The SolarWinds Investigation Ramps Up

It was an unprecedented and historic week in the United States as a mob of president Donald Trump’s supporters rioted on Capitol Hill in Washington, DC and stormed the Capitol building, forcing Congress to evacuate and temporarily halting its symbolic certification of Joe Biden’s election as president. Digital archivists and others scrambled to preserve photos and footage from the insurrection as social networks deployed ad hoc content moderation policies. Meanwhile, national security experts are wary about the risks the incident poses to information security—and national security—at the Capitol.

In other news, the transparency activists DDoSecrets, a sort of successor group to WikiLeaks, publish a trove of corporate information—a move that was particularly controversial given that the data was originally stolen by ransomware attackers. And speaking of Wikileaks, on Monday the United Kingdom denied the United States Justice Department’s request to extradite Julian Assange, citing Assange’s mental state and risk of suicide rather than any evaluation of whether the WikiLeaks founder violated the Espionage Act.

WhatsApp users got a notification this week that a change in the app’s privacy policy meant they could no longer opt out of sharing data with Facebook—which was confusing, since WhatsApp has shared that data since 2016, and only gave an opt-out option for a fleeting 30-day window that year. And Ticketmaster got caught breaking into a rival company’s systems, agreeing to pay a $10 million fine to settle the case with federal prosecutors.

And there’s more. Below we’ve rounded up the most important SolarWinds stories so far from around the internet. Click on the headlines to read them, and stay safe out there.

Since it was revealed that SolarWinds’ Orion IT management tool was exploited in a software supply chain attack, the cybersecurity industry has anxiously dreaded news that the same Russian hackers also piggybacked on other popular software. This week FBI sources told Reuters that Czech Republic-based software firm JetBrains has been scrutinized as another possible victim—and potential vector for corrupted code. JetBrains’ project management tool TeamCity is used by tens of thousands of customers, including SolarWinds, raising the possibility that it may have served as the initial point of infection inside SolarWinds’ network. The fact that JetBrains was founded by three Russian engineers has cast further suspicion on the company. But JetBrains’ St. Petersburg-based CEO said this week that he hasn’t been contacted by the FBI or any other agency. Nor, he says, has JetBrains seen any evidence that it was itself breached by hackers, not to mention used to further breach SolarWinds’ systems.

Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, became a cause célèbre in November when president Trump fired him for stating—correctly—that the claims of widespread election hacking and fraud advanced by the president and his supporters were false. Now, after a federal career that many credited with helping to secure the 2020 presidential election from foreign interference, Krebs is venturing into the other massive cybersecurity story of the last year: the Russian hacker intrusion into SolarWinds, a Texas-based company whose software was hijacked and used to penetrate the networks of at least half a dozen federal agencies. SolarWinds has hired Krebs to help it remediate and recover from the breach that put it at the epicenter of that far-reaching hacking scandal. He’ll be joined by former Facebook and Yahoo chief security officer Alex Stamos, who similarly signed on with video conferencing firm Zoom last spring to help it recover from its security woes. Krebs and Stamos will both work with SolarWinds via a consulting firm they’ve cofounded, the Krebs Stamos Group. Given that SolarWinds’ stock has lost more than a third of its value, or about $2.5 billion dollars, since the news of its breach broke, whatever fees the company is paying that consultancy—likely very large ones—are no doubt a rounding error for its total breach costs.

Desmond Tan, Singapore’s minister of state for its Ministry of Home Affairs, told parliament on Monday that Singaporean police can use data from the country’s Covid-19 contact tracing platform in investigations. Originally, the service was marketed as gathering the least amount of information possible and as a single-purpose tool for contact tracing only. But on Monday the platform was updated to reflect the potential for law enforcement access. Over four million of Singapore’s 6 million citizens reportedly use the app.