SolarWinds Hack Attack May Have Begun With a Weak Password

The whole cyber attack could reportedly be traced back to one intern's surprisingly easy password.
Fabienne Lang

It's still hard to tell what components led to the SolarWinds massive cybersecurity breach, but some reports claim that it could have all begun with an old school password blunder. 

What we do know is that 100 companies and nine federal agencies were targeted by hackers during this security breach, but it remains to be seen what exactly enabled them to get such compromising access. 

At a recent U.S. House of Representatives Oversight and Homeland Security Committees hearing, SolarWinds' current President and CEO, Sudhakar Ramakrishna, former CEO Kevin Thompson, CEO of the security company, FireEye, Kevin Mandia, and President of Microsoft Brad Smith all gave testimonies on the issue. 

Smith said without a shadow of a doubt that "From a software engineering perspective, it's probably fair to say that this is the largest and most sophisticated attack the world has ever seen."

Password blunder may have caused the massive attack

Even though this may have been such a grand cyber security attack, Thompson says it may have all started when an intern set a crucial password to "solarwinds123," and then shared it online on an "internal account."

Thompson explained that "As soon as it was identified and brought to the attention of my security team, they took that down." 

Adding to this, current SolarWinds CEO Ramakrishna testified saying "I believe that was a password that an intern used on one of his…servers back in 2017 which was reported to our security team and it was immediately removed." 

It's hard to know just how quickly the weak password was removed, but it may have been the reason why the server was easily accessible. 

It's not certain, though, that this password issue was the sole, or even part of, the reason why hackers were able to access American systems, and we may never fully find out. However, uncovering such lax security practices demonstrates just how much has to be done in the sector if such attacks are to be blocked in the future. 

"The bottom line:  We may never know the full range and extent of damage, and we may never know the full range and extent as to how the stolen information is benefitting an adversary," FireEye CEO Mandia said at the hearing. And he may well be right.

Add Interesting Engineering to your Google News feed.
Add Interesting Engineering to your Google News feed.
message circleSHOW COMMENT (1)chevron
Job Board