Investigators have discovered mounting evidence that Russia is, at a minimum, partially responsible for the hacking of computers responsible for federal court documents, several people briefed on the breach told the New York Times on Tuesday.
The hackers are believed to have accessed sensitive records containing the names of people and sources involved in national security crimes.
The US government is taking unspecified "special measures" to protect people potentially exposed in a recent hack of court records, a top US Department of Justice official said on Thursday.
It is unclear if an arm of Russian intelligence is responsible for the hack or if other countries were involved but sources told the New York Times that the infiltration took years of effort.
Many of the cases searched during the infiltration involved people with Russian and Eastern European last names.
Protecting sealed documents
Court system administrators warned Justice Departments recently of a “persistent and sophisticated cyber threat actors have recently compromised sealed records,” according to an internal department memo and reviewed by The New York Times.
Ahead of the attack, the administrators reportedly advised justice department officials to relocate sensitive documents from the computer system. Similar guidance was also reportedly issued in 2021 after the system was first hacked.
It was initially understood that the hackers targeted documents related to criminal activity, with an overseas tie, to at least eight districts. However, chief justics across the US reportedly warned last month that such files should be relocated from regular management systems.
The chief judge of New York, Margo K. Brodie, reportedly issued an order on Friday forbidding the upload of sealed documents to PACER - a public database system. The documents would have previously been uploaded to the searchable database but blocked behind a wall, although concerns have risen that such sensitive documents would be too easily accessible to hackers under the previous method of storage.
The breach also included federal courts in South Dakota, Missouri, Iowa, Minnesota and Arkansas, an anonymous official confirmed.
While Politico reported the system has been under attack by a foreign actor since early July, only last week did administrators announce publicly that steps were being taken to protect the Case Management and Electronic Case Files system used to upload documents and PACER.
“Sensitive documents can be targets of interest to a range of threat actors,” the authors of last week’s notice wrote. “To better protect them, courts have been implementing more rigorous procedures to restrict access to sensitive documents under carefully controlled and monitored circumstances.”
"We're aware of the issue," Acting Assistant Attorney General Matt Galeotti told reporters at a briefing. "There's different filing measures that are being put in place. We're also taking other different technical steps." He added that in cases involving individuals who were possibly "subject to some sort of release of information," the department is "taking special measures in those cases."
Galeotti did not elaborate on the nature of those measures, and the DOJ and the Administrative Office of the US Courts did not immediately answer questions about his comments.