‘Unmanageable’: Authorities Hid Key Details About Massive Cyber Attack From Congress, Lawmaker Says

61

A top Democratic lawmaker accused U.S. courts of delaying detection of the dangerous level of “sophisticated” cyberattacks on U.S. judicial systems in a letter Thursday.

Unidentified foreign attackers breached the Justice Department’s case management system in early 2020, but Congress didn’t hear about the “staggering breadth and scope” of the incident until March 2022, Democratic Rep. Jerrold Nadler of New York said at a House Judiciary Committee hearing. at home on Thursday. The chairman of the Finance Committee, Democratic Sen. Ron Wyden of Oregon, expressed concern that US federal courts have chosen to cover up their failures to protect personal information and adopt adequate cybersecurity measures in a letter sent to the courts on Thursday, arguing that the court systems have created “unmanageable security risks.”

“[N]news that the judiciary has failed to adequately disclose such an attack and its impact on national security will further undermine public trust,” Wyden said, adding that “the federal judiciary has yet to publicly explain what happened and has denied multiple requests for classified information “. briefings for Congress.”

Lawmakers also questioned Assistant Attorney General for National Security Matthew Olsen about why the DOJ appeared to be delaying attempts by Congress to learn about the potential consequences of the breach for American citizens, Politico reported. Olsen did not provide details on the number of court cases that could be affected by the breach, or how many have been dismissed by the court, according to Politico.

“I would expect your preparation and that we can get that information as soon as possible in an environment that would be appropriate, but this is a dangerous set of circumstances that has now been made public and we need to know how many … were fired,” said Democratic Representative Sheila Jackson Lee from Texas.

Security breaches often happen without disrupting systems, and cyber security experts often don’t detect traces of hacking until then, Matthew Watson, a cybersecurity consultant in Guernsey, told the Daily Caller News Foundation. However, “DOJ appears to have beach knowledge at least compared to congressional oversight committees, and by a wide margin,” Watson added.

Assessing the severity of a security breach remains a challenge, even for experienced incident responders, Watson said.

“That means we’re often in the position of hoping that a threat actor hasn’t compromised our most sensitive data — an unenviable position when you think about the kind of data that the federal government maintains,” Watson said.

“This adds insult to injury as our federal entities appear withdrawn and slow to respond,” Watson said.

DOJ first discovered the breach of the Case Management/Electronic Case File (CM/ECF) system after a separate attack compromised IT network monitoring software known as SolarWinds. It is unclear whether the DOJ identified the CM/ECF security incident before or after the SolarWinds hack.

According to Nadler, “three hostile foreign actors” committed violations of the CM/ECF, but he did not name specific countries. The DOJ attributed the SolarWinds attack to the Russian hacking group Nobelium, which has also committed several attacks on the technology supply chain.

“The apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities is currently under investigation,” the DOJ said in a January 6, 2021 statement, the only indication of a cyber attack on the filing system.

The announcement was made on the same day that unrest broke out in the capital on January 6. US courts have indicted over 800 individuals who participated in the action for reasons of national security, reports Business Insider. (RELATED: The Ministry of Justice plans to form a special unit to fight domestic terrorism)

Read these two paragraphs from the announcement carefully. Note that they don’t say the vulnerability is caused by SolarWinds, but that the announcement *strongly* implies it. pic.twitter.com/Wd16nCXUSu

— Free Law Project ⚖ (@FreeLawProject) July 28, 2022

The DOJ’s Office of National Security and the U.S. Courts did not immediately respond to DCNF’s request for comment.

Content created by The Daily Caller News Foundation is available at no charge to any qualified news publisher who can deliver a large audience. For licensing options for our original content, please contact licensing@dailycallernewsfoundation.org.

Comments are closed.