The second Trump Administration is the first federal cybersecurity crash.
After the electronic case application system of the U.S. federal judiciary discovered around July 4 violated the court records that violated the cut-sealed court records, some courts pushed to the backup paper submission program and possibly revealed the identity of confidential informants and the identity of cooperative witnesses.
More than a month after the violation was discovered, despite recent reports from The New York Times and Politico that Russia was involved in a hacking attack, it was still unclear what happened and what data and systems were affected.
Politico first reported a violation of the “Case Management/Electronic Case Archive” or the CM/ECF system that could affect the criminal dock, arrest warrants and sealed prosecution. The CM/ECF system also suffered violations in the first Trump administration in 2020, and Politico reported Tuesday that in recent attacks, hackers exploited software vulnerabilities that remained unresolved after being discovered five years ago in response to the first incident. Security researchers say the public information gap about this situation is about this situation, especially in the absence of data that affects.
“We’ve been more than a month to detect this invasion, but we still haven’t completely considered what’s affected,” said Jake Williams, former NSA Hacker and current vice president of R&D for Hunter’s strategy. “If we don’t have enough records to rebuild the attack activity, it would be very disappointing because the system has been repeatedly targeted over the years.”
In response to a request for comment, the U.S. court referred to an August 7 statement that said the federal judiciary “is taking other steps to strengthen protection of documents in sensitive cases” and “further enhance system security.” The court also mentioned that “the vast majority of documents submitted to the judiciary’s electronic case management system are not confidential and are actually easy to use with the public”, while acknowledging that “certain documents contain confidential or proprietary information sealed from a public perspective”.
The Justice Department did not immediately respond to requests for comment on the scope of the violation or for comment on the scope of the violation.
Given other signs, reports of Russia’s involvement in the attack said it was difficult to explain that Russia’s involvement in the attack, or perhaps the sole perpetrator, was supported by other signs that spy actors supported by multiple countries (possibly organized criminal groups) could be involved or burdened with a divest that violated themselves.
John Hultquist, chief analyst at Google Threat Intelligence Group, said it is not uncommon to see multiple actors poke at sensitive and potentially vulnerable systems. “The investigation was targeted regularly by cyber actors from several countries,” he said.
As the Trump administration continues to cut federal labor, including tidying intelligence and cybersecurity agencies to remove or put pressure on them to resign.
“I think federal investigators may know who was behind the attack, but given the climate, I suspect no one wants to be sure.”
Several executive departments have been working on insidious espionage, especially campaigns by Chinese and Russian actors. But researchers stressed that vulnerabilities in CM/ECF attacks should be addressed after violations in 2021.
“Implementation policies require handling sealed or highly sensitive documents through air conditioning systems or secure isolation networks rather than through CM/ECF or PASER, rather than through CM/ECF or PASER. This is actually recommended after 2021,” said Tim Peck, senior threat researcher at Securonix, Cybersecurity enterprise. “In other cases, establishing consistent centralized logging in other different CM/ECF instances can enable early detection and rapid mitigation, and then data fall off and upgrade.”
In other words, highly targeted systems like the U.S. courts can suffer from violations. However, the best way to reduce the likelihood and severity of these attacks is to ensure that the flaws are actually fixed after the first exploitation.
