Three hostile foreign actors breached the federal courts’ document management system more than 18 months ago via “an incredibly important and sophisticated” cyber attack, the House Judiciary Committee chair said Thursday.
Representative Jerrold Nadler, a New York Democrat, said on Thursday that his committee learned in March of “the astonishing magnitude and scope of the security failures of the courts’ document management system.” He added that the hack had a “disturbing impact” on both pending civil and criminal proceedings as well as national security.
In January 2021, the Administrative Office of the U.S. Courts said it was investigating “an apparent compromise” in its electronic filing system, which allows lawyers to submit procedural documents such as pleadings, motions and petitions to courts online. The office said the breach occurred as a result of vulnerabilities in its electronic record system that risked compromising sensitive sealed records.
Sealed records are not publicly available and can be hidden from view due to a range of concerns, including confidential personal and business information or national security secrets.
Matthew Olsen, assistant attorney general of the National Security Division at the Justice Department, cited hacking threats from China, Russia, Iran and North Korea in response to Nadler’s concerns during a commission hearing on Thursday. cyber activity is “significant”. He referred to an ongoing investigation into the case, but did not provide details. Nadler did not name the three hostile foreign actors or say how he learned of their alleged roles.
Senator Ron Wyden, an Oregon Democrat, said the federal judiciary has not yet publicly explained what happened and has rejected multiple requests to provide unclassified briefings to Congress. On Thursday, he accused the federal judiciary of concealing what had happened and demanded more information.
“I am writing to express my grave concern that the federal judiciary has concealed from the American public and many members of Congress the grave national security implications of the failure of the courts to protect sensitive data to which they are subject. entrusted,” Wyden said in a letter to the director of the Administrative Office of the United States Courts.
Wyden said the judiciary’s decentralized justice system is flawed and resists congressional efforts to modernize, creating unmanageable security risks. He urged the federal judiciary to adopt a set of mandatory cybersecurity standards and audits that all federal courts should follow.
Nadler said the breach was unrelated to a cyber-espionage campaign unveiled in December 2020 that affected nine federal agencies — including the Justice Department — and about 100 companies. US officials blamed the attack, which relied in part on installing malicious code in SolarWinds Corp. software updates, on Russian state-sponsored hackers.
In January 2021, an Administrative Bureau spokesperson told Bloomberg Law that they believed the apparent compromise was related to the broader SolarWinds-related hacks.
“As we said in January 2021, the judiciary faces a significant threat to our electronic case management system,” the office said in a statement released later on Thursday. “Since that time, we have taken and will continue to take important measures to protect our systems and the sensitive information they contain.”
The statement does not state whether the infringement mentioned at the hearing is related to last year’s.
Photographer: Andrew Harnik-Pool/Getty Images
Copyright 2022 Bloomberg.
Interested in Cyber?
Receive automatic notifications for this topic.