The second Trump administration has its first federal cybersecurity debacle to deal with.
A breach of the United States federal judiciary’s electronic case filing system, discovered around July 4, has pushed some courts onto backup paper-filing plans after the hack compromised sealed court records and possibly exposed the identities of confidential informants and cooperating witnesses across multiple US states.
More than a month after the discovery of the breach—and in spite of recent reports from The New York Times and Politico that Russia was involved in perpetrating the hack—it is still unclear exactly what happened and which data and systems were affected.
Politico first reported the breach of the “case management/electronic case files,” or CM/ECF, system, which may have impacted criminal dockets, arrest warrants, and sealed indictments. The CM/ECF system also suffered a breach in 2020 during the first Trump administration, and Politico reported on Tuesday that, in the recent attack, hackers exploited software vulnerabilities that remained unaddressed after being discovered five years ago in response to that first incident. Security researchers say that gaps in public information about the situation are concerning, particularly when it comes to lack of clarity on what data was affected.
“We're more than a month into detecting this intrusion and still don't have a full accounting of what's impacted,” says Jake Williams, a former NSA hacker and current vice president of research and development at Hunter Strategy. “If we don't have sufficient logging to reconstruct attack activity, that would be extremely disappointing, because this system has been repeatedly targeted over the years.”
In response to a request for comment, the United States Courts referred WIRED to its August 7 statement, which says the federal judiciary “is taking additional steps to strengthen protections for sensitive case documents” and “further enhancing security of the system.” The courts also mention that the “vast majority of documents filed with the Judiciary’s electronic case management system are not confidential and indeed are readily available to the public,” while conceding that “some filings contain confidential or proprietary information that are sealed from public view.”
The Department of Justice did not immediately respond to requests for comment about the scope of the breach or who perpetrated it.
Reports this week that Russia was involved in the attack or may be the sole perpetrator have been difficult to interpret, given other indications that espionage actors backed by multiple countries—and possibly organized crime syndicates—may have been involved in or piggybacking on the breach for their own exfiltration.
John Hultquist, chief analyst in Google's Threat Intelligence Group, says it is not uncommon to see multiple actors poking at a sensitive, and potentially vulnerable, system. “Investigations are regularly targeted by cyberespionage actors from several countries,” he says.
News of the breach comes as the Trump administration has continued to slash the federal workforce, including combing intelligence and cybersecurity agencies to remove officials or pressure them to resign.
... continue reading