WASHINGTON (AP) – The Department of Justice and the federal judicial system revealed Wednesday that they were among dozens of U.S. government agencies and private companies committed to a massive cyberespionage campaign that US officials have linked to Russia’s elite hackers.
The extent of the damage was unclear.
The department said 3% of its Microsoft Office 365 email accounts were potentially affected, but did not say who those accounts belonged to. There are no indications that classified systems will be affected, the agency said. Office 365 is not just an email, but a collaborative computing environment, which means shared documents were also accessed, said Dmitri Alperovitch, former technical director of cybersecurity firm CrowdStrike.
Separately, the U.S. Administrative Office of Courts informed federal courts across the country that the national court case management system had been breached, which could give hackers access to sealed court documents.
The Justice Department said on Dec. 24 it detected “hitherto unknown malicious activity” related to the broader intrusions of federal agencies revealed earlier this month, according to a statement from spokesman Marc Raimondi.
Separately, the court office said on its website that an “apparent compromise” of the U.S. judiciary’s case management and electronic file management system was being investigated.
The Department of Homeland Security was scrutinizing the system, he said, citing a particular risk to sealed court records, the disclosure of which could jeopardize active criminal investigations.
“The potential scope is wide. The actual scope is probably significant, “said a federal court official who spoke on condition of anonymity because they were not allowed to disclose the information. The official confirmed that the scope of the commitment was national, but not its extent was clear.
On Tuesday, federal police and intelligence agencies formally implicated Russia in the intrusions, calling them part of a suspicious intelligence gathering operation. President Donald Trump had previously questioned this consensus, unfoundedly suggesting that China could be to blame.
The hacking campaign was of extraordinary magnitude, and the intruders pursued government agencies, including Treasury and Commerce departments, defense contractors, and telecommunications companies, for months, when the breach was discovered.
Experts say this gave foreign agents enough time to collect data that could be very detrimental to U.S. national security, although the extent of the violations is unknown and what information was sought exactly.
An estimated 18,000 organizations had malicious code that supported the popular network management software of an Austin, Texas company called SolarWinds. But only a subset is believed to be engaged. Tuesday’s statement said fewer than ten federal government agencies have been identified as hackers so far.
Johns Hopkins cyberespionage expert Thomas Rid said the 3% of email accounts accessed by Justice may not seem like much, but that doesn’t mean hackers “didn’t get to the interesting things “.
Cybersecurity experts responding to hacking say highly skilled cyberspies of the caliber behind SolarWinds hacking are able to keep their footprint as small as possible to avoid detection, targeting only emails and documents. high value.
Rid wondered how confident the Justice Department could be about the scope of its commitment.
“What validity does its own visibility have, given that U.S. government agencies were totally lacking in the gap?” He said. “Are they really at the top of the problem? Do we really just see the tip of the iceberg? ”
FireEye, a major cybersecurity company, discovered the breach in its network. He then identified and notified other victims.
Experts expect the severity of the hacking and the number of identified victims to increase over time.
“History tells us that if you have a major gap, not just in an organization, but in an entire government (an entire sector), it will take you a long time to identify who the victims are and how committed they are,” Rid said.
Microsoft declined to comment for long when intruders were reading emails in the Justice Department’s Office 365 environment, which is typically a cloud-based service hosted by the software provider.
—-
Bajak reported from Boston. Associated Press writers Mark Sherman in Washington and Maryclaire Dale in Philadelphia contributed to this report.