SolarWinds Hackers Compromise Confidential Court Filings

The Russian hackers behind the SolarWinds attack have apparently compromised the federal courts’ electronic case filing system, putting “highly sensitive non-public documents” at great risk.

An apparent compromise of the confidentiality of the federal case filing system due to vulnerabilities associated with SolarWinds Orion is currently under investigation, the Administrative Office of the U.S. Courts (AO) disclosed Wednesday. The AO said it’s working with the Department of Homeland Security on a security audit relating to Orion vulnerabilities that put sealed filings at great risk of compromise.

Under new procedures announced Wednesday, the AO said highly sensitive documents filed with federal courts will be accepted in paper form or via a thumb drive, and will be stored in a secure stand-alone computer system. These sealed highly sensitive documents will not be uploaded to the electronic case filing system, according to the AO.

[Related: SolarWinds To Pay Ex-CEO $312K To Assist With Investigations]

“We fully appreciate the practical implications of taking these steps and the administrative burden they will place on courts, yet any such burdens are outweighed by the need to preserve the confidentiality of sealed filings that are at risk of compromise,” James Duff, secretary of the judicial conference of the United States, said in a communication to the court Wednesday.

The new practice will not change current policies regarding public access to court records since sealed records are confidential, the AO said. Not all files sealed today should be considered highly sensitive, with presentence reports, pretrial release reports, sealed civil filings, Social Security records, criminal cooperation pleadings, and administrative immigration records likely not meriting this treatment.

“The federal Judiciary’s foremost concern must be the integrity of and public trust in the operation and administration of its courts,” Duff said in his memo to the courts. “Court rules and orders should presume that every document filed in or by a court will be in the public domain, unless the court orders it to be sealed, and that documents should be sealed only when necessary.”

If they have not done so already, the AO said courts will issue standing or general orders addressing the types of filings they do and do not consider to be highly sensitive. The Judiciary said it has suspended all national and local use of the SolarWinds Orion network monitoring tool, and a review into the apparent compromise of the Judiciary’s electronic case filing system and its impact is ongoing.

The case filing system compromise was disclosed the same day as the Justice Department announced the SolarWinds hackers had potentially accessed three percent of the department’s Office 365 mailboxes in what’s being called a “major incident.” The department said it learned Dec. 24 that hackers had gained access to Office 365, and doesn’t have any indication that classified systems were impacted.

Also yesterday, SolarWinds agreed to pay former CEO Kevin Thompson $62,500 for each of the next five months as the company faces a wave of lawsuits and government probes into its conduct around the hack. Under the deal, Thompson will make himself available to SolarWinds for any litigation, arbitration, investigations or civil and governmental proceedings based on events that occurred when he was CEO.

The transition agreement with Thompson was inked two days after SolarWinds, Thompson and CFO Barton Kalsu were hit with their first class-action lawsuit. The lawsuit accuses the company, Thompson and Kalsu of making materially false and misleading statements about SolarWinds’ security posture in Securities and Exchange Commission regulatory filings in February, May, August and November of 2020.