Solarwinds CEO blames former intern for hilarious password fiasco

Solarwinds CEO blames former intern for hilarious password fiasco

Microsoft finds yet another Solarwinds flaw, and Chinese hackers aren't letting it pass

US-based IT monitoring solutions provider SolarWinds has accused a former intern of creating a very weak password for its update server and storing it publicly on GitHub for over a year.

In February, the House Oversight and Homeland Security committees announced they would conduct a hearing to look into the role of private corporations in detecting, preventing, and remediating cyber attacks that caused damage to national security. 

The hearing was slated to begin on 26th February and required the participation of Solarwinds CEO Sudhakar Ramakrishna, former CEO Kevin Thompson, Microsoft president Brad Smith, and FireEye CEO Kevin Mandia to testify before the two committees.

During a joint hearing by the House Oversight and Homeland Security committees, it came to light that a password to secure Solarwinds’ update server was stored in a private GitHub repository between June 2018 and November 2019. What’s more, the password was as guessable as one could be: solarwinds123.

“I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad. You and your company were supposed to be preventing the Russians from reading Defense Department emails!” said US Representative Katie Porter after learning about the password.

In response, SolarWinds CEO Sudhakar Ramakrishna blamed a former intern for having stored this password in the GitHub repository in 2017, adding that once the password was identified, it was rectified within days. Former CEO Kevin Thompson said the intern had committed a mistake by storing the password in their private GitHub account.

The password for the Solarwinds update server was first discovered by security researcher Vinoth Kumar who carried out a proof-of-concept demonstration to show Solarwinds that he could deposit files into the server. It is not known if Russian hackers used the same exploit to carry out the Solarwinds hack in December.

The infamous hacking incident involved hackers injecting the Supernova malware in vulnerable Orion products by designing it to appear as part of a SolarWinds product and to facilitate the deployment of a malicious code into the Orion platform.

The hackers trojanised versions 2019.4 HF 5 through 2020.2.1 of the SolarWinds Orion platform that were released between March and June 2020. Security firm FireEye said it discovered a new campaign by nation-state actors that involved hackers trojanising software updates of the SolarWinds Orion platform with a malware called Sunburst to infect organisations worldwide.

According to The New York Times, while the trojanised software update was downloaded by as many as 18,000 private and public organisations, Russian hackers behind the operation only targeted specific government agencies and private organisations. These included the Department of Homeland Security, the State Department, parts of the Pentagon, and the U.S. Treasury, and the U.S. Commerce Departments.

Copyright Lyonsdown Limited 2021

Top Articles

Is your security in need of an update this Cybersecurity Awareness month?

Cyber security experts tell teiss about the evolving threat landscape and how organisations can bolster their cyber security defenses

A new case for end-to-end encryption

How a hacker group got hold of calling records and text messages deploying highly sophisticated tools that show signs of originating in China

Telcos in Europe put muscle behind firewalls as SMS grows

Messaging is set to be one of the biggest traffic sources for telcos worldwide prompting them to protect loss of revenue to Grey Route practices 

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]