The SolarWinds drama just will not stop. It’s a story of Russian hackers – and possibly Chinese hackers – alleged email espionage, and a gaping hole of security vulnerability that seems to get worse as more details come to light. Now we can add another twist to the story: the ridiculous insecure password ‘solarwinds123’. In this latter case, SolarWinds wants you to know that it was the trainee’s fault.
At a joint hearing on Friday, Kevin Thompson, former CEO of SolarWinds, told representatives of the country Home Supervision and Homeland Security Committees that the “solarwinds123” password, which protected a server at the company, “is related to an error made by an intern, and that it violates our password policy.” Thompson explain to lawmakers that the intern posted the password to their own private GitHub account.
“Once it was identified and brought to the attention of my security team, they took it down,” Thompson said.
The password security issue extends to at least 2018, though evidence provided by SolarWinds on Friday suggests it could go back even further. In December, security researcher Vinoth Kumar told Reuters that he warned SolarWinds that anyone could access his update server using ‘solarwinds123’. CNN report that the password has been accessible online since at least June 2018.
G / O Media can get a commission
However, Sudhakar Ramakrishna, current CEO of SolarWinds, told lawmakers during the hearing that the “solarwinds123” password was used in 2017 on one of the servers of the internal.
According to CNN, Kumar showed SolarWinds that the password enabled him to log in and deposit files on his server. The researcher said this is a way for any hacker to upload malicious programs to SolarWinds.
“I have a stronger password than ‘solarwinds123’ to prevent my kids from watching too much YouTube on their iPad,” said Rep. California Democrat Katie Porter told SolarWinds officials during the hearing.
At this point, however, it is still uncertain whether the password leak played a role in the SolarWinds hack, CNN noted, which believes the largest foreign invasion campaign in American history. Anne Neuberger, White House national security adviser, said this month that about 100 different companies and nine federal agencies, including those overseeing the country nuclear weapons, was compromised by foreign hackers.
The government is currently investigating the hack, and it is still unclear to which data hackers could gain access. The investigation is expected to take several months. Kevin Mandia, CEO of FireEye, the cyber security company that discovered the hack, said we may never know the extent of the attack.
“The bottom line: we will never know the full extent and extent of the damage, and we will never know the full extent and scope of how the stolen information benefits an adversary,” Mandia said.
Nevertheless, we know one of the causes of the attack: a poor unnamed intern who threw SolarWinds under the bus.