The online filing system used by the federal court system was likely breached in the SolarWinds hack, suspected to be orchestrated by Russia, potentially compromising highly sensitive sealed documents that contain nonpublic details about ongoing investigations.
The Administrative Office of the U.S. Courts revealed an “apparent compromise of the confidentiality” of its case management and electronic case files system “due to these discovered vulnerabilities” and said this week that it was “under investigation.” The federal judiciary is working with the Homeland Security Department on a “security audit” related to the cyberattacks that “greatly risk compromising highly sensitive non-public documents … particularly sealed filings” stored on the online system, adding that “due to the nature of the attacks, the review of this matter and its impact is ongoing.”
The revelation that the federal courts were likely successfully hacked came just after the Justice Department admitted that its email systems had been compromised, though the agency stressed that it believed the number of potentially affected email boxes was limited to 3%, and they had no indication that classified information had been taken.
The judiciary’s administrative office said the federal courts “are immediately adding new security procedures to protect highly sensitive confidential documents filed with the courts,” including that “highly sensitive court documents filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system” and “will not be uploaded” to the online system. The office noted that the new practice won’t change current policies regarding public access to court records because sealed records are already confidential “and currently are not available to the public.”
Sealed documents on the court’s online system, such as arrest and search warrant affidavits, can contain a host of sensitive information, and the nonpublic records can include the names of suspects and targets, secret indictments, national security information, Foreign Intelligence Surveillance Act notices, grand jury details, investigative insights, witness testimony, identifying information such as financial records or contact information, details on phone numbers or email addresses under surveillance, confidential human sources, and cooperating witnesses.
“The federal Judiciary’s foremost concern must be the integrity of and public trust in the operation and administration of its courts,” James Duff, the secretary of the Judicial Conference of the United States, told the federal courts this week. “The federal Judiciary has long applied a strong presumption in favor of public access to documents. Court rules and orders should presume that every document filed in or by a court will be in the public domain, unless the court orders it to be sealed, and that documents should be sealed only when necessary.”
He added: “We fully appreciate the practical implications of taking these steps and the administrative burden they will place on courts, yet any such burdens are outweighed by the need to preserve the confidentiality of sealed filings that are at risk of compromise.”
Earlier this week, the FBI, the Office of the Director of National Intelligence, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency announced that the massive SolarWinds hack that breached the U.S. government and thousands of other public and private customers is “likely Russian in origin” and that a likely Kremlin-backed advanced persistent threat actor “is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks.”
The agencies said in a statement they “believe this was, and continues to be, an intelligence gathering effort,” and of the estimated 18,000 affected public and private sector customers of SolarWinds's Orion products, “a much smaller number has been compromised by follow-on activity on their systems.”
The groups also said, “We have so far identified fewer than 10 U.S. government agencies that fall into this category and are working to identify the nongovernment entities who also may be impacted” and “this is a serious compromise that will require a sustained and dedicated effort to remediate.”
The administrative office for the federal courts said it “immediately notified courts of this development” when it was made aware of the SolarWinds hack in December and the federal courts “suspended all national and local use of this IT network monitoring and management tool.”
President Trump, who long refused to concede the November election to President-elect Joe Biden, tweeted in December that “Russia, Russia, Russia is the priority chant when anything happens” and that the hack “may” have been carried out by China. Now-former Attorney General William Barr and Secretary of State Mike Pompeo both said in December that they believed the cybercampaign was likely carried out by the Russians.
View original Post