FireEye was part of a broader hacking attack. In this series of hacking attacks, emails from state agencies such as the US Treasury are monitored ...
It turns out that a hacker supported by the Russian government was hacking a US government agency and monitoring the contents of emails etc. --GIGAZINE
In addition to the situation that the source code of Microsoft Windows is on sale for 62 million yen, damage to Cisco, a network equipment development company, has also been reported, Microsoft President Brad Smith said, 'In the past 10 years It was one of the most serious cyber attacks. '
It was discovered that the Windows source code was for sale for 62 million yen --GIGAZINE
The cause of this is the software 'Orion Software ' provided by SolarWinds, a developer of network management software. The attacker hacked Orion Software by loading malware that added a backdoor. This backdoor is called 'Sun Burst' or 'Solorigate'.
Then, on February 26, 2021, the United States House of Representatives Oversight Committee and the Homeland Security Committee held a joint hearing to discuss the large-scale cyberattacks carried out using Orion Software. At the hearing, SolarWinds President and CEO Sudakar Rama Krishna, former CEO Kevin Thompson, and security company FireEye CEO Kevin Mandia, whose internal test tools were stolen, and Microsoft President Brad Smith was also present.
In December 2020, security researcher Vinos Kumar pointed out that some of SolarWinds' servers were loose and easy to guess, with passwords like 'solarwinds123.'
US cyber-attack: Cybersecurity agency warns suspected Russian hacking campaign broader than previously believed --CNNPolitics
https://edition.cnn.com/2020/12/17/politics/us-government-hack-extends-beyond-solarwinds/index.html
Mr. Thompson, who was pointed out by a lawmaker, said, 'The password violates the policy and is related to the intern making a mistake.' 'The intern once posted the password to the internal account, It was withdrawn as soon as the security team noticed it. ' 'The intern used that password on his Github server in 2017, and it was removed as soon as the report came up,' Ramakrishna said.
It's unclear if this password was used in a hacking attack, but Kumar said the server was publicly accessible, at least after June 2018. Kumar has experimentally confirmed that it is possible to log in to the server and save files using the leaked password, and in an email to SolarWinds, 'a malicious hacker is ready to upload the program to SolarWinds.' I will. In addition, this problem was fixed in November 2019.
'There are three major problems,' said technical writer Gavin Phillips, who said SolarWinds was an 'intern's mistake.'
1: A system that allows companies to change passwords for internships
2: Not checking if the intern is doing anything that affects the platform, such as changing passwords
3: Since the password was changed in 2017, there was no password leakage in other places, or it was not investigated for 3 years until 2019 when the correction is done.
'There is no evidence that the Pentagon was actually affected by Russian espionage,' Microsoft President Smith said during a hearing. Meanwhile, FireEye CEO Mandia said, 'We don't know all the damage, and we don't know the extent and extent of how the stolen information is used by the enemy.'
Related Posts:
in Security, Posted by darkhorse_log