WASHINGTON (AP) – The Department of Justice and the federal court system disclosed on Wednesday that they were among dozens of US government agencies and private companies committed to a massive cyber espionage campaign. that American authorities linked to elite Russian hackers.
The extent of the damage was unclear.
The department said 3% of its Microsoft Office 365 email accounts were potentially affected, but did not say who those accounts belonged to. There is no evidence that classified systems have been affected, the agency said. Office 365 is not just email, but a collaborative computing environment, which means that shared documents were certainly also accessed, said Dmitri Alperovitch, a former technical director at cybersecurity company CrowdStrike.
Separately, the United States Administrative Office of Courts has informed federal courts across the country that the case management system of courts across the country has been breached, giving hackers access to sealed court documents.
The Justice Department said on December 24 it detected “hitherto unknown malicious activity” linked to the broader raids by federal agencies revealed earlier that month, according to a statement by spokesman Marc Raimondi.
Separately, the court’s office said on its website that “an apparent compromise” in the case management of the US judiciary and the electronic file system of the case was under investigation.
The Department of Homeland Security was rummaging through the system, he said, and cited a particular risk for sealed lawsuits, the disclosure of which could harm active criminal investigations.
“The potential reach is vast. The real scope is likely to be significant, ”said a federal court official who spoke on condition of anonymity because he was not authorized to disclose the information. The official confirmed that the scope of the commitment was national, but it was unclear how widespread.
On Tuesday, federal law enforcement and intelligence agencies formally implicated Russia in the invasions, calling them part of a suspicious information gathering operation. President Donald Trump had previously questioned this consensus, suggesting without foundation that China could be to blame.
The hacking campaign was extraordinary in scale, with attackers chasing government agencies, including the Treasury and Commerce departments, defense contractors and telecommunications companies, for months until the breach was discovered.
Experts say it gave foreign agents enough time to collect data that could be highly detrimental to the national security of the United States, although the scope of the breaches and exactly the information requested is unknown.
It is estimated that 18,000 organizations were seeded with malicious code that hitched a ride on popular network management software from a company in Austin, Texas, called SolarWinds. But it is believed that only a subset was compromised. Tuesday’s statement said that less than 10 federal government agencies have so far been identified as having been hacked.
Johns Hopkins cyber espionage expert Thomas Rid said the 3% number of e-mail accounts accessed in court may not seem like much, but that does not mean that hackers “haven’t gotten to the interesting things”.
Cybersecurity experts responding to the hack say that highly skilled cyber spies of the caliber behind the SolarWinds hack are able to keep their footprint as small as possible to avoid detection – targeting only high-value e-mail and documents.
Rid wondered how right the Justice Department could be about extending his deal.
“How good is their visibility, as U.S. government agencies totally missed the breach in the first place?” he said. “Are they really at the top of the problem? Are we really seeing just the tip of the iceberg? “
The breach was discovered by FireEye, a major cybersecurity company, on its network. It then identified and notified other victims.
Experts expect the severity of the hack and the number of victims identified to increase over time.
“History tells us that if there is a major breach, not just in one organization, but across the entire government – an entire sector – it will take a long time to identify who the victims are and to what extent they are compromised,” said Rid.
Microsoft declined to comment on the time that attackers were reading emails in the Department of Justice’s Office 365 environment, which is typically a cloud-based service hosted by the software provider.
—-
Bajak reported from Boston. Associated Press writers Mark Sherman in Washington and Maryclaire Dale in Philadelphia contributed to this report.