Security Market Segment LS


Failed loading XML...
Tuesday, 15 December 2020 12:05

Ex-NSA hacker slams SolarWinds over wording of SEC breach filing Featured

Jake Williams: "I strongly suspect that down the road we’ll be using this as a case study in breach PR failures." Jake Williams: "I strongly suspect that down the road we’ll be using this as a case study in breach PR failures." Supplied

Former NSA hacker Jake Williams has criticised the SEC filing made by security firm SolarWinds following the disclosure that the company's Orion network management software had been compromised and used to breach numerous companies in many regions of the globe.

Williams, who now runs his own outfit, Rendition Infosec, said to start with SolarWinds had claimed that the breach timeline was limited to the March-June period.

The nature of the compromise was detailed by FireEye chief executive Kevin Mandia on Monday AEDT, less than a week after his own company saw its Red Team tools being pilfered.

As iTWire reported, this morning other researchers have pointed out that SolarWinds' FTP credentials were being leaked on GitHub in November 2019 and the company was yet to remove the compromised binary from its own website.

However, it had taken care to remove a page from its website that listed its customers, probably fearing that this was not the best time for this kind of marketing.

Said Williams: "I’m not saying they’re wrong. I understand the document is geared to regulators and investors. I’m just saying they’re making a statement on which security folks are basing decisions.

"They need to explain how they are limiting to this timeframe. Show your work. Anything less is valuing share price over customer safety."

Williams, once part of the now disbanded Tailored Access Operations unit at the NSA, America's premier spook agency, said he had spoken to a few organisations who were thinking of staying put because of this specific timeframe declaration.

"Clarity is needed," he insisted. "This smells to me like 'no specific evidence of any other dates where compromise is known'.

Williams said he was also concerned that SolarWinds was calling the incident a vulnerability, rather than a breach as it was.

"This isn’t 'Jake just being pedantic'. Software supply chain attacks are complex and customers are confused. This off-label use of 'vulnerability' isn’t helping," he pointed out.

He also took issue with the fact that SolarWinds had claimed that it was the Orion build process had been compromised, rather than the source code.

"But they don’t really explain how/why they believe this," said Williams. "I’m left with more questions than answers after reading due to apparent inconsistencies in knowledge required for claims.

"I strongly suspect that down the road we’ll be using this as a case study in breach PR failures. I also suspect we’ll see the SEC revise disclosure requirements in situations like this. Telling investors incredible tales and ignoring customers should be a losing move."

However he said there should be some latitude shown as the area was something of an uncharted one. "But to give SolarWinds their due, this is a fairly uncharted territory with a publicly traded company being implicated in a supply chain attack, potentially leading to the breach of customers. They’re writing the playbook as they execute it, with no template to draw from," he added.

Read 4190 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


If you're looking at enabling Microsoft Teams for your contact centre, you should bookmark this webinar.

Marketing budgets are now focused on Webinars combined with Lead Generation.

Our panellists from Whangarei District Council (NZ) and Maurice Blackburn Lawyers (Aus) were closely involved in recent projects to enable Microsoft Teams for their own contact centres.

They have kindly agreed to join Enghouse and Microsoft to talk about some of the things they would recommend as most critical for IT and CX professionals planning a Teams Contact Centre migration.

Date: 11 May 2022
Time: 12pm AEST | 2pm NZST | 10am SGT

We look forward to having you join us. Please click the button below to register.



The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News