Federal Courts: ‘Highly Sensitive’ documents kept in ‘air-gap’

A computer, locked in a room at the Warren E. Burger Federal Building in St. Paul is "air-gapped." This means it is not connected to any phone lines or the internet.

The most sensitive and secret information in Minnesota’s federal court system is now kept in a locked room, on an ‘air-gapped’ computer in St. Paul, without access to the internet.   

The security measures are the result of the "SolarWinds" cyber-attack on the U.S. federal government that was uncovered in December 2020.  

Since then, a total of 6,352 documents containing what is known as HSI, for ‘highly sensitive information,’ were removed from the U.S. District Court electronic records system, known as PACER.   

Those documents were from 83 federal cases in Minnesota that go back to 2015 and include grand jury documents that may contain highly sensitive information about unindicted defendants. 

John Tunheim, the Chief U.S. District Judge in Minnesota, said in an interview that most of those cases were related to national security, terrorism investigations, and "cases of cooperation of a criminal defendant who might impact higher ups in the drug cartel world." 

Tunheim said there were also a few civil cases concerning "non-public, intellectual property that would be significant to a foreign source." 

The documents are currently kept on a computer in a locked room at the Warren E. Burger Federal Building in St. Paul. The computer is "air-gapped" meaning it is not connected to any phone lines or the internet.   

In an order last January, Tunheim authorized removal of documents from the system that contain highly sensitive information "that is likely to be of interest to the intelligence service of a hostile foreign government and whose use or disclosure by a hostile foreign government would likely cause significant harm." 

Not all sealed documents contain "highly sensitive information," and most have not been removed from the system, Tunheim said. He added that he is trying to limit the kinds of documents attorneys file under seal.     

The cyber-attack in mid-December installed malicious software in an update from the internet technology company SolarWinds and its Orion Network that compromised nine federal agencies, including the U.S. Justice Department, and hundreds of businesses in the private sector.   

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency said the attack was from a "malicious actor" linked to the Russian government. President Biden imposed sanctions on Russia last May in response to the attack.  

According to internet security blogger Brian Krebs, the Administrative Office of U.S. Courts computer systems were "seeded" with two pieces of malicious software. A "sunburst" of malicious software that SolarWinds sent as an update to 18,000 customers, as well as a "second stage ‘Teardrop’ malware," which provided a backdoor to access documents. 

"The entire system was compromised," said Tunheim. "Whoever breached could look at everything sensitive." 

Tunheim said that he is not aware of any specific Minnesota case files that had been compromised or downloaded.   

A placeholder has been substituted in the PACER system where sealed documents once existed. 

Tunheim said that is so the documents can be returned to the system, "once it is deemed safe to do so, if ever."