Information Warfare: The State Department Surveys the Damage


April 22, 2007: The U.S. State Department revealed some details of how its computer networks were penetrated last Summer. The attack was a precision one, with special emails sent to specific individuals in embassies overseas. If the recipient opened the official (State Department style) looking WORD file that accompanied the email, a secret bit of code would load a program on the PC, and enable the hackers to obtain passwords and other useful data. This penetration eventually triggered some of the defenses in State Department networks, and resulted in the very public shut down of State Department Internet access in east Asia. This was done to enable engineers to find and remove all the hacker software that had been planted in State Department computers. But before that, the U.S. engineers were monitoring what the hackers were doing. This was going well, until the Associated Press got wind of the penetration, and went public with it. This let the hackers know that they had been discovered and were being watched.

This penetration was on the same scale as several others, against Department of Defense networks, last year. There have been at least four of these major attacks, hitting targets like the National Defense University, the Naval War College and Fort Hood. Each of these cost $20-30 million to clean up after.

Expect to hear more about this battle in the coming year. Whoever is behind the attacks, has been careful to conceal their identity. Cyber War experts believe much of the action is coming from China. But there has not been any official recognition of this, although there may be discreet diplomatic discussions going on about it. Some of the activity appears to be coming from criminal gangs, who are known to do corporate espionage, for a price. Foreign nations have hired these gangs in the past, to break into American government networks and steal things. A lot of attackers are still "recreational Hackers" (usually teenage males with too much time on their hands.) But the State Department hit had all the marks of a professional operation.

The scariest aspect of all this is that the attackers keep improving their tools and techniques. It's gotten to the point that, you can't always be sure you've cleaned all the malware out of an infected system, once you've done all you could to clean it up.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close