US court filing system hit in sweeping hack

The electronic case filing system used by the federal judiciary has been breached in a sweeping cyber intrusion that is believed to have exposed sensitive court data across multiple U.S. states, according to two people with knowledge of the incident.

The hack, which has not been previously reported, is feared to have compromised the identities of confidential informants involved in criminal cases at multiple federal district courts, said the two people, both of whom were granted anonymity because they were not authorized to speak publicly about the hack.

The Administrative Office of the U.S. Courts — which manages the federal court filing system — first determined how serious the issue was around July 4, said the first person. But the office, along with the Justice Department and individual district courts around the country, is still trying to determine the full extent of the incident.

It is not immediately clear who is behind the hack, though nation-state-affiliated actors are widely suspected, the people said. Criminal organizations may also have been involved, they added.

The Administrative Office of the U.S. Courts declined to comment. Asked whether it is investigating the incident, the FBI referred POLITICO to the Justice Department. The Justice Department did not immediately reply to a request for comment.

It is not immediately clear how the hackers got in, but the incident is known to affect the judiciary’s federal core case management system, which includes two overlapping components: Case Management/Electronic Case Files, or CM/ECF, which legal professionals use to upload and manage case documents; and PACER, a system that gives the public limited access to the same data.

In addition to records on witnesses and defendants cooperating with law enforcement, the filing system includes other sensitive information potentially of interest to foreign hackers or criminals, such as sealed indictments detailing non-public information about alleged crimes, and arrests and search warrants that criminal suspects could use to evade capture.

Chief judges of the federal courts in the 8th Circuit — which includes Arkansas, Iowa, Minnesota, Missouri, Nebraska, North Dakota, and South Dakota — were briefed on the hack at a judicial conference last week in Kansas City, said the two people. It is unclear who delivered the brief, though the Director of the Administrative Office of the U.S. Courts, Judge Robert J. Conrad, Jr., was in attendance, per the first person. Supreme Court Justice Brett Kavanaugh was also in attendance but didn’t address the breach in his remarks.

Staff for Conrad, a district judge in the Western District of North Carolina, declined to comment.

The hack is the latest sign that the federal court filing system is struggling to keep pace with a rising wave of cybersecurity threats.

Michael Scudder, who chairs the Committee on Information Technology for the federal courts’ national policymaking body, told the House Judiciary Committee in June that CM/ECF and Pacer are “outdated, unsustainable due to cyber risks, and require replacement.”

He also said that because the federal Judiciary holds such sensitive information, it faces “unrelenting security threats of extraordinary gravity.”

As of July 2022, the Justice Department was investigating another hack of the federal court system that then-House Judiciary Committee Chair Jerrold Nadler (D-N.Y.) described as “startling.” The incident involved three foreign hacking groups and dated back to early 2020, Nadler also said. It is not clear who the foreign hackers were or whether these incidents are connected.

“It’s the first time I’ve ever seen a hack at this level,” said the first of the two people, who has spent more than two decades on the federal judiciary.

The second person said that roughly a dozen court dockets were tampered with in one court district as a result of the hack. The first person was not aware of any tampering but said it was theoretically possible.

The incident does not appear to have exposed the most highly protected federal court witnesses, since the real identities of those thought to face exceptional risk for cooperating are held on separate systems maintained by the Justice Department, according to the first person.

During his testimony before the House Judiciary Committee, Scudder said that replacing CM/ECF and PACER was a “top priority” for the federal judiciary, but that developing a more modernized system would have to “be developed and rolled out on an incremental basis.”

He also called CM/ECF and Pacer the “backbone system federal courts depend on for mission-critical, day-to-day operation.”