FILE PHOTO: SolarWinds Corp. banner hangs on the company's IPO at the NYSE in New York
FILE PHOTO: SolarWinds Corp banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York, U.S., October 19, 2018. REUTERS/Brendan McDermid/File Photo

December 15, 2020

By Raphael Satter and Christopher Bing

WASHINGTON (Reuters) – On an earnings call two months ago, SolarWinds Chief Executive Kevin Thompson touted how far the company had gone during his 11 years at the helm.

There was not a database or an IT deployment model out there to which his Austin, Texas-based company did not provide some level of monitoring or management, he told analysts on the Oct. 27 call.

“We don’t think anyone else in the market is really even close in terms of the breadth of coverage we have,” he said. “We manage everyone’s network gear.”

Now that dominance has become a liability – an example of how the workhorse software that helps glue organizations together can turn toxic when it is subverted by sophisticated hackers.

On Monday, SolarWinds confirmed that Orion – its flagship network management software – had served as the unwitting conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers.

And while the number of affected organizations is thought to be much more modest, the hackers have already parlayed their access into consequential breaches at the U.S. Treasury and Department of Commerce.

Three people familiar with the investigation have told Reuters that Russia is a top suspect, although others familiar with the inquiry have said it is still too early to tell.

A SolarWinds representative, Ryan Toohey, said he would not be making executives available for comment and did not immediately respond to questions sent by email.

Cybersecurity experts across government and private industry are still struggling to understand the scope of the damage, which some are already calling one of the most consequential breaches in recent memory.

The malicious updates – sent between March and June, when America was hunkering down to weather the first wave of coronavirus infections – was “perfect timing for a perfect storm,” said Kim Peretti, who co-chairs Atlanta-based law firm Alston & Bird’s cybersecurity preparedness and response team.

Peretti said that the length of the compromise and the sophistication of the hackers meant much of the data theft would likely go undetected for a long time.

“We may not know the true impact for many months, if not more – if not ever,” she said.

The impact on SolarWinds was more immediate. U.S. officials ordered anyone running Orion to immediately disconnect it. The company’s stock has tumbled more than 22% from $23.50 on Friday – before Reuters broke the news of the breach – to $18.20 on Tuesday morning.

Experts are reviewing their notes to find old examples of substandard security at the company. Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”

“This could have been done by any attacker, easily,” Kumar said.

Others – including Kyle Hanslovan, the cofounder of Maryland-based cybersecurity company Huntress – noticed that, even days after SolarWinds realized their software had been compromised, the malicious updates were still available for download.

The extra scrutiny comes at a time of transition for the company, which on Dec. 9 announced that Thompson would be replaced next year by Sudhakar Ramakrishna, the former chief executive of Pulse Secure. Three weeks ago SolarWinds posted a job ad seeking a new vice president for security; the position is still listed as open.

Thompson and Ramakrishna could not immediately be reached.

(Reporting by Raphael Satter and Christopher Bing. Jack Stubbs contributed reporting from London; Editing by Lisa Shumaker)

Public Affairs

Sign Up for Our Newsletters

Get notified first!

You May Also Like

Newsom Recall Shows States Can Do More to Protect Constitutional Rights: Dr. Cordie Williams

It’s a ‘shot across the bow’ of politicians who would restrict civic…

Texas State Senate Passes Election Integrity Bill Targeting Mail-in Ballots

The Republican-led Texas state Senate passed a bill early on Thursday that…

Grassroots Rebellion Grows With New Calls to Ban Critical Race Theory from Military, Public Schools

Kevin O’Leary said he was “devastated” when he learned his former football…

Psaki Dodges Question About Laid-Off Pipeline Workers, Green Jobs

White House press secretary Jen Psaki on Monday dodged a question from…