Solarwinds CEO blames former intern for hilarious password fiasco

Solarwinds CEO blames former intern for hilarious password fiasco

Solarwinds CEO blames former intern for hilarious password fiasco

US-based IT monitoring solutions provider SolarWinds has accused a former intern of creating a very weak password for its update server and storing it publicly on GitHub for over a year.

In February, the House Oversight and Homeland Security committees announced they would conduct a hearing to look into the role of private corporations in detecting, preventing, and remediating cyber attacks that caused damage to national security. 

The hearing was slated to begin on 26th February and required the participation of Solarwinds CEO Sudhakar Ramakrishna, former CEO Kevin Thompson, Microsoft president Brad Smith, and FireEye CEO Kevin Mandia to testify before the two committees.

During a joint hearing by the House Oversight and Homeland Security committees, it came to light that a password to secure Solarwinds’ update server was stored in a private GitHub repository between June 2018 and November 2019. What’s more, the password was as guessable as one could be: solarwinds123.

“I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad. You and your company were supposed to be preventing the Russians from reading Defense Department emails!” said US Representative Katie Porter after learning about the password.

In response, SolarWinds CEO Sudhakar Ramakrishna blamed a former intern for having stored this password in the GitHub repository in 2017, adding that once the password was identified, it was rectified within days. Former CEO Kevin Thompson said the intern had committed a mistake by storing the password in their private GitHub account.

The password for the Solarwinds update server was first discovered by security researcher Vinoth Kumar who carried out a proof-of-concept demonstration to show Solarwinds that he could deposit files into the server. It is not known if Russian hackers used the same exploit to carry out the Solarwinds hack in December.

The infamous hacking incident involved hackers injecting the Supernova malware in vulnerable Orion products by designing it to appear as part of a SolarWinds product and to facilitate the deployment of a malicious code into the Orion platform.

The hackers trojanised versions 2019.4 HF 5 through 2020.2.1 of the SolarWinds Orion platform that were released between March and June 2020. Security firm FireEye said it discovered a new campaign by nation-state actors that involved hackers trojanising software updates of the SolarWinds Orion platform with a malware called Sunburst to infect organisations worldwide.

According to The New York Times, while the trojanised software update was downloaded by as many as 18,000 private and public organisations, Russian hackers behind the operation only targeted specific government agencies and private organisations. These included the Department of Homeland Security, the State Department, parts of the Pentagon, and the U.S. Treasury, and the U.S. Commerce Departments.

Copyright Lyonsdown Limited 2021

Top Articles

Carnival Cruises hit by fourth data breach in 18 months

Carnival Cruises, one of the world’s largest cruise ship operators, has confirmed that it suffered another data breach in mid-March.

NHS Test & Trace Consolidates Cyber Security

NHS Test and Trace has teamed up with cybersecurity company Risk Ledger to proactively manage its supply chain cybersecurity risks.

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]