US State Department Hack Has Major Security Implications

U.S. federal agencies have seen a string of cyberattacks in the past few months. The first to be affected was the White House, followed by the U.S. Postal Service, then the National Oceanic and Atmospheric Association. The U.S. State Department was also attacked, with “activity of concern” seen since October 2014 — the same time as the White House. According to a spokesman for the State Department, the attack seems to be linked to the one at the White House.

In the U.S. State Department hack, an unclassified email system was compromised, with emails related to the Ukrainian crisis among those stolen. Even though the attackers did not penetrate any classified areas of the network, officials concede that sensitive information that could be of value to foreign intelligence agencies is routinely shared in unclassified emails.

Phishing Email Sparks US State Department Attack

The attack reportedly started with a phishing email sent to a State Department employee that contained a malicious link that caused malware to be downloaded onto the computer. The attackers were then able to move laterally across the network, which incorporates thousands of computers spread across the United States as well as remote locations, including embassies. The vast extent of this network has hampered cleanup operations. The attackers are also believed to be using a rootkit, which is a worm that allows them to mask the majority of their activity.

Worst Attack Ever Against a Federal Agency

According to officials, the U.S. State Department hack is the worst that has ever been seen against a federal agency. The FBI is actively investigating the attack, which has demonstrated that there are serious security issues within the State Department’s network.

The system was first taken down for scheduled patching, but more comprehensive measures were required. Efforts were made to harden the system and automatically archive all emails, something that was not done previously. Other implemented measures included replacing 30,000 employee network login tokens and requiring them to change their passwords and PINs.

Comprehensive Measures to Boost Security

There has also been speculation that the attacks were the work of a foreign government. Whoever the perpetrators were, it is clear that more comprehensive measures should be taken to bolster security within the U.S. government and to raise security awareness to prevent others from falling victim to phishing attacks. All organizations — not just governments — need to beef up their ability to detect and respond to sophisticated attacks.

Consequently, among the measures being introduced by the U.S. government to improve security is legislation to encourage information sharing about cybersecurity threats. One such bill, known as the Protecting Cyber Networks Act, encourages private companies to share information via a civilian portal without fear of reprisal, since they will be provided with liability protection.

According to the bill’s backers, the business community welcomes such a move, as they hope it will help to stave off the threat of some of the mega-breaches seen recently. While previous efforts to introduce information sharing legislation have not been successful owing to fears that they would lead to increased surveillance, those concerns have largely been assuaged with this latest legislation, raising hopes that it will ultimately be successful.

Share this Article:
Fran Howarth

Senior Analyst, Bloor Research

Fran Howarth is an industry analyst and writer specialising in security. She has worked within the security technology sector for more than 25 years in an advisory capacity as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include cloud security, data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations.