Categories: Cyber CrimeCyber warfareIntelligence

US State Department – Hackers still in the Email System

Three months from the incursion in the network of the U.S. State Department e-mail system, US specialists are still working to secure the networks.

In November 2014 the State Department has taken the unprecedented step of shutting down its entire unclassified email system in response to a suspected cyber attack.

‘Activity of concern’ was detected in the system concurrently with another cyber attack which hit the network at the White House computer network. A State Department staffer answering a call to the State Department Operations Center revealed that, as a precautionary measure, the e-mail system remained down.

In the same period, other US agencies were targeted by hackers, including the U.S. Postal Service and the National Weather Service, the U.S. Military confirmed that its systems were secured, according to official sources, none of the State Department’s classified systems were affected.

The State Department personnel were asked to stop using official emails and use Gmail instead.

In November, Government officials reported to the ABC News agency that hackers have compromised computing systems in many nation’s critical infrastructure. The attackers have infected the software that runs in the critical infrastructure with a malware, the circumstance creates a lot of anxiety in Intelligence and military industry due to the vital role of the hacked architecture. Sources reported to the news agency that the attacks appear to be state-sponsored hacking campaign and that the Russia is the nation that is coordinating them.

Returning to the present, three people familiar with the investigation at the State Department have reported to the Wall Street Journal that the US Government is still working to sanitize the email systems of the State Department. The circumstance is very concerning because the hackers still have access to the network of the Government Agency.

“Three months after the State Department confirmed hackers breached its unclassified email system, the government still hasn’t been able to evict them from the department’s network, according to three people familiar with the investigation.” states the Wall Street Journal.

The US intelligence is trying to fight back the hackers and track them, but it is an ongoing battle that foreign attackers are winning because they are still able to find new entry points in the US networks.

The sources explained that US authorities are still investigating the data breach and in time I’m writing they still haven’t a clear picture of the overall data accessed by the hackers.

“We deal successfully with thousands of attacks every day,” State Department spokeswoman Marie Harf said in an official statement. “We take any possible cyber intrusion very serious as we did with the one we discussed several months ago and we deal with them in conjunction with other relevant government agencies.”

Who is behind the attack?

The investigation was conducted by FBI and Secret Service, the authorities speculate that the attacks were coordinated by a foreign government, Russia or China were among the primary suspects. Experts involved in the investigation reveals that Russia remains the first suspect because of the similarity of the malware used in the attack and the malicious code used in other attacks worldwide linked to Russian state-sponsored operations, including the recent attacks following the Ukraine crisis.

The nature of the attack suggests that it may have originated in Russia, one of the officials said. A former U.S. intelligence official said that country has developed cyber-espionage capabilities that are almost equal to those of the U.S. National Security Agency.

“The intrusions coincide with rising tensions between the U.S. and Russia, and hackers linked to the government of Russian President Vladimir Putin have used the same “phishing” technique, in which the opening of deceptive e-mail attachments downloads malicious software, to attack other unclassified U.S. government e-mail systems. So far, investigators from the NSA and private contractors haven’t reached a firm conclusion about the intruders’ origins, said the two officials involved in the inquiry.” reported Bloomberg.

The Russian Government and FBI refused to comment on the investigation.

[adrotate banner=”9″]

[adrotate banner=”12″]

Edited by Pierluigi Paganini

(Security Affairs – US State Department, US Government)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.