Senate Dems demand answers on DOJ's hack exposure

A group of Democratic senators want detailed answers from the Justice Department and the judiciary branch by the end of the month about the impact of the SolarWinds breach.

Royalty-free stock illustration ID: 110138069 by 3dreams
 

A group of Democratic senators is seeking answers from the Justice Department on agency efforts mitigate potential harm arising from compromised to email accounts breached in the SolarWinds hack.

The month's-long attack, which the intelligence community attributes to Russian actors, also penetrated the judicial branch's case filing system.

"The DOJ and the [Administrative Office of U.S. Courts] have acknowledged that they were among the federal agencies breached by Russian hackers, providing troubling accounts of the breadth and depth of the compromise," the senators wrote in a Jan. 20 letter.

The letter is signed by Democratic Sens. Richard Blumenthal (Conn.), Dianne Feinstein (Calif.), Patrick Leahy (Vt.), Richard Durbin (Ill.), Sheldon Whitehouse (R.I), Amy Klobuchar (Minn.), Chris Coons (Del.), Mazie Hirono (Hawaii) and Cory Booker (N.J.).

DOJ reported 3% of email accounts may have been compromised. The lawmakers pointed out that given the size of the agency – "over 115,000 positions," they wrote – the damage, "could amount to thousands of email accounts with an agency tasked with profoundly sensitive law enforcement and national security missions."

The senators want DOJ to elaborate on which offices and records specifically were affected and detail mitigation measures have been implemented. The letter also asks if DOJ has found and reported other methods of entry hackers may have used.

The Cybersecurity and Infrastructure Security Agency has stated the hackers behind the ongoing SolarWinds Orion breach are skilled at forging security tokens and have been observed tampering with trust protocols.

"Microsoft reported that the actor has added new federation trusts to existing on premises infrastructure," according to guidance from CISA. "Where this technique is used, it is possible that authentication can occur outside of an organization's known infrastructure and may not be visible to the legitimate system owner."

The senators want DOJ and the courts to provide written answers to their questions by Jan. 31.