Written by Tim Starks
The federal judiciary’s electronic case management and filing system suffered “an apparent compromise” as part of the SolarWinds breach, according to the Administrative Office of the U.S. Courts.
The office is still assessing the impact, but a representative says the organization has stepped up security precautions in the meantime.
“The federal Judiciary’s foremost concern must be the integrity of and public trust in the operation and administration of its courts,” James Duff, secretary of the judiciary’s national policy-making body — the Judicial Conference of the United States — said in a Wednesday communication to the courts.
Federal courts are a potential goldmine for hackers, as they harbor sensitive data on millions of people. Government investigators have said Russia is likely behind a cyber-espionage campaign that hit federal agencies and major companies via updates to the SolarWinds Orion software.
The Administrative Office of the U.S. Courts said it was working on a security audit with the Department of Homeland Security related to the vulnerabilities in its electronic filing system “that greatly risk compromising highly sensitive non-public documents,” especially sealed filings.
In response, the judiciary has shut down both national and local use of the Orion software, the office said.
Going forward, federal courts will only accept filings of highly sensitive documents in paper form or via secure electronic devices, and won’t upload those documents to its electronic case management system.
“This new practice will not change current policies regarding public access to court records, since sealed records are confidential and currently are not available to the public,” the office said.
“CISA has evidence that there are initial access vectors other than the SolarWinds Orion platform and has identified legitimate account abuse as one of these vectors,” the agency said.
Via a new technique that CISA has seen hackers use in an incident it responded to, the agency said, “it is possible that authentication can occur outside of an organization’s known infrastructure and may not be visible to the legitimate system owner.”