The password in question, “Solarwinds 123”, was discovered by an independent security researcher on the public Internet in 2019, who warned the company that the leaked Solarwinds file server had been exposed.
Several U.S. lawmakers clashed in Solarwinds on Friday over the password issue at a joint hearing by the House Oversight and Homeland Security Committees.
“I’ve got a stronger password than ‘Solarwinds 123’ to prevent my kids from watching too much YouTube on their iPad,” Rep. Said Katie Porter. “You and your company were preventing Russians from reading Defense Department emails!”
Brad Smith, president of Microsoft.com, who also testified at Friday’s hearing, said there was no evidence that the Pentagon was indeed influenced by the Russian intelligence service. Micro .ft is one of the companies leading the forensic investigation into the hacking campaign.
“To my knowledge there is no indication that the DOD was attacked,” Smith told Porter.
Representatives of Solarwinds told lawmakers on Friday that the password issue was fixed in a few days as soon as it was reported.
Solarwinds is investigating stolen credentials in one of three possible ways to carry out the attack as it seeks to uncover how it was allegedly compromised by hackers who forced some 18,000 customers, including numerous federal agencies, after Solderwinds. .
Other theoretical solarwinds are exploring, said Sudhakar Ramakrishna, CEO of Solarwinds, which includes estimates of cruel-guesses about the company’s passwords, as well as the possibility that hackers could enter the settlement through third-party software.
Rep. Faced by Rashida Talaib, Kevin Thompson, former CEO of Solarwinds, said the password issue was “an error made by an intern.”
“They violated our password policies and posted those passwords on their own private GitHub account,” Thompson said. “As soon as he was identified and brought to the attention of my security team, they took him down.”
Neither Thompson nor Ramakrishna explained to the legislators why the company’s technology allowed such passwords in the first place.
Ramakrishna later testified that the password was used in early 2017.
“I believe it was the password that was used on his Github servers in the year 2017, which was reported to our security team and was immediately removed,” Ramakrishna told Porter.
Emails between Kumar and Solarwinds show that the leaked password allowed Kumar to log in and could successfully submit files to the company’s servers. Using that trick, Kumar warned the company that any hacker could upload malicious programs to Solarwinds.
During the hearing, Fire CEO Kevin Mandia said it was impossible to fully determine how much damage had been done by the suspected Russian hack.
“Bottom line: we never know the full range and extent of the damage, and we never know the full range and extent of how stolen information benefits the adversary.”
Mandia said that in order to assess the damage, officials must not only list what data to access, but also imagine all the ways in which data could be used and misused by foreign artists – a memorial work.
.