The relevant password, ‘solarwinds123’, was discovered on the public internet in 2019 by an independent security researcher who warned the company that the leak had exposed a SolarWinds file server.
Several U.S. lawmakers on Friday for the password issue SolarWinds entered a joint hearing by the Homeland Security and Homeland Security Committees.
“I have a stronger password than ‘solarwinds123’ to prevent my kids from watching too much YouTube on their iPad,” said Katie Porter. “You and your company were supposed to prevent the Russians from reading emails from the Department of Defense!”
Microsoft President Brad Smith, who also testified during Friday’s trial, later said there was no evidence that the Pentagon was actually affected by the Russian espionage campaign. Microsoft is one of the companies that led the forensic investigation into the hacking campaign.
“To my knowledge, there is no indication that the DoD was attacked,” Smith told Porter.
Representatives of SolarWinds told lawmakers on Friday that the password issue had been rectified within days.
Stolen credentials are one of three possible attacks SolarWinds is investigating as it tries to discover how it was first compromised by the hackers, who hid malicious code in software updates that SolarWinds then sent to about 18,000 customers, including numerous federal agencies. .
Other theories that SolarWinds is investigating say SolarWinds CEO Sudhakar Ramakrishna includes guessing the company’s passwords, as well as the possibility that hackers came through third-party software.
Former SolarWinds CEO Kevin Thompson is confronted by representative Rashida Tlaib and said the issue of password is an error made by an intern. ‘
“They violated our password policy and they posted the password on an internal Github account on their own,” Thompson said. “Once it was identified and brought to the attention of my security team, they took it down.”
Neither Thompson nor Ramakrishna explained to lawmakers why the technology of the enterprise allowed such passwords in the first place.
Ramakrishna later testified that the password was already used in 2017.
“I believe it was a password that an intern used on one of his Github servers in 2017,” Ramakrishna told Porter, “which was reported to our security team and removed immediately.”
Emails between Kumar and SolarWinds showed that the leaking password enables Kumar to log in and deposit files successfully on the company’s server. Using the tactic, Kumar warned the company, any hacker could upload malicious programs to SolarWinds.
During the hearing, FireEye CEO Kevin Mandia said it could be impossible to fully determine how much damage was done by the alleged Russian hood.
“The bottom line: we may never know the full extent and extent of the damage, and we will never know the full extent and extent of how the stolen information benefits an adversary,” Mandia testified.
Mandia said officials should not only catalog the information they visit, but also think of all the ways in which data can be used and misused by foreign actors – a monumental task.