Skip to main content
The Globe and Mail
Support Quality Journalism.
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
Just$1.99
per week
for first 24 weeks

Enjoy unlimited digital access
Cancel Anytime
Enjoy Unlimited Digital Access
Get full access to globeandmail.com
Just $1.99per week for the first 24weeks
Just $1.99per week for the first 24weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); } //

U.S. intelligence agencies and private cybersecurity investigators are examining the role of a widely used software company, JetBrains, in the far-reaching Russian hacking of federal agencies, private corporations and United States infrastructure, according to officials and executives briefed on the inquiry.

Officials are investigating whether the company, founded by three Russian engineers in the Czech Republic with research labs in Russia, was breached and used as a pathway for hackers to insert back doors into the software of an untold number of technology companies. Security experts warn that the months-long intrusion could be the biggest breach of United States networks in history.

JetBrains, which counts 79 of the Fortune 100 companies as customers, is used by developers at 300,000 businesses. One of them is SolarWinds, the Austin, Texas, company whose network management software played a central role in allowing hackers into government and private networks.

Story continues below advertisement

JetBrains said Wednesday that it was not aware of being under investigation nor was it aware of any compromise. The exact software that investigators are examining is a JetBrains product called TeamCity, which allows developers to test and exchange software code before its release.

By compromising TeamCity, or exploiting gaps in how customers use the tool, cybersecurity experts say, the Russian hackers could have inconspicuously planted back doors in an untold number of JetBrains’ clients. Because TeamCity is so widely deployed, experts said, it is imperative to determine whether its software contains a vulnerability, or if attackers exploited TeamCity customers via stolen passwords or gaps in unpatched, outdated software.

Separately, the Justice Department said that its e-mail system had been compromised as part of the SolarWinds hack, an announcement that expands the scope of the government computers that Russia was able to infiltrate.

Government officials are not certain how the compromise of the JetBrains software relates to the larger SolarWinds hack. They are seeking to learn if it was a parallel way for Russia’s main intelligence agency to enter government and private systems, or whether it was the original pathway for Russian operatives to first infiltrate SolarWinds.

On Tuesday, the Office of the Director of National Intelligence, the FBI, the Department of Homeland Security and the National Security Agency issued a joint statement formally declaring that Russia was most likely the origin of the hack. But the statement offered no details and made no mention of the JetBrains software or the SVR, Russia’s most skilled intelligence agency.

JetBrains is considered a predominant tool for developing software. Google, Hewlett-Packard and Citibank are among its customers, and the company is widely used by developers of Android mobile software. It also counts Siemens, a major supplier of technology in critical infrastructure such as power and nuclear plants, as a customer as well as VMware, a technology company that the National Security Agency warned on Dec. 7 was also being used by Russian hackers to break into networks.

In a statement on its blog, JetBrains said it had not been contacted by government or security agencies.

Story continues below advertisement

“We have not been contacted by any government or security agency regarding this matter, nor are we aware of being under any investigation,” Maxim Shafirov, the company’s chief executive, said in a post Wednesday. “If such an investigation is undertaken, the authorities can count on our full co-operation.”

SolarWinds confirmed Wednesday that it used TeamCity software to assist with the development of its software and was investigating the software as part of its investigation. The company said it had yet to confirm a definitive link between JetBrains and the breach and compromise of its own software.

SolarWinds previously said that 18,000 customers downloaded its compromised software, but investigators believe Russia was judicious in which of those networks it gained access to, making it difficult to quickly assess the damage.

In the joint announcement, officials said they believed that the Russian hackers stopped at 10 federal agencies, but an internal assessment by Amazon, which has been examining hackers’ tools, believe the total number of victims in government and the private sector could be upward of 250 organizations.

Microsoft also announced Dec. 31 that its network was breached by the same intruders, and confirmed that they viewed the company’s source code. It has not said which products may have been compromised. CrowdStrike, a security firm, confirmed last month that it was targeted, unsuccessfully, through a company that sells software on behalf of Microsoft. Those resellers help set up Microsoft software and often have broad access to clients’ systems, which Russia’s hackers could exploit on untold numbers of Microsoft customers.

The Justice Department did not learn of, and close off, the vulnerability in its Microsoft Outlook e-mail system until Dec. 24, some 10 days after the SolarWinds compromise of government computers became public, officials said.

Story continues below advertisement

Marc Raimondi, a Justice Department spokesman, said that about 3% of the department’s e-mail accounts that use the specific Microsoft software were compromised by the breach. He said that no classified systems appear to have been affected, but that the episode had been designated as a major one.

Referring to the method by which the hackers entered the victims’ systems, Dmitry Alperovitch, a founder of CrowdStrike who now runs Silverado Policy Accelerator, said compromising and introducing a back door into a product like TeamCity was “the holy grail of a supply chain hack.”

“It can allow an adversary to have thousands of SolarWinds-style back doors in all sorts of products in use by victims all over the world,” Alperovitch added. “This is a very big deal.”

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies