Hack brings unwanted attention to obscure but vital IT firm


The US Chamber of Commerce building in Washington DC in 2009. Cyber spies have exploited SolarWinds software to peer into computer networks, putting many of the company's highest-profile customers, including the US Treasury and Commerce departments, on high alert. — AP

Before this week, few people were aware of SolarWinds, a Texas-based software company in the United States that provides vital computer network monitoring services to corporations and government agencies around the world.

But the revelation that elite cyberspies have spent months secretly exploiting SolarWinds' software to peer into computer networks has put many of its highest-profile customers in national governments and Fortune 500 companies on high alert.

"They’re not a household name the same way that Microsoft is. That’s because their software sits in the back office," said Rob Oliver, a research analyst at Baird who has followed the company for years. "Workers could have spent their whole career without hearing about SolarWinds. But I guarantee your IT department will know about it.”

Now plenty of other people know about it too, and not in a good way.

Founded in 1999 by two brothers in Tulsa, Oklahoma, ahead of the feared turn-of-the-millennium Y2K computer bug, the company’s website says its first product "arrived on the scene to help IT pros quell everyone’s world-ending fears.”

This time, its products are the ones instilling fears. The company on Dec 13 began alerting about 33,000 of its customers that an "outside nation-state" – widely suspected to be Russia – had found a back door into some updated versions of its premier product, Orion. The ubiquitous software tool, which helps organisations monitor the performance of their computer networks and servers, had become an instrument for spies to steal information undetected.

One of SolarWinds' customers, the prominent California cybersecurity firm FireEye, was the first to discover the cyberespionage operation. FireEye revealed earlier this month that its own systems were breached by attackers who made off with its defensive hacking tools. Among the other revealed spying targets were the US departments of Treasury and Commerce.

The operation began at least as early as March when SolarWinds customers who installed updates to their Orion software were unknowingly welcoming hidden malicious code that could give intruders the same view of their corporate network that in-house IT crews have. FireEye described the malware’s dizzying capabilities – from initially lying dormant up to two weeks, to hiding in plain sight by masquerading its reconnaissance forays as Orion activity.

The breach has caused a crisis for SolarWinds, which is now based in the hilly outskirts of Austin, Texas, United States. The compromised product accounts for nearly half the company’s annual revenue, which totaled US$753.9mil (RM3.06bil) over the first nine months of this year. Its stock has plummeted 23% since the beginning of the week.

Its longtime CEO, Kevin Thompson, had months earlier indicated that he would be leaving the company at the end of the year as it prepared to spin off one of its divisions. The SolarWinds board appointed his replacement just a day before FireEye first publicly revealed the hack.

"This is an unimaginable, unfortunate situation," Oliver said. "SolarWinds products have always been reliable. Its value proposition has been around reliability.”

SolarWinds executives declined interviews through a spokesperson, who cited an ongoing investigation that now involves the FBI and other agencies. Thompson's last few weeks at the helm are likely to be spent responding to frightened customers, some of whom are also rankled about marketing tactics that might have made a target of SolarWinds and its highest-profile clients.

The company earlier this week took down a web page that boasted of dozens of its best-known customers, from the White House, Pentagon and the Secret Service to the Smithsonian museums.

The Associated Press is among SolarWinds' reported hundreds of thousands of customers, though the news agency said it did not use the compromised Orion products. SolarWinds estimated in a financial filing that about 18,000 customers had installed the compromised software, meaning many of them were vulnerable to spy operations at some time this year.

AP Technology writer Frank Bajak in Boston contributed to this report. – AP

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
   

Next In Tech News

Report: Asia streaming habits swing to on-demand and larger screens
Rugby uses eye-tracking technology to tackle concussion
Vodafone posts 1.2% drop in full-year earnings
Tesla says working with China to probe crash involving policemen
Russian spy chief denies SolarWinds attack - BBC
Tesla boss Musk slips in the rankings on list of the super-rich
Scrutiny increases of Gates after Microsoft affair surfaces
Apple faces continued iPad Pro delays due to next-gen displays
Bolt undercuts rivals in nine-city German e-scooter rollout
Epic-Apple trial hangs over some 50,000 games on App Store

Stories You'll Enjoy


Vouchers