The Great Hack of 2020

...

SolarWinds is a company that offers server monitoring (among other things). It does so through a user with administrative access to servers. Many companies use SolarWinds’ products and services to make sure their servers are healthy. It’s specialty is in databases (like MS SQL Server).

SolarWinds’ customers include 425 of the Fortune 500 companies, all branches of the US Military, and each branch of the US Government. Customers also include many State and Local governments – including those in swing states where the election results are being questioned as potentially fraudulent.

Other notable customers using SolarWinds (following the hack, the list has been removed from SolarWinds’ website):

  • all ten of the top ten US telecommunications companies
  • all five branches of the U.S. military
  • all five of the top five U.S. accounting firms
  • the Pentagon
  • the State Department
  • the National Security Agency
  • the Department of Justice
  • The White House

SolarWinds was hacked

News broke over the weekend of December 12th, 2020 that officials at CISA and the FBI were investigating breaches at two of the largest federal agencies – the Commerce and Treasury departments – related to a flaw in the SolarWinds Orion software.

The Cybersecurity and Infrastructure Security Agency ordered all government departments by noon Monday to identify and shut off instances of SolarWinds Orion software running or connected to any government system.

Some sources are down-playing the hack, saying it was only “one” of SolarWinds’ products – but those on the IT side were quick to point out that “Orion” is the “keys to the kingdom” product, with potential access into all other subsystems.

The attack – which reportedly spanned months (as far back as March, when we were being distracted by the beginning of COVID-19) – reportedly used the SolarWinds “remote update” feature to install malicious software on compromised systems – but could also have modified data in databases.

Dominion Voting uses SolarWindsAccording to their own website, Dominion Voting uses SolarWinds (Dominion has removed the SolarWinds reference from their website following the hack, but at the time of this writing it’s still visible in the HTML source).

Solar Winds’ Executive VP sold 57k shares ($1.2M) on 11/9/2020, and CEO Kevin Thompson, sold 700k shares ($15M) on 11/18/2020 and 11/19/2020. Thompson has reportedly handed over his passport to authorities.

On December 14th, 2020, the FBI, Texas Rangers, and US Marshals raided the SolarWinds headquarters in Austin, Texas.

Sources:

Leave a Reply