Senator slams U.S. courts agency for ‘stonewalling’ inquiry into cyberattack

The agency responsible for answering questions about a significant breach of the U.S. federal courts system is “stonewalling” congressional efforts to get additional information and specifics, Sen. Ron Wyden, D-Ore., said Wednesday.

Wyden’s comment comes after the Administrative Office of the United States Courts declined to respond to a series of his questions about the breach. In a July 28 letter, he asked the agency to provide details on what it knows about the severity of the hack and the timing of the digital intrusion that was revealed publicly during a July House Judiciary Committee hearing.

In that hearing, committee Chairman Rep. Jerrold Nadler, D-N.Y., said the courts had suffered “an incredibly significant and sophisticated cybersecurity breach” dating to early 2020 that has “had lingering impacts” on the Department of Justice and other agencies and may have included “three hostile foreign actors.”

Nadler said at the time that “perhaps even more concerning is the disturbing impact this security breach had on pending civil and criminal litigation, as well as ongoing national security or intelligence matters.”

The Administrative Office announced in a January 2021 press release that it was working with the Department of Homeland Security on an audit “relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings.”

The announcement — released Jan. 6, the same day as the attack on the U.S. Capitol — said that “an apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation.”

The incident was separate from the SolarWinds breach that affected a range of U.S. federal agencies, Nadler said, adding that the committee had only learned in March 2022 the “startling breadth and scope of the court’s document management system’s security failure.”

Assistant Attorney General for National Security Matthew Olsen told Nadler at the hearing that he couldn’t “think of anything in particular” as far as specific cases the incident affected. Nevertheless, DOJ has filed its most sensitive court documents on paper since January 2021 “to avoid any chance of a breach or vulnerability in electronic filing systems compromising its high stakes cases,” Deputy Assistant Attorney General for National Security Adam Hickey told CyberScoop’s Suzanne Smalley on Aug. 4.

In the July 28 letter, Wyden asked the agency’s director, Roslynn R. Mauskopf, for specifics on the situation such when hackers first accessed the CM/ECF system, how long it took for agency to discover the intrusion, whether the agency discovered the breach or if it was alerted by another agency and what information the hackers accessed.

Mauskopf told Wyden in a Sept. 15 letter that the agency “takes these threats seriously,” and takes action to protect its networks from cybersecurity threats.

“The nature and extent of any such threats, as well as our response — issues raised in the questions contained in your letter — are sensitive, from both a law enforcement and a national security perspective,” Mauskopf wrote. “Accordingly, our communications to Congress on these matters have been through various confidential or classified briefings to Members and staff of relevant committees, with Executive Branch agencies participating as appropriate.”

Wyden said on Wednesday the response was “disappointing.”

“It is disappointing that court administrators continue to refuse to be transparent with the public about the breach revealed in 2021, including with regard to what information was accessed, or the extent to which they have addressed vulnerabilities in their systems,” Wyden said in a statement shared with CyberScoop.

“This continued stonewalling, nearly two years after the hack took place, is a major red flag about the state of the courts’ systems. I urge the Senate to pass the bipartisan Open Courts Act as soon as possible, to provide the funding and security standards needed to upgrade the courts’ outdated and vulnerable records systems.”