On Dec. 24, 2020, the Department of Justice’s Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others. This activity involved access to the Department’s Microsoft O365 email environment.After learning of the malicious activity, the OCIO eliminated the identified method by which the actor was accessing the O365 email environment. At this point, the number of potentially accessed O365 mailboxes appears limited to around 3-percent and we have no indication that any classified systems were impacted.There's a lot of sensitive information floating around the DOJ, given the large number of federal investigations and prosecutions it oversees. The breach could be even more severe than this indicates, given this breach announcement, which affects an adjacent branch of the government.
The AO [Administrative Office of the US Courts] is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings. An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation. Due to the nature of the attacks, the review of this matter and its impact is ongoing.Hackers may have obtained access to sealed dockets and documents, including warrants, affidavits, and other investigative/prosecutorial filings that haven't been made public. Not only would this include investigative techniques, information on informants, and other sensitive information tied to ongoing investigations and prosecutions, it also affects a multitude of private individuals and companies who have been allowed to litigate under seal to protect personal/confidential info that could cause serious damage to litigants if made public.Sure, there's a presumption of openness in the court system, but there's still a lot of stuff filed under seal, at least temporarily. Publication of sealed documents could conceivably cause damage to people, places, and things… even if the government tends to overstate the damage when asking judges for secrecy.For the time being, the US Courts system will require all sensitive filings to be done in paper form or via "secure electronic devices." These will be stored in a standalone system that's completely walled off from the CM/ECF system that's accessible via PACER. This new process won't affect every sealed document, though -- just the ones the courts consider to be "highly-sensitive."
[M]ost documents similar to and including presentence reports, pretrial release reports, pleadings related to cooperation in most criminal cases, Social Security records, administrative immigration records, and sealed filings in many civil cases likely would not be sufficiently sensitive to require HSD [highly sensitive court documents] treatment and could continue to be sealed in CM/ECF as necessary.Given the interconnectedness of the internet of government things, a breach in one location can easily result in cross-pollination. Just because an agency hasn't discovered a breach yet doesn't mean a malicious hacker hasn't established a foothold in the system. The end of this long international nightmare is still well over the horizon. The popularity of Solarwinds' products made it too tempting of a target to pass up.
A North Idaho internet provider sent this email out to costumers, absolutely INSANE pic.twitter.com/ecwRFqnzwS— Coping MAGA (@CopingMAGA) January 11, 2021
"Our company does not believe a website or social networking site has the authority to censor what you see and post and hide information from you, stop you from seeing what your friends and family are posting," the email states. "This is why with the amount of concerns, we have made this decision to block these two websites from being accessed from our network."There are ample problems here. The first being that "Conservative censorship" isn't actually a thing. What hyperventilating partisans deem as "censorship" in our broken modern discourse is usually just Facebook and Twitter belatedly enforcing their own terms of service (which is different than censorship). While the platforms certainly do sometimes boot people for stupid reasons, more often than not such bans are simply the natural consequence of behaving like an asshole on the internet. Don't want to be blocked, banned or limited? Don't be an asshole on the internet.The other problem, of course, is that there's an endless parade of research showing that internet filters are stupidly expensive and don't work. They're usually easily bypassed with only a modicum of technical knowledge, and they pretty routinely result in collateral damage (aka the accidental blocking of legal, legit websites). In this case, blocking access to Facebook by proxy blocks access to all the systems Facebook ties into, including automated login systems. The end result is likely to be more of an avoidable headache than a real solution to a real problem.I reached out to contact Your T1 WIFI, but their 1-888 number resolved to a woman's voicemail box that didn't even mention the name of the company. However, company owner Brett Fink spoke to a local CBS affiliate and contradicted his own company's email by claiming they weren't blocking anybody:
"In a phone call with KREM, the owner of the company, Brett Fink, again said the websites would only be blocked for customers who asked."We've had customers asked to be blocked by it. That is what the email was about, so no we are not blocking anybody, only the ones that have asked for it," Fink said."Again, that's not what the company's own email to its subscribers states:
"Please let us know and we can add you to the allowed list to be able to not be blocked from going to these sites and the ones that do want to be blocked will have to do nothing they (Twitter and Facebook) will just not show up."So that certainly sounds like a DNS-level IP blacklist, which users have to call in to be whitelisted from.Of course in the wake of the Trump net neutrality repeal this doesn't run afoul of federal rules...because there are no federal rules. But it's still a problematic, dumb idea and a slippery slope for an ISP to inject itself into the information stream in such a hamfisted fashion. With industry BFF Ajit Pai on the way out, and the Biden administration purportedly keen to restore net neutrality, it's extremely unlikely any major ISPs would follow down this particular rabbit hole and draw regulatory scrutiny. Still, it should add some interesting...flavor to the debate when it inevitably heats up later this year.Either way, engaging in blocking to protest "censorship" that isn't actually happening isn't a great look.