he U.S. Department of State is reporting “activity of concern” in parts of its e-mail system, according to several news reports, citing a senior official. It’s too early to tell if it’s a hacking attempt from a foreign nation — at least government officials aren’t willing to disclose the suspected source.
According to the Associated Press, the State Department has made an unprecedented move — shutting down its entire unclassified e-mail system while its technicians work to repair possible damage from the attack. The AP reported that the activity was discovered around the same time a hack of the White House computer network was noticed in late October. Since that time a number of agencies, including the U.S. Postal Service and the National Weather Service, have also reported attacks.
“The department recently detected activity of concern in portions of its unclassified e-mail system,” the State Department official said in a published statement. “There was no compromise of any of the department’s classified systems.”
No Stopping Them?
Eric Cowperthwaite, Vice President of Advanced Security & Strategy at computer and network security firm Core Security, told us there are a couple of important things we can learn from this news. First, is that the U.S. government is now a significant target for bad guys and that is going to continue, and probably get worse. he said.
“The fact that the bad guys are able to, presumably, breach and compromise the unclassified systems is also important to understand. That leads to the second important thing in this ongoing story about an attack against the government,” Cowperthwaite said. “Their unclassified systems are still protected by security measures, just not to the same degree as the classified ones.”
Cowperthwaite noted that most U.S. businesses protect their networks and computer systems with technology that is on par with what the U.S. government requires of unclassified systems. Since that’s the case, it’s clear that businesses, including retail, healthcare, financial services, public utilities, and municipal governments are not going to be able to stop a capable adversary, he said.
“With 90 percent of all computer networks and defenses in private hands, the risk is clearly very high. Businesses must do more to understand the threats and how they are vulnerable,” he said. “They are going to have to greatly increase their maturity and capability in the face of this ongoing threat.”
No Official Responsibility
We turned to Ken Westin, security analyst from advanced persistent threat protection firm Tripwire, to see what he had to say about the mysterious suspected hack. He told us it looked like independent or state-sponsored hacking groups in a reconnaissance phase probing government agency networks to identify vulnerabilities and the data they can access.
“Although no damage has been inflicted on these systems or data reportedly stolen, these outages could be a precursor to a more organized attack,” Westin said.
“This is the fourth agency that has announced a compromise in the past few weeks, and others may have seen similar activity, but that information has not been made public. There has not been any announced link or official attribution to the attacks at this point,” he added.