Texas software company faces scrutiny after hacking
Before this week, few people were aware of Solar- Winds, a Texas-based software company providing vital computer network monitoring services to corporations and government agencies around the world.
But the revelation that elite cyberspies have spent months secretly exploiting SolarWinds’softwaretopeer into computer networks has put many of its highest-profile customers in national governments and Fortune 500companiesonhighalert.
And it’s raising questions about how soon company insiders knew of its security vulnerabilities as its biggest investors sold off stock.
Founded in 1999 by two brothers in Tulsa, Oklahoma, ahead of the feared turn-of-the-millennium Y2K computer bug, the company’s website says its first product “arrived on the scene to help IT pros quell everyone’s world-ending fears.”
This time, its products are the ones instilling fears. The company on Sunday began alerting about 33,000 of its customers that an “outside nation state” — widely suspected to be Russia — had found a back door into some updated versions of its premierproduct, Orion. The ubiquitous software tool, which helps organizations monitor the performance of their computer networks and servers, had become an instrument for spies to steal information undetected.
“They’re not a household name the same way that Microsoft is. That’s because their software sits in the back office,” said Rob Oliver, a research analyst at Baird who has followed the companyforyears.“Workers couldhavespenttheirwhole careerwithouthearingabout SolarWinds. But I guarantee your IT department will know about it.”
One of SolarWinds’ customers, the prominent California cybersecurity firm FireEye, was the first to discoverthecyberespionage operation. FireEye revealed this month that its own systems were breached by attackerswhomadeoffwith its defensive hacking tools.
Among the other revealed spying targets were the U.S. departmentsofTreasuryand Commerce.
The Department of Homeland Security’s cybersecurity unit this week directed all federal agencies to remove the compromised software and thousands of companies were expected to do the same.
Among the business sectorsscramblingtoprotect their systems and assess potential theft of information were the electric power industry, defense contractors and telecommunications firms.
The breach has caused a crisis for SolarWinds, now based near Austin.
The compromised product accounts for nearly half the company’s annual revenue, whichtotaled$753.9million over the first nine months of this year.
Moody’sInvestorsService said this week that it was looking to downgrade its ratingforthecompany,citing the “potential for reputational damage, material loss of customers, a slowdown in business performance and high remediation and legal costs.”
SolarWinds’ longtime CEO, Kevin Thompson, had monthsearlierindicatedthat he would be leaving at the end of the year. The Solar- Winds board appointed his replacement, current PulseSecure CEO Sudhakar Ramakrishna, on Dec.
7, according to a financial filing, a day before FireEye first publicly revealed the hack on its own system and two days before the change of CEOs was announced.
It was also Dec. 7 that the company’stwobiggestinvestors, Silver Lake and Thoma Bravo , which control a majoritystakeinthepublicly traded company, sold more than$280 million in stock to a Canadian public pension fund. Thetwoprivateequity firms in a joint statement said they “were not aware of thispotentialcyberattack” at the time they sold the stock.
It was six days later when SolarWinds disclosed the breach.
The hacking began at least as early as March when SolarWinds customers who installed updates to their Orion software were unknowingly welcoming hidden malicious code.
But the revelation that elite cyberspies have spent months secretly exploiting SolarWinds’softwaretopeer into computer networks has put many of its highest-profile customers in national governments and Fortune 500companiesonhighalert.
And it’s raising questions about how soon company insiders knew of its security vulnerabilities as its biggest investors sold off stock.
Founded in 1999 by two brothers in Tulsa, Oklahoma, ahead of the feared turn-of-the-millennium Y2K computer bug, the company’s website says its first product “arrived on the scene to help IT pros quell everyone’s world-ending fears.”
This time, its products are the ones instilling fears. The company on Sunday began alerting about 33,000 of its customers that an “outside nation state” — widely suspected to be Russia — had found a back door into some updated versions of its premierproduct, Orion. The ubiquitous software tool, which helps organizations monitor the performance of their computer networks and servers, had become an instrument for spies to steal information undetected.
“They’re not a household name the same way that Microsoft is. That’s because their software sits in the back office,” said Rob Oliver, a research analyst at Baird who has followed the companyforyears.“Workers couldhavespenttheirwhole careerwithouthearingabout SolarWinds. But I guarantee your IT department will know about it.”
One of SolarWinds’ customers, the prominent California cybersecurity firm FireEye, was the first to discoverthecyberespionage operation. FireEye revealed this month that its own systems were breached by attackerswhomadeoffwith its defensive hacking tools.
Among the other revealed spying targets were the U.S. departmentsofTreasuryand Commerce.
The Department of Homeland Security’s cybersecurity unit this week directed all federal agencies to remove the compromised software and thousands of companies were expected to do the same.
Among the business sectorsscramblingtoprotect their systems and assess potential theft of information were the electric power industry, defense contractors and telecommunications firms.
The breach has caused a crisis for SolarWinds, now based near Austin.
The compromised product accounts for nearly half the company’s annual revenue, whichtotaled$753.9million over the first nine months of this year.
Moody’sInvestorsService said this week that it was looking to downgrade its ratingforthecompany,citing the “potential for reputational damage, material loss of customers, a slowdown in business performance and high remediation and legal costs.”
SolarWinds’ longtime CEO, Kevin Thompson, had monthsearlierindicatedthat he would be leaving at the end of the year. The Solar- Winds board appointed his replacement, current PulseSecure CEO Sudhakar Ramakrishna, on Dec.
7, according to a financial filing, a day before FireEye first publicly revealed the hack on its own system and two days before the change of CEOs was announced.
It was also Dec. 7 that the company’stwobiggestinvestors, Silver Lake and Thoma Bravo , which control a majoritystakeinthepublicly traded company, sold more than$280 million in stock to a Canadian public pension fund. Thetwoprivateequity firms in a joint statement said they “were not aware of thispotentialcyberattack” at the time they sold the stock.
It was six days later when SolarWinds disclosed the breach.
The hacking began at least as early as March when SolarWinds customers who installed updates to their Orion software were unknowingly welcoming hidden malicious code.
PREVIOUS ARTICLE
