Three updates to the SolarWinds hack.
It’s been revealed that the hackers potentially accessed about three percent of the Justice Department’s Office 365 mailboxes, making the department at least the eighth US government agency to be reportedly hit.
SolarWinds has agreed to pay former CEO Kevin Thompson $314,500 for legal fees to help the company defend against investigations. Per CRN, “Thompson is to make himself available to SolarWinds for any investigations, litigation, arbitration, or civil and governmental proceedings based on events that occurred during his time as CEO from March 2010 to December 2020. Thompson will report directly to SolarWinds’ board and devote the necessary time to performing services that are reasonably requested by the board.
Thompson will not be required to take any action if his legal counsel believes the action requested by SolarWinds’ board is against Thompson’s interest, creates a conflict of interest between SolarWinds and Thompson, or otherwise exposes Thompson to any claim, penalty or liability. Thompson received nearly $11.5 million in compensation from SolarWinds between 2017 and 2019, according to an SEC filing.”
Finally, data compiled by Censys, a company that monitors the internet, reveals data about the number of Orion servers on the internet. Two days before the breach, on December 15, there were about 1400 Orion servers exposed to the internet. That began to drop, and hit a low of about 1,220 on December 28 – but as the new year came, on Monday Jan 4, there were 1,551 servers online – 10% more than before the breach disclosure.
Why do we care?
I want to start with the usage data – which is something I’ve been asked about by investors. Will customers leave SolarWinds? The answer short term appears to be “no”, in that these numbers at least indicate that users are not leaving the Orion products instantly. When they were told to power them down, it appears those systems were then powered back up. This is important to track for the long term viability of that company. I’ve offered that their new leadership has a chance to clear the shelves of tainted Tylenol and make a massive pivot – that could save them long term if they pull it off. It’s the path I see to survival.
I’m just pointing out the protections, cooperation, or consulting SolarWinds is offering its former CEO – I’ll leave you, dear listener, to make your own judgement.
Finally, the DOJ piece adds more to the statement – we’re a long way from done on understanding what happened.