Three Hostile Foreign Actors Breached US Federal Courts System in 2020 Cyberattack: NY Congressman

By Frank Fang
Frank Fang
Frank Fang
journalist
Frank Fang is a Taiwan-based journalist. He covers US, China, and Taiwan news. He holds a master's degree in materials science from Tsinghua University in Taiwan.
July 29, 2022 Updated: July 29, 2022

Rep. Jerrold Nadler (D-N.Y.), chair of the House Judiciary Committee, revealed on July 28 that “three hostile foreign actors” carried out an “incredibly significant and sophisticated” cyberattack against the federal courts’ document management system in early 2020.

The cyber breach “has since had lingering impacts on the department and other agencies,” Nadler said during a congressional hearing on Thursday.

“Perhaps even more concerning is the disturbing impact the security breach had on pending civil and criminal litigation, as well as ongoing national security or intelligence matters,” Nadler added.

Judiciary

The U.S. Judiciary issued a statement about the breach on Jan 6, 2021, saying that its Case Management/Electronic Case Files system (CM/ECF) had become a victim of “an apparent compromise.” The system allows attorneys to file case documents, such as pleadings, motions, and petitions, with the court online.

The Judiciary added the breach happened because of vulnerabilities in its system that greatly risked compromising highly sensitive non-public documents, particularly sealed filings.

“Due to the nature of the attacks, the review of this matter and its impact is ongoing,” the statement concluded, adding that the Judiciary was working with the Department of Homeland Security on a “security audit.”

The Homeland Security Department headquarters
The Homeland Security Department headquarters in northwest Washington, on June 5, 2015. (Susan Walsh/AP Photo)

Nadler added that the committee learned in March of the “startling breadth and scope” of the system’s security failure. The cyberattack was unrelated to the massive SolarWinds hack that was exposed in December 2020, Nadler added.

The congressman from New York then asked Matt Olsen, assistant attorney general for the National Security Division (NSD) at the Department of Justice, what types of cases, investigations, or U.S. attorneys’ offices were “impacted most” by the breach.

In response, Olsen said he couldn’t speak directly to the nature of the ongoing investigation regarding the effort to compromise the public judicial dockets.

However, He did say his division was focused generally on cyber threats from China, Iran, North Korea, and Russia.

“This is, of course, a significant concern for us, given the nature of the information as often held by the courts,” Olsen added.

Olsen also said he couldn’t “think of anything in particular” when asked if the break had impacted any NSD investigations.

“I can assure you, based on my own personal experience, that we are working very closely with the judicial conference and judges around the country to address this issue,” Olsen said.

FBI Director Wray
FBI Director Christopher Wray speaks during a Senate Appropriations Subcommittee hearing on the fiscal year 2023 budget for the FBI at the U.S. Capitol in Washington on May 25, 2022. (Bonnie Cash/Pool via Getty Images)

China

While neither Nadler nor Olsen named any country responsible for the breach, the Chinese communist regime is likely at the top of the list.

In January, FBI Director Christopher Wray said the Chinese regime has unleashed “a massive, sophisticated hacking program that’s bigger than those of every other major country combined.”

“The Chinese government steals staggering volumes of information and causes deep, job-destroying damage across a wide range of industries—so much so that, as you heard, we’re constantly opening new cases to counter their intelligence operations, about every 12 hours or so,” Wray added.

Wray pointed to the 2021 Microsoft Exchange Server hack as an example of recent Chinese cyberattacks, saying China “compromised the networks of more than 10,000 American companies in a single campaign alone.”

In March, cybersecurity firm Mandiant reported that a hacker group backed by Beijing successfully compromised at least six U.S. state government networks between May 2021 and February 2022.

“I would say that the challenge, when it comes to the sophisticated nation-state type activity that we see in cyber, the challenge is significant,” Olsen said. “And it’s very difficult to ever be in a position to say that any system is 100 percent safe when it comes to sophisticated nation-states that seek to obtain persistent access to these systems.”

Frank Fang
journalist
Frank Fang is a Taiwan-based journalist. He covers US, China, and Taiwan news. He holds a master's degree in materials science from Tsinghua University in Taiwan.