Russia is involved in an attack on the electronic system of US federal courts
The attackers gained access to CM/ECF, a system that manages electronic records of court cases in the United States, including classified documents such as arrest warrants and informant statements. The incident lasted for many months, with the start date dating back to July or even earlier. The judiciary has implemented new security measures: access restrictions, refusal to publish classified cases in the system, introduction of multi-factor authentication, etc.
The version of Russia's role
The New York Times reported that clues point to Russia's possible involvement in the attack, including through the search for cases with names from Russia and Eastern Europe. Although the state's direct involvement has not yet been confirmed, experts do not rule out that it could have been a GRU-type operation.
Why is this serious?
The vulnerabilities of the CM/ECF infrastructure have been known to the community since 2020, but security measures have not been fully implemented. The judicial system has a lot of sensitive information that is not intended for public viewing. Information about the issuance of an arrest warrant can encourage a person to prevent it, and the personal details of informants can even lead to their execution. Sensitive information can also be used to blackmail, pressure or coerce cooperation.
Americans are concerned that this event will increase geopolitical tensions ahead of US-Russia talks, including the upcoming presidential meeting.
Government response
New restrictions were introduced: IP filtering, MFA, for sensitive cases, only local databases without network access are used. The Supreme Court recommends that highly sensitive data be stored only on paper. A complete redesign of the CM/ECF document management system is being discussed.
Source: www.engadget.com
