Did SolarWinds hackers steal Trump court documents? Russians accessed email accounts of 27 top federal prosecutors including in NY where Trump and Ghislaine Maxwell are being probed
Russian hackers behind the massive SolarWinds cyber attack broke into the email accounts of some of America's most prominent federal prosecutors, sparking fears they may have stolen sensitive information pertaining to investigations into President Trump and Ghislaine Maxwell.
The Justice Department revealed the alarming information on Friday, with 27 U.S. Attorney offices across the country having one or more of their email accounts compromised during the hacking campaign, said to have run between May and December 2020.
A department spokesman said 80 percent of Microsoft email accounts used by employees in the four U.S. Attorney offices in New York were breached.
That included offices for the Southern District of New York, which handles some of the most prominent criminal cases in the country.
Federal prosecutors in that district are purportedly investigating Trump’s 2017 inaugural committee to see whether it misspent $107 million in donations.
The Southern District of New York is additionally investigating Trump's former personal lawyer Rudy Giuliani on matters related to Ukraine. Federal investigators raided his Manhattan home in relation to the case back in April.
The Russian hackers behind the massive SolarWinds cyber attack broke into the email accounts of some of America's most prominent federal prosecutors, sparking fears they may have stolen sensitive information pertaining to investigations into President Trump and his associates. Trump and Putin are pictured together in 2018
It is unclear how long they had been probing Giuliani's affairs for prior to that bust, and whether hackers may have been able to access documents about the former New York mayor while accessing the email accounts last year.
The same district also launched a probe into Trump's 2017 inaugural committee into huge payments made to the Trump International Hotel while preparing for the former president to take power.
Trump's ex-fixer Michael Cohen claimed the Southern District was running a separate probe into the then-president in 2019, but did not offer any further detail.
Trump - who also faces a Manhattan District Attorney and New York Attorney General's investigation - has not been charged with any crime, and denies wrongdoing.
Its prosecutors are also probing Ghislaine Maxwell over her alleged grooming and sexual abuse of underage girls with pedophile ex Jeffrey Epstein. Maxwell was arrested and charged in June 2020, during the timeframe the alleged hack is said to have taken place.
Bruce Green, a professor at Fordham Law School and a former prosecutor in the Southern District, said the cyber attack could have serious political ramifications if hackers obtained information sensitive to the Trump investigations.
'New York is the financial center of the world and those districts are particularly well known for investigating and prosecuting white-collar crimes and other cases, including investigating people close to the former president,' Green told The Associated Press.
The Southern District of New York is additionally investigating Trump's former personal lawyer Rudy Giuliani on matters related to Ukraine. Federal investigators raided his Manhattan home in relation to the case back in April
The Southern District of New York is also currently prosecuting a case against Ghislaine Maxwell - the alleged madam of pedophile Jeffrey Epstein.
'It's potentially very serious,' Gil Soffer, a former federal prosecutor, told the BBC. He said prosecutors' emails often contain 'very sensitive and very secret information'.
The Justice Department said all victims had been notified and it is working to mitigate 'operational, security and privacy risks' caused by the hack.
They did not provide additional detail about what kind of information was taken and what impact such a hack may have on ongoing cases.
The Justice Department has confirmed that Russian hackers behind the massive SolarWinds cyberespionage campaign also broke into the email accounts of some of America's most prominent federal prosecutors. AG Merrick Garland is pictured
The DOJ believes the accounts were compromised from May 7 to December 27, 2020 as part of Russia's SolarWinds cyberespionage campaign. That hack infiltrated dozens of private-sector companies and think tanks as well as at least nine U.S. government agencies
The DOJ believes the accounts were compromised from May 7 to December 27, 2020 as part of Russia's SolarWinds cyberespionage campaign.
That hack infiltrated dozens of private-sector companies and think tanks as well as at least nine U.S. government agencies.
The Biden administration in April announced sanctions, including the expulsion of Russian diplomats, in response to the SolarWinds hack and Russian interference in the 2020 U.S. presidential election. Russia has denied wrongdoing.
Jennifer Rodgers, a lecturer at Columbia Law School, said office emails frequently contained all sorts of sensitive information, including case strategy discussions and names of confidential informants, when she was a federal prosecutor in New York.
'I don't remember ever having someone bring me a document instead of emailing it to me because of security concerns,' she said, noting exceptions for classified materials.
Hackers may have gained access to whistleblower reports and the names of secret informants.
Members of Congress have expressed frustration with the Biden administration for not sharing more information about the impact of the SolarWinds campaign.
The Associated Press previously reported that SolarWinds hackers had gained access to email accounts belonging to the then-acting Homeland Security Secretary Chad Wolf and members of the department´s cybersecurity staff whose jobs included hunting threats from foreign countries.
The Administrative Office of U.S. Courts confirmed in January that it was also breached, giving the SolarWinds hackers another entry point to steal confidential information like trade secrets, espionage targets, whistleblower reports and arrest warrants.
Email accounts for prosecutors at the Southern District of New York we hacked. The office is currently prosecuting the case against Jeffrey Epstein's alleged madam Ghislaine Maxwell.
How hackers used legitimate software updates as camouflage for the 'SUNBURST' attack
The U.S. Cybersecurity and Infrastructure Security Agency on December 17 released an alert detailing what it knows about the breach, which has been called the biggest in U.S. history.
CISA says that hackers were able to compromise the supply chain of network management software from SolarWinds, specifically recent versions of the SolarWinds Orion products.
Beginning in March 2020, hackers used SolarWinds software updates to install a secret network backdoor, which authorities are calling SUNBURST.
The malicious code was signed by the legitimate SolarWinds code signing certificate. An estimated 18,000 customers downloaded the compromised updates.
Once installed on a network, the malware used a protocol designed to mimic legitimate SolarWinds traffic to communicate with a domain that has since been seized and shut down.
The initial contact domain would often direct the malware to a new internet protocol address for command and control. The attackers used rotating IPs and virtual private servers with IP addresses in the target's home country to make detection of the traffic more difficult.
'Taken together, these observed techniques indicate an adversary who is skilled, stealthy with operational security, and is willing to expend significant resources to maintain covert presence,' CISA said in the alert.
CISA said that once inside a network, the hackers seemed focused on gathering information, and would frequently target the emails of IT and security staff to monitor any countermeasures.
Without offering further details, the agency warned that the hackers used 'other initial access vectors beyond SolarWinds Orion,' meaning even groups that do not use the network software could be compromised.