SEC Charges SolarWinds and CISO with Fraud over Undisclosed Cyber Risks

SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures

he Securities and Exchange Commission today announced charges against Austin, Texas-based software company SolarWinds Corporation and its chief information security officer, Timothy G. Brown, for fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities. The complaint alleges that, from at least its October 2018 initial public offering through at least its December 2020 announcement that it was the target of a massive, nearly two-year long cyberattack, dubbed “SUNBURST,” SolarWinds and Brown defrauded investors by overstating SolarWinds’ cybersecurity practices and understating or failing to disclose known risks. In its filings with the SEC during this period, SolarWinds allegedly misled investors by disclosing only generic and hypothetical risks at a time when the company and Brown knew of specific deficiencies in SolarWinds’ cybersecurity practices as well as the increasingly elevated risks the company faced at the same time.

As the complaint alleges, SolarWinds’ public statements about its cybersecurity practices and risks were at odds with its internal assessments, including a 2018 presentation prepared by a company engineer and shared internally, including with Brown, that SolarWinds’ remote access set-up was “not very secure” and that someone exploiting the vulnerability “can basically do whatever without us detecting it until it’s too late,” which could lead to “major reputation and financial loss” for SolarWinds. Similarly, as alleged in the SEC’s complaint, 2018 and 2019 presentations by Brown stated, respectively, that the “current state of security leaves us in a very vulnerable state for our critical assets” and that “[a]ccess and privilege to critical systems/data is inappropriate.”

Cyber Chiefs Worry About Personal Liability as SEC Sues SolarWinds, Executive

Monday’s lawsuit is the SEC’s first against a corporate security chief in relation to a hack. A year ago, the regulator served so-called Wells notices related to its investigation of the cyberattack to SolarWinds and Tim Brown, vice president of security and CISO, signaling intentions to pursue a civil case. Chief Financial Officer J. Barton Kalsu also received a notice but wasn’t named in the SEC’s complaint Monday. SolarWinds has said its actions were appropriate and it plans a vigorous defense.

To guard against expensive and possibly career-damaging litigation, some CISOs are asking for the kind of personal protection normally reserved for top executives, such as severance agreements and directors and officers insurance.

Bankman-Fried Had a Hairy Day in Court

Determined to highlight inconsistencies in the former crypto chief’s alternate history, the assistant U.S. attorney leveraged his prolific history of tweeting, interviewing and testifying before Congress about FTX’s purported greatness and safeness.

She wanted to catch Bankman-Fried in a lie. After four hours she’d at least gotten the next-best thing: evidence he’s is a VERY unreliable narrator.

“Would you agree that you know how to tell a good story?” Sassoon asked Bankman-Fried early on, prompting someone in the gallery to guffaw.

Bankman-Fried audibly bristled at Sassoon’s tactics. He taunted her in a sing-songy cadence when told to read FTX materials that contradicted him. His unyielding “yeps” started low on the y and finished high on the p. He spent most of cross-examination repeating variations of “I don’t know” (16 times) like “sounds plausible” (twice) “I may have” (17 times), “I don’t recall” (27 times) and “I’m not confident” (three times), when asked about his own words.

Sam Bankman-Fried’s Post-Collapse Media Blitz Has Clearly Backfired

A reminder, dear reader: If you’re accused of committing massive fraud and risk facing the rest of your life in prison, you should probably turn down that interview with “Good Morning America.”

Such advice might’ve served Sam Bankman-Fried, the disgraced crypto founder who couldn’t keep quiet last year following the collapse of his FTX crypto empire, after he allegedly stole billions of dollars of customers’ money.

***

Right or wrong, the FTX founder’s media strategy seemed as perplexing as ever on Monday, when prosecutors spent hours peppering him with questions about potential criminality at FTX — using his countless post-collapse interviews as corroborating evidence.

Who’s asking the tough questions?

US Assistant Attorney Danielle Sassoon is leading the government’s cross-examination of FTX founder Sam Bankman-Fried.

Sassoon was a law clerk to Justice Antonin Scalia, whom she said taught her “how to fire a pistol and a rifle, and made me feel like I had grit,” she wrote in 2016.

“He thickened my skin, which was the best preparation for a career in a male-dominated field.”

Wall Street Law Firms Lift NYC Real Estate With Return to Office

Law firms are taking a lead role in filling New York City’s all-too-empty office buildings, thanks to an insistence that attorneys must stop working from home.

The legal business rivals the financial sector as the most active Manhattan lessors in the past two quarters, real estate firm Savills said in a report. The two sectors accounted for more than half of leasing activity in the third quarter, according to Savills.