Mystery Surrounds Now Years-Old Data Breach of Federal Courts; Foreign Access to Records System May Have Included Multiple Attackers

by | Aug 10, 2022

Congressional testimony is filling in more details about a breach of the US federal courts records system that was first mentioned in early 2021, but kept out of the public eye since. It remains unknown how much damage was done by the data breach, but high-ranking officials have told the House that the breach window may date back to 2020 and that three different foreign actors may have made use of a vulnerability to gain access.

Compromise of federal courts electronic records system confirmed, but little known to public about attack

The government is keeping the breach of the federal courts out of the public eye as much as possible, with new details emerging only due to testimony taken as part of an ongoing Justice Department investigation. What is known is that the electronic records system used by the federal courts was breached sometime between 2020 and January 2021, and that “three foreign hostile actors” may have had access.

No specific threat groups were named, but the clear implication is that the data breach was the work of nation-state advanced persistent threat (APT) groups that make spying on the US one of their primary missions. It is also not clear what caused the breach; the breach window potentially lines up with the period of SolarWinds activity, which allegedly involved Russian APT groups, but the new testimony indicates that this was a separate incident from SolarWinds.

The first indication of the data breach was a January 2021 memo circulated among government agencies that interact with the federal courts, noting that the records system had been attacked and that enhanced security measures for filing would be going into effect. The federal courts seem to have made some of those changes at least semi-permanent, though the general public will not see any change in how it might interact with the system; internal filing of certain highly sensitive materials must now be done on paper or in person via a secure thumb drive rather than online, and these materials are now stored on a system not connected to the public-facing internet.

It is pure speculation at this point, but Russian and Chinese APT groups have been the most active (and successful) in attacking federal government systems over the past decade. The testimony indicated that the attackers achieved “startling breadth and scope” of access to the federal courts filing system and that the impact was “staggering,” but also indicated that no specific court cases were known to be impacted. The level of access to the records system does indicate that the attackers could have impacted the outcome of cases via meddling, but again the government is providing as little detail as possible on the data breach; a security audit was apparently performed, but the findings are not available to the public.

Data breach of federal courts could have taken place from early 2020 to early 2021

The connection to SolarWinds remains unclear at this time. The original January 2021 memo indicates that it may have been the data breach cause, but current testimony from Senator Jerrold Nadler contradicts this in saying that the federal courts record system breach was a separate incident.

Some senators that are not involved with the Justice Department investigation have become restless about the lack of information made available outside limited circles. Senate Intelligence Committee member Ron Wyden has issued a letter to the federal courts expressing concern about how little information about a potentially serious data breach is available to most of Congress, let alone anyone else.

Recent Posts

How can we help?

7 + 5 =

× How can I help you?