‘Unmanageable’: Authorities Hid Key Details About Massive Cyber Attack From Congress, Lawmaker Says

A top Democratic lawmaker accused U.S. Courts of delaying the release of information that detailed the dangerous extent a “sophisticated” cyberattack had on U.S. court systems in a letter Thursday.

Unidentified foreign attackers breached the judiciary’s case management systems in early 2020, but Congress did not hear of the “startling breadth and scope” of the incident until March of 2022, Democratic Rep. Jerrold Nadler of New York said at a House Judiciary Committee hearing Thursday. Finance Committee Chairman Democratic Sen. Ron Wyden of Oregon expressed concern that the U.S. federal courts chose to conceal its failures to protect personal data and adopt appropriate cybersecurity measures in a letter sent Thursday to the courts, arguing the courts’ systems had created “unmanageable security risks.”

“[N]ews that the judiciary failed to adequately disclose such an attack and its impact on national security will weaken the public’s trust even more,” Wyden said, adding that “the federal judiciary has yet to publicly explain what happened and has refused multiple requests to provide unclassified briefings to Congress.”

Lawmakers also questioned Assistant Attorney General for National Security Matthew Olsen on why the DOJ appeared to delay Congress’ attempts to learn the possible consequences of the breach for U.S. citizens, Politico reported. Olsen did not provide details on the number of court cases potentially affected by the breach, or how many the court dismissed, according to Politico.

“I would expect your preparation and for us to be able to get that information as quickly as possible in a setting that would be appropriate, but this is a dangerous set of circumstances that has now been publicly announced, and we need to know how many…were dismissed,” Democratic Rep. Sheila Jackson Lee of Texas said.

Security breaches often happen without disrupting systems, and cybersecurity professionals often don’t discover clues of a hack until long after the fact, Matthew Watson, a cybersecurity consultant at Guernsey, told the Daily Caller News Foundation. However, “it looks like the DOJ had knowledge of the beach at least in comparison to congressional oversight committees, and by a large margin,” Watson added.

Assessing the severity of a security breach remains a challenge, even for seasoned incident responders, Watson said.

“This means we’re often in the position of hoping the threat actor didn’t compromise our most sensitive data—an unenviable position when you think about the type of data the federal government maintains,” said Watson.

“This adds insult to injury by making our federal entities look aloof and slow to react,” said Watson.

The DOJ first revealed the Case Management/Electronic Case Files (CM/ECF) system breach after a separate attack compromised an IT network monitoring software known as SolarWinds. It is unclear whether the DOJ identified the CM/ECF security incident before or after the SolarWinds hack.

“Three hostile foreign actors” committed the CM/ECF breach, according to Nadler, but he did not name specific countries. The DOJ attributed the SolarWinds attack to Russian hacking group Nobelium, which also perpetrated several technology supply chain attacks.

“An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation,” the DOJ said in a statement on January 6, 2021, the only indication of a cyberattack on the filing system.

The statement came the same day of the Jan. 6 capitol riots. U.S. courts have charged over 800 individuals who took part in the on national security grounds, Business Insider reported.

The DOJ National Security Office and U.S. Courts did not immediately respond to the DCNF’s request for comment.