SolarWinds directors are blaming a intern for leaking the password “solarwinds123”, which may have been the starting point of the attack on the supply chain the company suffered in late 2020. According to CNN, the company has been using this password since 2017 and in 2019 it was found exposed on a GitHub server.
Executives from SolarWinds and other companies involved met with US lawmakers on Friday (02/26) in a nearly 5-hour hearing, from the US House Committee on Homeland Security, to discuss the case and gather information before the trial.
During the hearing, California deputy Katie Porter questioned the company about the use of the password “solarwinds123”. “Your company should be preventing Russians from accessing Department of Defense emails […] I have a stronger password than ‘solarwinds123’ to prevent my kids from watching YouTube a lot, “he said.
In response, Sudhakar Ramakrishna, current CEO of SolarWinds, said: “I believe it was a password that an intern used on one of his servers in 2017 ”. Former CEO Kevin Thompson, who also attended the hearing, said: “This is related to a mistake that an intern made. He violated our password policies and posted that password to his own private GitHub account. ”
Brad Smith, president of Microsoft (one of the victims), the company that is leading investigations into the attack, said there is no evidence that the Pentagon (headquarters of the US Department of Defense) was invaded or spied on in the campaign that targeted users of the SolarWinds Orion software.
The security researcher, Vinoth Kumar, found the password “solarwinds123” exposed in a GitHub repository in November 2019. The password allowed access to one of the company’s servers. He contacted SolarWinds, who said he changed the password. However, Kumar believes she has been exposed since June 2018.
FireEye CEO Kevin Mandia said that it is impossible to measure the damage caused by the attack. According to the executive, the authorities must design all the ways and alternatives of how the data stolen by the attack can be used (or misused) and not just catalog what data has been accessed. “We may never know the full extent of the damage, and we may never know how the stolen information is benefiting an opponent,” he says.
NASA and Federal Aviation Administration enter into account
Audience participants revealed that the infected SolarWinds Orion update may have been downloaded by about 18,000 company customers, although that number does not represent that 18,000 SolarWinds client companies are being spied on, as cybercriminals are not interested in all customers, only a few specific ones, especially those with links to US government armies and agencies.
In the US alone, seven government agencies, in addition to several other companies that provide services to governments, have been (or are still being) spied on by cybercriminals, possibly linked to the Russian government.
According to The Washington Post, the NASA and the US Federal Aviation Administration (FAA) are the two most recent victims of the attack. The US government has announced that it is organizing defense and security measures, as well as punitive measures against Russia, for the attack.
Sources: CNN; US House Committee on Homeland Security; The Washington Post.
See the original post at: https://thehack.com.br/solarwinds-culpa-estagiario-por-senha-solarwinds123-exposta-no-github/?rand=48873
