Whistleblower says Microsoft was warned ahead of SolarWinds hack

Microsoft continues to face tough questions about its security protocols and commitment to safety after a whistleblower says he warned the company about a serious vulnerability involving third party software years ahead of it being exploited in the infamous SolarWinds attack.

Experts believe that it was in September of 2019 that Russian hackers gained access to SolarWinds - a network infrastructure monitoring software relied on by hundreds of thousands of computer systems across the country.

By inserting malware in a SolarWinds update, hackers got a backdoor to those systems, including Microsoft and its customers: the largest of which is the U.S. government.

They gained access to sensitive federal agencies, like the departments of Energy and Treasury. 

When the hack was discovered 14 months later –  it brought home the threat of cyber warfare and the ability of malicious foreign actors to find tiny weaknesses in computer code to cause major damage.

Now, new reporting by ProPublica sheds light on what Microsoft knew about the SolarWinds vulnerability before the attack – and the extent of the hackers’ access.  including breaching the agency that maintains America’s nuclear weapons stockpile.

Guests:

• Renee Dudley, a tech reporter at ProPublica

Related Links:

• ProPublica: https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers 
• ProPublica: https://www.propublica.org/article/microsoft-solarwinds-cybersecurity-house-homeland-security-hearing 

See omnystudio.com/listener for privacy information.