LITIGATION SUPPORT TIP OF THE NIGHT

This month the S.D.N.Y. dismissed much of the SEC's fraud suit against the software developer SolarWinds Corp. The SAML certificate [which exchanges authentication and authorization data between parties] for SolarWinds' information technology infrastructure platform, Orion, was compromised and malicious actors were able to gain access to the networks of government agencies that used Orion.

The SEC had alleged that SolarWinds failed to disclose information about the SUNBURST cyberattack in 2020 quickly enough. In his decision, Op. & Order, SEC v. SolarWinds Corp., No. 1:23-cv-09518-PAE (S.D.N.Y. July 18, 2024), ECF No. 125, Judge Paul Engelmayer, sustained a claim of fraud based on the SolarWinds Security Statement, but dismissed claims of fraud based on other filings.

In discussing whether or not cybersecurity risk disclosures made in a SolarWinds' SEC filings about its Orion platform used for IT infrastructure were adequate, the Court considered whether or not two previous incidents in which attacks allowed its platform to contact unauthorized external websites meant that it had been subject to a systematic attack. The two incidents were different in that in one Orion was exploited to send data about the network it was installed on, and in the other Orion was used to download malware. Because SolarWinds could not find the root cause of the attacks, and could not be certain that they were associated with one another, it was not required to update its cybersecurity risk disclosure.

To the extent the SEC, in terming the disclosure generic, means to fault Solar Winds for not spelling out these risks in greater detail, the case law does not require more, for example, that the company set out in substantially more specific terms scenarios under which its cybersecurity measures could prove inadequate. As decisions in this District have recognized, the anti-fraud laws do not require cautions to be articulated with maximum specificity. Indeed, these decisions have recognized policy reasons not to require as a matter of law that disclosures be made at the level of specificity known to the issuer. Spelling out a risk with maximal specificity may backfire in various ways, including by arming malevolent actors with information to exploit, or by misleading investors based on the formulation of the disclosure or the disclosure of other risks at a lesser level of specificity.

Id. at 73. (emphasis added).

The Court also rejected the SEC's claim on SolarWinds' post-SUNBURST disclosures. "As to post-SUNBURST disclosures, the Court dismisses all claims. These do not plausibly plead actionable deficiencies in the company's reporting of the cybersecurity hack. They impermissibly rely on hindsight and speculation." Id. at 3. Judge Engelmayer found unpersuasive the SEC's allegation that the failure to state in a Form 8-K filing (made days after the discovery of the SUNBURST breach) that malicious code had been used in the two prior attacks made the filing materially misleading.

If you try to analyze a load file in Excel 365, you may have noticed that you don't get the option to set the text qualifier. When you imported a delimited text file, or .csv file, the previous versions of Excel would let you choose a specific text qualifier - a character that set off text fields between delimiters so that when the same delimiter, such as a comma, was used in within an imported field, an error would not result.

However, if you try to import a load file into Excel 365, by using 'From Text/CSV' or 'Get Data . . . From File' this option will be missing:

You can set a delimiter but not a text qualifier. If you want to import data into Excel with the old options, go to File . . . Options . . . and check off the option for 'From Text (Legacy)'.

Now when you go to Data . . . Get Data . . ., you'll see an option for Legacy Wizards:

. . . this will allow you to import data using the old wizard which gives you the option to set a text qualifier.

Sadly, Excel doesn't allow you to enter a custom text qualifier.

In the past I have posted about using vba code to automatically add hyperlinks into a Word document. The Tip of the Night for May 25, 2015 discussed how to add urls with a Visual Basic macro (to files saved on a network drive or a web address) after marking citations in the document in XE codes using the auto mark function. This code did not however work for citation references made in footnotes. The Tip of the Night for May 26, 2015 discussed a workaround using an add-in for MS Word called NoteStripper which converts footnotes to endnotes. The vba code works on the endnotes, which NoteStripper could then convert back to footnotes. However, formatting irregularities in the footnotes can prevent NoteStripper from reconverting the notes, and even when the reconversion worked, it was still necessary to carefully confirm that they were all placed back in the same spots in the document. However, the code works well in the body of a Word document, and in 2017 I posted a YouTube video describing the process.

I am now able to pass along an updated version of the vba code which will add links to both the body of a Word document and its footnotes at the same time without the need to bother with the often cumbersome process of converting the footnotes to endnotes, and reconverting them back again. Oscar Sun posted a response to my inquiry for a solution on stackoverflow.

The below visual basic code works the same way as the code discussed back in May 2015, converting urls added to XE codes to hyperlinks - but this version processes both the body and the footnotes at the same time. The steps can be followed in the below animated gif.

The key to editing the vba code is to enter the full path to the folder containing the documents you are linking to with only the first letter of that folder on the line of code beginning: If Left$(url, 4) = "

. . . change the 4 to the character count for that truncated path. So for example:

If Left$(url, 14) = "C:\foofolder\e" Then

. . . because 'C:\foofolder\e' is 14 characters long.

On the next line you want to account for how many words are used in the citations you are linking to. In this case since each citation is two words, 'Exhibit 01'; 'Exhibit 02', etc., we enter:

isHyper = 2

That's it. So long as you can generate a list of the citations in your brief or expert report and put them in a table with the corresponding PDFs you're linking to, you can automatically add 10 or 10,000 hyperlinks in your Word document.

Sub MakeHyperlinks() Dim afield As Field Dim url As String Dim isHyper As Integer Dim sr As Range For Each sr In ActiveDocument.StoryRanges 'For Each afield In ActiveDocument.Fields For Each afield In sr.Fields If afield.Type = wdFieldIndexEntry Then isHyper = 0 afield.Select Selection.Collapse url = Right$(afield.Code, Len(afield.Code) - 5) url = Left$(url, Len(url) - 2) If Left$(url, 4) = "../F" Then isHyper = 1 End If If Left$(url, 4) = "../T" Then isHyper = 2 End If If isHyper <> 0 Then Selection.MoveStart unit:=wdCharacter, Count:=-3 Selection.MoveStart unit:=wdWord, Count:=-isHyper afield.Delete ActiveDocument.Hyperlinks.Add Anchor:=Selection.Range, _ Address:=url End If End If Next afield Next sr End Sub