SolarWinds Breach Potentially Gave Hackers 'God Access': Ex-White House Official

The SolarWinds breach potentially gave hackers "God access" or a "God door" to computer systems using the companies OrionIT software, a former White House official has warned.

Computers at federal government agencies—including the Treasury Department, Department of Homeland Security and Commerce Department—were reportedly compromised by a cyberattack targeting SolarWinds starting as far back as March. Hundreds of top American corporations were also vulnerable to the attack, in which hackers added malware to a software update that was downloaded by thousands of SolarWinds' clients. Although the scope of the attack remains under investigation, cybersecurity experts have emphasized the seriousness of the hack and its potential repercussions.

"It is serious. I mean based on what we know and what we don't know, you know, if I put it on a scale of one to 10, I'm approaching a nine right now," Fortalice CEO Theresa Payton, White House chief information officer overseeing IT operations under former President George W. Bush and the first female to serve in the position, told CNBC's Squawk Box on Wednesday.

"It is serious," says Fortalice CEO & Former W.H. Chief Information Officer Theresa Payton on the massive cyber attack that is believed to have been backed by Russia. "Because of this compromise you can't trust electronic communications right now on the unclassified side."

— Squawk Box (@SquawkCNBC) December 16, 2020

"The fact that many organizations have been impacted, departments and agencies—the U.S. military have been impacted potentially because of this compromise. You can't trust electronic communications right now in the unclassified side," Payton said.

The cybersecurity expert explained that "essentially the design gives the opportunity for cyber operatives to have what we refer to in the industry as 'God access' or the 'God door.'" Payton said that she isn't yet rating the hack as a 10 because the investigation is ongoing.

"Maybe we got lucky. Maybe these cyber operatives had set up that 'God access' or that 'God door,' but maybe they didn't get away with infiltrating the systems in such a way that they've changed data, they've changed logistics—that they've got a permanent hold on the system," she said.

A spokesperson for SolarWinds declined to comment on Payton's analysis when contacted by Newsweek, pointing to the ongoing investigation into the hack. The FBI is now investigating the cyberattack.

Randy Watkins, chief technology officer at Plano, Texas–based cybersecurity company Critical Start, explained to Newsweek in an email that hackers with access to SolarWinds' Orion software would have "a map" of a user's networks.

"Attackers able to breach the platform have a map of the organization's network and credentials and can potentially gain elevated access to critical systems. Critical systems commonly include those that hold credentials for every user in the organization, providing largely unfettered access to every system in the organization along with all the data contained on those systems," Watkins said.

He explained that the cyber intrusion had raised the possibility that hackers gained access to "personal information" or even the "theft of weapons system designs and geopolitical positioning."

"Partnerships between security researchers developing ways to detect the breach and security organizations finding and responding to the attackers have allowed for prevention and rapid response," Watkins noted.

An engineer from the Israeli company uses his expertise in social media commercial analysis to identify networks of fake users during at the group's office in the Israeli city of Bnei Brak near Tel Aviv on January 23, 2019. Fortalice CEO Theresa Payton said that she isn't yet rating the SolarWinds hack as a 10 because the investigation is ongoing. JACK GUEZ/AFP/Getty

Concerns have been raised by some experts about SolarWinds' security safeguards prior to the attack. Security researcher Vinoth Kumar told Newsweek on Tuesday that he notified SolarWinds in November 2019 that anyone could access its update server by using a simple password: "solarwinds123." Although that vulnerability was fixed, Kumar said that it appeared to have been present as far back as June 2018.

SolarWinds said that "fewer than 18,000" clients are believed to have downloaded the compromised update. In addition to top federal government agencies—including the Pentagon and NASA—more than 400 of Fortune 500 companies use SolarWinds' products. The company hid its client list from its webpage this week. A spokesperson told Newsweek that this was done as "a courtesy" to its clients.

Russia has arisen as the prime suspect behind the hack. A spokesperson for Russian President Vladimir Putin and the country's U.S. embassy have denied any involvement. Although Russia has not been confirmed as the culprit, the country's denial would be expected. Other nations such as China, North Korea and Iran have recently been accused of carrying out cyberattacks against the U.S. as well.