newsfactor | Last November, the State Department announced it would be performing
"maintenance" on its non-classified e-mail systems during regularly
scheduled system downtime. However, The Associated Press later revealed
that the "maintenance" actually consisted of unplanned security
enhancements to address what State Department officials conceded were
signs of "suspicious activity."
Underscoring the severity of the intrusion, the State Department shut
down its unclassified e-mail system around the entire world. State
Department officials told media outlets at the time that they were using
their personal Gmail accounts in order to get their work done.
Although the State Department predicted that the issue would be resolved
within 48 to 72 hours, the intrusion has clearly lingered. Still
unresolved is the amount of material that might have been seized by the
hackers, or whether the hackers were able to use the unclassified e-mail
system as a staging area for attacks on more sensitive computer
networks.
Global Hack Attacks
The hacker intrusions into the State Department unclassified e-mail
system were actually first detected in October 2014, at about the same
time that hackers attempted to gain entry to computer systems at the
White House, the National Weather Service, and the U.S. Post Office.
No specific nation or group has been identified as the alleged source of
the attacks, although there was speculation that the White House was
targeted by Russian hackers and the other government agencies by Chinese
intruders. In its report Thursday, the Journal cited unnamed sources
who believed the State Department intrusions also originated from
Russia.
One aspect of the attacks that has left U.S. investigators somewhat
puzzled, however, is the fact that they have been able to detect the
intrusions at all. Their assumption, officials told the Journal, is that
Russian computer experts are at least as good as those working for the
United States, and that they are capable of avoiding this type of
routine detection. The fact that the attacks were so readily
identifiable suggests either that Russia was not using its starters, or
that the country was trying to send the U.S. some sort of message.
One thing that is relatively clear is how the initial infection
occurred. Investigators pin the blame on an unnamed State Department
official who apparently fell for a classic phishing attack. The hackers
created an e-mail message purporting to be about departmental issues,
and included a link to malicious software. All it took was for a single recipient to click on the link, and the infection was under way.
As numerous computer security experts have observed over the years, it
is vastly easier to play offense than defense in the cyber realm. Put
another way, a hacker only has to get lucky once; network defenders have
to be perfect all the time.
0 comments:
Post a Comment