SEC Dismisses Case Against SolarWinds, Top Security Officer

The SEC has officially dismissed its high-profile case against SolarWinds and its CISO that was tied to a Russia-linked cyberattack involving the software company. Reuters reports: The landmark case, which SEC brought in late 2023, rattled the cybersecurity community and later faced scrutiny from a judge who dismissed many of the charges. The SEC had said SolarWinds and its chief information security officer had violated U.S. securities laws by concealing vulnerabilities in connection with the high-profile 2020 Sunburst cyber attack. The SEC, SolarWinds and CISO Timothy Brown filed a motion on Thursday to dismiss the case with prejudice, according to a joint stipulation posted on the agency's website. A SolarWinds spokesperson said the firm is "clearly delighted" with the dismissal.

"We hope this resolution eases the concerns many CISOs have voiced about this case and the potential chilling effect it threatened to impose on their work," the spokesperson said.

Re:

[HiThere]

I don't think treason could have been made to apply. It's defined in the Constitution, and the definition is a *LOT* stricter than colloquial use.

Re:

[quonset]

"We just used plausible deniability to confuse a non-technical judge into throwing out criminal negligence charges that should have actually been treason charges! Hooraay!"

Stop using the word treason when you don't know what it means. Article III, Section 3:

Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court.

Re:

[Narcocide]

(For whoever is paying attention: Here is yet another incident of being modded down for telling the truth.)

Re:

[Mr. Dollar Ton]

So, is "cyberwar" a "real war" then, as we were told many times before by the party currently holding power, or is it a bullshit scare term that we can safely ignore?

Interesting!

[oldgraybeard]

So it does pay to outsource security from a legal cover point of view. And wink! wink! yes we are keeping everything secure for this unbelievably low price that you can not duplicate internally.

Re:

[MIPSPro]

Solar Winds monitoring suite was always such a darling and favorite among Windows sysadmins. I remember writing a few custom shell scripts for it's Linux agent years ago. I must admit to a bit of schadenfreude after they stumbled with the security nightmares for a while. However, the stuff I'm seeing now is even worse and more horrifying than anything SolarWinds ever released. After "AI Agents" become the norm, I have a feeling I'll look back on Solarwinds fondly.

It's going to be a miracle

[rsilvergun]

If we don't have a 30 style crash. In addition to basically completely deregulating Wall Street and investment in general and all the other structural economic problems we are all just kind of pretending aren't there over and over and over again we are seeing crooks let off the hook by the current administration for no discernible reason except the blisteringly obvious one.

We are basically speedrunning a repeat of the lead up to world war II only this time we have nuclear weapons. But I'm sure it'll be fine right? Right?

Re:

[Mr. Dollar Ton]

You won't have a 1929-style crash, that one will look like a mild recession compared to the 2029 crash.

If the bubble lasts until 2029, that is.

Maybe I'm in the minority

[Tony Isaac]

But I think the case was heavy-handed in the first place.

There is no evidence I've read, that suggests Solar Winds was *negligent*. Was their security breached? Yes. Does that automatically make them negligent? No.

If a foreign government goes after your security defenses, using the money and manpower a national government can spend, they *will* break in.

still runs on Windows server

[klipclop]

We have a legacy deployment and it's our last windows server VM. SolarWinds called me for an account review and this is a good reminder why they're still open to another big incident like 2020...

Thing to keep in mind

[bferrell]

The current executive staff wasn't on board at the time of the hack. Mostly they were at Pulse Secure... That was ALSO hacked repeatedly both before and after the Solarwinds hack.