Thursday, March 05, 2015

need to get office 365 in the cloud and let new delhi handle exchange security...,


newsfactor |  Last November, the State Department announced it would be performing "maintenance" on its non-classified e-mail systems during regularly scheduled system downtime. However, The Associated Press later revealed that the "maintenance" actually consisted of unplanned security enhancements to address what State Department officials conceded were signs of "suspicious activity." 

Underscoring the severity of the intrusion, the State Department shut down its unclassified e-mail system around the entire world. State Department officials told media outlets at the time that they were using their personal Gmail accounts in order to get their work done. 

Although the State Department predicted that the issue would be resolved within 48 to 72 hours, the intrusion has clearly lingered. Still unresolved is the amount of material that might have been seized by the hackers, or whether the hackers were able to use the unclassified e-mail system as a staging area for attacks on more sensitive computer networks.
Global Hack Attacks 

The hacker intrusions into the State Department unclassified e-mail system were actually first detected in October 2014, at about the same time that hackers attempted to gain entry to computer systems at the White House, the National Weather Service, and the U.S. Post Office. 

No specific nation or group has been identified as the alleged source of the attacks, although there was speculation that the White House was targeted by Russian hackers and the other government agencies by Chinese intruders. In its report Thursday, the Journal cited unnamed sources who believed the State Department intrusions also originated from Russia. 

One aspect of the attacks that has left U.S. investigators somewhat puzzled, however, is the fact that they have been able to detect the intrusions at all. Their assumption, officials told the Journal, is that Russian computer experts are at least as good as those working for the United States, and that they are capable of avoiding this type of routine detection. The fact that the attacks were so readily identifiable suggests either that Russia was not using its starters, or that the country was trying to send the U.S. some sort of message. 

One thing that is relatively clear is how the initial infection occurred. Investigators pin the blame on an unnamed State Department official who apparently fell for a classic phishing attack. The hackers created an e-mail message purporting to be about departmental issues, and included a link to malicious software. All it took was for a single recipient to click on the link, and the infection was under way. 

As numerous computer security experts have observed over the years, it is vastly easier to play offense than defense in the cyber realm. Put another way, a hacker only has to get lucky once; network defenders have to be perfect all the time.