U.S. Courts: SolarWinds Hack May Have Affected CM/ECF Filing System

Fight Censorship, Share This Post!

Yesterday, the Administrative Office (AO) of the U.S. Federal Courts issued a remarkable press release, titled Judiciary Addresses Cybersecurity Breach: Extra Safeguards to Protect Sensitive Court Records.

In mid-December, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an emergency directive regarding  “a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors.” The Administrative Office of the U.S. Courts (AO) immediately notified courts of this development and in response, the Judiciary has suspended all national and local use of this IT network monitoring and management tool.

The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings. An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation. Due to the nature of the attacks, the review of this matter and its impact is ongoing.

Wow! Did hackers gain access to sealed files on CM/ECF? The U.S. Courts will have to make disclosures of all sensitive information that was at risk.

How are the courts addressing this system compromise? Highly sensitive court documents will now be filed by SneakerNet!

Under the new procedures announced today, highly sensitive court documents (HSDs) filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system. These sealed HSDs will not be uploaded to CM/ECF. This new practice will not change current policies regarding public access to court records, since sealed records are confidential and currently are not available to the public.

I recently criticized federal court web site for not even having SSL certificates. Now, the scope of their security failures becomes far more glaring.


This post has been republished with implied permission from a publicly-available RSS feed found on Reason. The views expressed by the original author(s) do not necessarily reflect the opinions or views of The Libertarian Hub, its owners or administrators. Any images included in the original article belong to and are the sole responsibility of the original author/website. The Libertarian Hub makes no claims of ownership of any imported photos/images and shall not be held liable for any unintended copyright infringement. Submit a DCMA takedown request.


Fight Censorship, Share This Post!

-> Click Here to Read the Original Article <-

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.