Computer attack on SolarWinds: intern singled out for password leak

Recently, the CEO of the Texan company SolarWinds pointed the finger at an intern for allegedly promoting password leakage.

Although in some ways no reconciliation has been made between this leak and the attack suffered by American society.

This article will also interest you: SolarWinds strengthens its cybersecurity

As a reminder, the cyberattack that affected Orion, a software provided by SolarWinds, piracy by which cyber criminals managed to gain access to information systems of several companies, client of the company Texane. Piracy, it must be said, has been described as one of the most serious of the decade. Several large companies have been hit hard, namely, Microsoft or the computer solution publisher FireEyes. Not to mention U.S. government agencies in the nuclear agency.

Recently something quite amazing has been discovered. A password affiliated with one of the "solarwinds123" servers.

The popularity of SolarWinds was due to an unfortunate fact. As far as the password is concerned, the error was attributed to an intern.

"I have a stronger password than "solarwinds123" to prevent my children from watching Too much YouTube on their iPads," said U.S. Rep. Katie Porter. "You and your company were supposed to prevent the Russians from reading the emails from the Ministry of Defense! »,

In a press release from the Parliamentary Committee on Control and Reform, former SolarWinds CEO Kevin Thompson said, "They violated our password policy and published the password on an internal account, on their own private GitHub account."

According to information provided by the company, the problem with this password has been going back since 2018 to see even further. According to the researcher who discovered this data leak, the password had already been available since June 2018 on the internet. Yet the problem was solved only in 2019. According to the statements of the current CEO of the Texan company, this security breach dates back to 2017. "I believe it was a password that an intern used on one of his GitHub servers in 2017, which was reported to our security team and was immediately deleted," said Sudhakar Ramakrishna, the current CEO of SolarWinds.

The U.S. government's investigation is still ongoing to shed more light on this matter. However, this case could take several months. For his part, the company's CEO has FireEye security, Kevin Mandia says it will never be possible to determine the extent of this computer attack.

"The end result: we may never know the extent and extent of the damage, and we may never know to what extent the stolen information benefits an opponent," Mandia said. However, with everything that is going on, it is likely that a simple trainee could be accused of having been the cause of it.

However, this possibility is not seen by everyone in the same way. Indeed according to a researcher Thaddeus E. Grugq, it is not necessary for intelligence services to have open access to a victim's weak password to access a computer system. "If that's what they use, then that's what they use, but it's not the deciding factor for the operation." Explains the researcher. "The SolarWinds backdoor was deeply embedded in the code, it was injected during their construction process, and it is not possible that the server with a weak password was the determining factor. As if the Russian secret services would give up if there was a strong password instead! (…) There is virtually no chance that the server password had any relation to the hacking as a whole." Add the latter.

In reporting a quote from the book "Network Attacks and Exploitation: A Framework," Thaddeus E. Grugqde said: "The offence is regularly underestimated. When companies are hacked, they react as if they had done only one thing or avoided a single mistake, everything would have been correct. The opponent is treated as if he had just been lucky."

The example of the password here only highlights that despite awareness, people continue to have bad password definition practices as well as in the security sector in general. "I strongly agree with the 'this is an example of bad safety practice', but… that is not what has been said. They literally said that the weak password means that the attacker can be anyone. Anyone can do it. This is the most absurd suggestion (….) I am perfectly willing to believe that their compilation servers used "admin:admin" and that's how the Russians had access to their code… but it was a covert intelligence operation. They didn't succeed just because SolarWind had poor password hygiene."

Now access an unlimited number of passwords:

Check out our hacking software