Friday, January 8, 2021

Judiciary Addresses Cybersecurity Breach: Extra Safeguards to Protect Sensitive Court Records


See attribution below

Via Press Release Published on January 6, 2021

“After the recent disclosure of widespread cybersecurity breaches of both private sector and government computer systems, federal courts are immediately adding new security procedures to protect highly sensitive confidential documents filed with the courts.

“The federal Judiciary’s foremost concern must be the integrity of and public trust in the operation and administration of its courts,” James C. Duff, Secretary of the Judicial Conference of the United States, the Judiciary’s national policy-making body, said in a January 6, 2021, communication to the courts.


"In mid-December, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an emergency directive regarding  “a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors.” The Administrative Office of the U.S. Courts (AO) immediately notified courts of this development and in response, the Judiciary has suspended all national and local use of this IT network monitoring and management tool.

The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings. An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation. Due to the nature of the attacks, the review of this matter and its impact is ongoing.”

Click here for the full press release


Security expert Brian Krebs provided more detail in his article “Sealed U.S.Court Records Exposed in SolarWinds Breach”

He notes in paragraphs 5 to 8…

“The AO declined to comment on specific questions about their breach disclosure. But a source close to the investigation told KrebsOnSecurity that the federal court document system was “hit hard,” by the SolarWinds attackers, which multiple U.S. intelligence and law enforcement agencies have attributed as “likely Russian in origin.”

The source said the intruders behind the SolarWinds compromise seeded the AO’s network with a second stage “Teardrop” malware that went beyond the “Sunburst” malicious software update that was opportunistically pushed out to all 18,000 customers using the compromised Orion software. This suggests the attackers were targeting the agency for deeper access to its networks and communications.

The AO’s court document system powers a publicly searchable database called PACER, and the vast majority of the files in PACER are not restricted and are available to anyone willing to pay for the records.

But experts say many other documents stored in the AO’s system are sealed — either temporarily or indefinitely by the courts or parties to a legal matter — and may contain highly sensitive information, including intellectual property and trade secrets, or even the identities of confidential informants.”


The National Park Service has posted a wonderful social studies lesson on US Federal Courthouses and their place in history and symbol of pride and permanence of justice.

No comments:

Post a Comment