SolarWinds CEO Apologizes For Blaming An Intern

SolarWinds CEO Sudhakar Ramakrishna has apologized at the RSA Conference for accusing an intern at a U.S. House of Representatives hearing and said the attackers may have entered the company as early as January 2019.

On December 13, 2020, SolarWinds announced that attackers had gained access to the company's systems and backdoored updates to the Orion platform. A day after this announcement, researcher Vinoth Kumar announced that he had warned SolarWinds on November 19, 2019 that the password for a software company's ftp server was on a publicly accessible GitHub repository. The password was 'solarwinds123'

During a hearing about the global supply chain attack via SolarWinds software, the leaked password was also discussed. According to former director Kevin Thompson, it was a mistake by an intern who violated the password policy. After SolarWinds discovered this, the password was removed online. The current director of SolarWinds, Ramakrishna, also stated that it was an intern's password that this person had placed on their own GitHub account where it was accessible to everyone.

Emails between Kumar and SolarWinds show that the researcher was able to log in to the ftp server with the leaked password and upload files. Kumar warned that an attacker could infect the company with malware.

"You want your employees, including trainees, to make mistakes and learn from those mistakes to improve together. Of course you don't want to keep making the same mistake, but you want to move forward," said Ramakrishna. "What happened at the hearing, where we blamed an intern, was not appropriate, was not how we are and is not how we are. We learned from that and I want to make it clear that we are a safe environment and the best. want to attract and retain talent. "

SolarWinds previously announced that the attackers had gained access to the systems in September 2019 . On September 12, the attackers added test code to SolarWinds' Orion software. This test, as SolarWinds calls it, ran until November 4, 2019. At the end of February 2020, a backdoor was added to a software update for the Orion platform for the first time. This update was offered to customers in March. A number of updates were then adjusted, with the last infected update appearing on June 24, 2020.

Recently, SolarWinds discovered that the attackers may have had access to the systems since January 2019. Ramakrishna speaks of very early reconnaissance activities observed in January of that year. "Which explains what allowed them to do what they did in September 2019," said the CEO.

Previous Post Next Post