US Justice Department, federal court system hit by Russian hack

The FBI seal is seen before a news conference at its headquarters in Washington. The US government on Jan 5, 2021, said a devastating hack of federal agencies is ‘likely Russian in origin’ and said the operation appeared to be an ‘intelligence gathering’ effort. The assessment was disclosed in a rare public statement from the FBI and other investigative agencies. — AP

WASHINGTON: The US Justice Department and the federal court system disclosed on Jan 6 that they were among the dozens of US government agencies and private businesses compromised by a massive cyberespionage campaign that US officials have linked to elite Russia hackers.

The extent of the damage was unclear.

The department said that 3% of its Microsoft Office 365 email accounts were potentially affected, but did not say to whom those accounts belonged. There are no indications that classified systems were affected, the agency said. Office 365 isn't just email but a collaborative computing environment, which means that shared documents were also surely accessed, said Dmitri Alperovitch, former chief technical officer of the cybersecurity firm CrowdStrike.

Separately, the Administrative Office of US Courts informed federal judicial bodies across the nation that the courts’ nationwide case management system was breached, potentially giving the hackers access to sealed court documents.

The Justice Department said that on Dec 24 it detected “previously unknown malicious activity" linked to the broader intrusions of federal agencies revealed earlier that month, according to a statement from spokesman Marc Raimondi.

Separately, the court office said on its website that “an apparent compromise” of the US judiciary's case management and electronic case file system was under investigation.

The Department of Homeland Security was scouring the system, it said, and cited a particular risk to sealed court filings, whose disclosure could jeopardize active criminal investigations.

“The potential reach is vast. The actual reach is probably significant,” said a federal court official who spoke on condition of anonymity because they were not authorised to disclose the information. The official confirmed that the scope of the compromise was national but it was not clear how widespread.

On Tuesday, federal law enforcement and intelligence agencies formally implicated Russia in the intrusions, calling them part of a suspected intelligence gathering operation. President Donald Trump had previously questioned that consensus, suggesting without foundation that China could be to blame.

The hacking campaign was extraordinary in scale, with the intruders stalking through government agencies including the Treasury and Commerce departments, defense contractors and telecommunications companies for months by the time the breach was discovered.

Experts say that gave the foreign agents ample time to collect data that could be highly damaging to US national security, although the scope of the breaches and exactly what information was sought is unknown.

An estimated 18,000 organisations were seeded with malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds. But only a subset are believed to have been compromised. Tuesday’s statement said that fewer than 10 federal government agencies have so far been identified as having been hacked.

Johns Hopkins cyberespionage expert Thomas Rid said the 3% figure of email accounts accessed at Justice may not sound like a lot, but that it doesn’t mean that the hackers “didn’t get to the interesting stuff”.

Cybersecurity experts responding to the hack say highly skilled cyber spies of the caliber behind the SolarWinds hack are apt to keep their footprint as small as possible to avoid detection – targeting only high-value email and documents.

Rid wondered how sure the Justice Department could be about the extent of its compromise.

“How good is their own visibility given that US government agencies totally missed the breach in the first place?” he said. “Are they really on top of the problem? Are we only really seeing the tip of the iceberg?”

The breach was discovered by FireEye, a prominent cybersecurity company, on its network. It then identified and notified other victims.

Experts expect the severity of the hack and the number of victims identified to increase over time.

“History tells us that if you have a large breach, not just in one organization but across an entire government – an entire sector – it will take a long time to identify who are the victims and how badly they are compromised,” said Rid.

Microsoft declined to comment on long the intruders were reading emails in the Justice Department's Office 365 environment, which is typically a cloud-based service hosted by the software provider. – AP

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3

Did you find this article insightful?


100% readers found this article insightful

Next In Tech News

Trump to be allowed back on YouTube when ‘risk of violence’ falls
Huawei CFO should appeal to Canada justice minister, not court, prosecutor says
How beers and Vikings gave Bluetooth technology its name
Google lets Pixel users manage audio recordings via the Web
Putin calls for internet bound by moral rules, criticises opposition rallies
Qualcomm takes aim at Apple with line of wireless audio chips
Exclusive: Apple faces EU antitrust charge on Spotify complaint - sources
Explainer: Honda unveils its new level 3 technology, but how does it work?
Exclusive: Amid shortage U.S. suppliers to Chinese chip giant SMIC struggle to get export licenses
WhatsApp adds voice and video calling feature to desktop version

Stories You'll Enjoy