Hacking victim SolarWinds hires ex-Homeland Security official Krebs as consultant

January 07, 2021 at 11:18 pm EST

SAN FRANCISCO (Reuters) -The company used by hackers as a springboard for the worst-known breach of U.S. government computers in at least five years has hired some of the biggest names in security to help it recover.

SolarWinds Corp, which had backdoored versions of its network-management software go out to thousands of customers, had already hired CrowdStrike Holdings Inc to help it assess the intrusion and protect it going forward.

On Thursday, it hired a new consulting business formed by former U.S. Cybersecurity and Infrastructure Security Agency head Chris Krebs and Alex Stamos, former chief security officer at Facebook Inc.

Krebs was the first leader of Homeland Security unit CISA and led the national effort to keep the 2020 election safe from hacking and to dispel related misinformation. He was fired by President Donald Trump after he continued to assert the election was not "rigged" but free from electronic chicanery.

Trump has falsely claimed that the Nov. 3 election, which he lost to Democrat Joe Biden, was riddled with fraud.

Stamos, an adjunct professor at Stanford, helped coordinate a broader effort by academics and nonprofits to rapidly dispel coordinated attempts to spread false election-related information. He also was among those brought in to advise on security at fast-growing videoconferencing company Zoom Video Communications Inc after a series of flaws were reported.

Krebs said he planned to fully devote himself to the new business, which will recommend security practices for multiple clients and also combat coordinated misinformation.

"There have been successful leaders that embrace cybersecurity but also the community and engagement, and they tend to not just survive in this environment, but thrive," Krebs said in an interview. "We want to help executives become those leaders. There's a process that we want to help organizations build."

SolarWinds code has been found inside a half-dozen federal agencies that were then exploited further by hackers said by U.S. officials to have been working for the Russian government, which has denied it.

SolarWinds Chief Executive Sudhakar Ramakrishna, who joined the company this week, said in a blog post that hiring the experts was part of an effort to help transform the company, which has been criticized for poor security.

"We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class guidance on our journey to evolve into an industry leading secure software development company," a company spokesman said by email.

Stamos said he was not interested in a full-time job in Biden's administration, and would rather advise part-time with multiple companies either in crisis or hoping to get in better shape before one.

"These current Russian attacks have created a new set of companies who now realize they need to be playing at a much higher level," Stamos said.

(Reporting by Joseph Menn; Additonal reporting by Kanishka Singh; Editing by Peter Cooney)

By Joseph Menn