Hacking victim SolarWinds hires ex-Homeland Security official Krebs as consultant

SolarWinds, used by hackers as a springboard for the worst-known breach of US government computers

Reuters January 08, 2021


The company used by hackers as a springboard for the worst-known breach of US government computers in at least five years has hired some of the biggest names in security to help it recover.

SolarWinds, which had backdoored versions of its network-management software go out to thousands of customers, had already hired CrowdStrike Holdings to help it assess the intrusion and protect it going forward.

On Thursday, it hired a new consulting business formed by former US Cybersecurity and Infrastructure Security Agency head Chris Krebs and Alex Stamos, a former chief security officer at Facebook.

Krebs was the first leader of Homeland Security unit CISA and led the national effort to keep the 2020 election safe from hacking and to dispel related misinformation. He was fired by President Donald Trump after he continued to assert the election was not “rigged” but free from electronic chicanery.

SolarWinds hackers accessed Microsoft source code, the company says

Trump has falsely claimed that the November 3 election, which he lost to Democrat Joe Biden, was riddled with fraud.

Stamos, an adjunct professor at Stanford, helped coordinate a broader effort by academics and nonprofits to rapidly dispel coordinated attempts to spread false election-related information. He also was among those brought in to advise on security at fast-growing video conferencing company Zoom after a series of flaws were reported.

Krebs said he planned to fully devote himself to the new business, which will recommend security practices for multiple clients and also combat coordinated misinformation.

“There have been successful leaders that embrace cybersecurity but also the community and engagement, and they tend to not just survive in this environment, but thrive,” Krebs said in an interview.

“We want to help executives become those leaders. There’s a process that we want to help organisations build.”

SolarWinds code has been found inside a half-dozen federal agencies that were then exploited further by hackers said by US officials to have been working for the Russian government, which has denied it.

Ticketmaster pays $10 million criminal fine for invading rival's computers

SolarWinds Chief Executive Sudhakar Ramakrishna, who joined the company this week, said in a blog post that hiring the experts as part of an effort to help transform the company, which has been criticized for the poor security.

“We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class guidance on our journey to evolve into an industry-leading secure software development company,” a company spokesman said by email.

Stamos said he was not interested in a full-time job in Biden’s administration, and would rather advise part-time with multiple companies either in crisis or hoping to get in better shape before one.

“These current Russian attacks have created a new set of companies who now realize they need to be playing at a much higher level,” Stamos said.