Russia Reportedly Behind Attack on U.S. Courts Electronic Filing System
Russia is likely behind the data breach of the federal court filing system that potentially could expose such sensitive information as the identity of confidential informants and people charged with high crimes, according to a report.
In addition, the hackers didn’t have to run a highly sophisticated attack; instead, they exploited security problems that apparently have been known about since at least 2020, according to a report in Politico. The news organization first reported about the cyberattack last week on the electronic filing system known as PACER.
All this comes days before President Trump is set to meet with Russian President Vladimir Putin in Alaska to discuss the ongoing war with Ukraine.
The New York Times reported this week that investigators believe that Russia – whether through its security and intelligence operations or along with other nations – was at least partially responsible for the data breach, citing unnamed sources who said efforts to infiltrate the PACER system have been underway for years.
There was a similar breach of the system – which is run by the Administrative Office of the U.S. Courts – in 2020, during Trump’s last year in office of his first term, and some of the security holes reportedly have remained unfixed. It’s unclear if the two hacks are related or part of an ongoing effort by threat groups. That said, the prevailing belief is that affiliates of nation-states – including Russia – were involved in both the intrusions in 2020 and now.
“Some of the searches included midlevel criminal cases in the New York City area and several other jurisdictions, with some cases involving people with Russian and Eastern European surnames,” the NYT reported.
Russia and China, for years, have used cyber operations against the United States for everything from stealing data and spreading disinformation to compromising critical infrastructure. North Korea and Iran are also considered high-level cyber threats by U.S. intelligence organizations.
Exfiltrating Data
The news organization also reviewed an internal Justice Department memo distributed among federal court officials, clerks, and chief judges that talked about “persistent and sophisticated cyber threat actors have recently compromised sealed records” and that administrators told the officials to remove the most sensitive information from the system quickly.
Federal court officials have been concerned that hacking groups and others linked to adversarial nation-states may have stolen data from multiple courts as early as last month, according to Politico, which noted that the PACER system holds a broad range of documents, from indictments and arrest warrants to criminal dockets and ongoing criminal investigations.
The electronic filing system – known as CM/ECF, or Case Management/Electronic Case Files system – is a way for court officials and lawyers to make filings and input documents electronically.
The Russian-linked high-profile SolarWinds attack in 2020 also likely exposed sensitive data held in the PACER system.
‘Taking Additional Steps’
The U.S. Courts, in a statement last week, said it is “taking additional steps to strengthen protections for sensitive case documents in response to recent escalated cyberattacks of a sophisticated and persistent nature on its case management system. The Judiciary is also further enhancing security of the system and to block future attacks, and it is prioritizing working with courts to mitigate the impact on litigants.”
The “vast majority of documents filed” in PACER are not confidential and are available to the public, the Courts said, though noting that there are filings that hold confidential or proprietary information and that “these sensitive documents can be targets of interest to a range of threat actors.”
Trey Ford, chief strategy and trust officer at Bugcrowd, said that “the idea of targeting sensitive court document systems makes a lot of sense on the international stage to understand the who, what, and why for diplomatic considerations.”
‘Democracy vs. Authoritarianism’
The idea that Russia and other nation-states are likely involved shouldn’t come as a surprise, according to Bryan Cunningham, president at security firm Liberty Defense and a former White House lawyer and career CIA officer.
“The United States and our allies are in the midst of a generations-long global conflict with Russia, China, Iran, and other autocratic regimes,” Cunningham said. “It is democracy vs. authoritarianism and its outcome will determine our children and grandchildren’s futures. The recently reported additional Russian intel attacks on the U.S. Court System are neither an anomaly or an accident. Russian intelligence has been, for a century, focused on undermining all democratic institutions in the United States.”
He noted that type of information that access to the PACER system would give Russia and other countries, including IP information, law enforcement and intelligence sources and methods – such as information about confidential informants, techniques, and resources used to protect the United States against foreign threats – and sensitive information that could be used in such operations as blackmail, such as details in sexual assault, human trafficking, espionage, and IP theft cases.
Data exfiltrated from U.S. courts in Florida could include “documents and numerous other national security-related prosecutions,” Cunningham said. “Oh, and [Jeffrey] Epstein info.”
“In short, the U.S. Court system needs to get its act together immediately,” he said.
