WASHINGTON (AP) – The Department of Justice and the federal legal system announced on Wednesday that they are among the dozens of US government agencies and private companies compromised by a massive cyber-espionage campaign that US officials have linked to elite Russian hackers.
The extent of the damage was unclear.
The department said 3% of Microsoft Office 365 email accounts may have been affected, but did not say who those accounts belonged to. There is no indication that classified systems have been affected, the agency said. Office 365 isn’t just email, it’s a collaborative computing environment, meaning shared documents were certainly accessible, said Dmitri Alperovitch, former technical director of cybersecurity firm CrowdStrike.
Separately, the administrative office of the US courts has notified federal judicial authorities across the country that the courts’ national case management system had been violated, potentially allowing the hackers to access sealed court documents.
The Justice Department said on Dec. 24, according to a statement by spokesman Marc Raimondi, it discovered “previously unknown malicious activities” linked to the broader federal agency break-ins revealed earlier that month.
Separately, the court said on its website that it was investigating “an apparent compromise” of the records management and electronic records system of the US judiciary.
The Department of Homeland Security was ransacking the system, it said, citing a particular risk to sealed lawsuits, the disclosure of which could jeopardize active criminal investigations.
“The potential reach is enormous. The actual reach is likely considerable, ”said a federal court official who spoke on the condition of anonymity because they were not authorized to release the information. The official confirmed that the scope of the compromise was national, but it was not clear how widespread.
On Tuesday, federal law enforcement and intelligence services formally involved Russia in the invadersand called them part of a suspected intelligence gathering operation. President Donald Trump had previously questioned that consensus, suggesting without foundation that China could be to blame.
The hacking campaign was extraordinarily large, with the intruders running for months through government agencies, including the Treasury and Commerce Ministries, defense contractors and telecommunications companies, by the time the breach was discovered.
Experts say this has given the foreign agents ample time to gather data that could be very damaging to US national security, although the extent of the breaches and exactly what information was sought is unknown.
An estimated 18,000 organizations were littered with malicious code that ran on popular network management software from an Austin, Texas company called SolarWinds. But it is believed that only one subgroup is affected. Tuesday’s statement said that less than 10 federal government agencies have been found to have been hacked so far.
Johns Hopkins cyber-espionage expert Thomas Rid said the 3% of email accounts opened at Justice might not sound like much, but it doesn’t mean the hackers “haven’t gotten to the interesting stuff.”
Cyber security experts responding to the hack say highly skilled cyber spies of the caliber behind the SolarWinds hack tend to keep their footprint as small as possible to avoid detection – they only target high-quality email and documents.
Rid wondered how confident the Justice Department could be about the extent of his compromise.
“How good is their own visibility, given that US government agencies completely missed the breach in the first place?” he said. Are they really on top of the problem? Are we really seeing the tip of the iceberg? “
The breach was discovered by FireEye, a leading cybersecurity company, on its network. It then identified and notified other victims.
Experts expect the severity of the hack and the number of victims identified to increase over time.
“History tells us that if you have a major intrusion, not just in one organization but in an entire government – an entire industry – it will take a long time to find out who the victims are and how badly they have been compromised,” said Rid.
Microsoft declined to comment on the long time that the intruders were reading emails in the Justice Department’s Office 365 environment, which is typically a cloud-based service hosted by the software vendor.
—-
Bayak reported from Boston. Associated Press writers Mark Sherman in Washington and Maryclaire Dale in Philadelphia contributed to this report.