Federal and private security experts continue to be baffled by the existence of hackers prowling the U.S. State Department's unclassified email network. This is three months after the government affirmed that the department's systems were in fact breached.
The Wall Street Journal cited three people familiar with the investigation who said that specialists from the National Security Agency (NSA) and outside contractors have repeatedly scanned the network and taken down various systems offline, but hackers continue to persist within the network.
The problem, the sources claimed, is that the hackers keep changing their hacking techniques to get around the State Department's defenses. Whenever security workers discover one of these techniques and try to block it, the hackers would alter their code slightly to get around the NSA's defenses.
The sources also said the hackers have access only to the department's unclassified email systems and have no way into the classified network. However, access to unclassified emails still poses a threat, since sensitive data can still go into the contents of those emails, and hackers can also delete information or generate fake emails.
The intruders were able to hack into the system through a phishing email posed as an email about administrative matters. Investigators believe a State Department employee must have clicked on a bogus link in that email, which then proceeded to download malicious software into the computer and distribute the malware throughout the network.
"We deal successfully with thousands of attacks every day," said State Department spokesperson Marie Harf. "We take any possible cyber intrusion very serious -- as we did the one we discussed several months ago -- and we deal with them in conjunction with other relevant government agencies."
It is unclear who is behind the State Department email breach, but the Wall Street Journal said, according to five people familiar with the November hack, that investigators were looking to the Russian government as the attack's mastermind.
The sources said the tools used in the attack were very similar to malware used by Russian hackers in the past, including the tools used to breach the White House's unclassified email system last year, which officials believed was linked to Russia. Some of the emails that were taken, the sources said, were related to the animosity brewing between Russia and Ukraine over the Crimean Peninsula.
The report comes just days after Moscow-based security firm Kaspersky Labs released its own report about a highly advanced spying campaign by a group called the Equation Group.
Although Kaspersky did not explicitly name the U.S. as being behind the hacking group, Kaspersky's director of global research and analysis Costin Raiu said the group, which has been around for nearly two decades and uses extremely sophisticated tools that require tons of resources, must be backed by an agency such as the NSA. Russia is among the countries on the Equation Group's list of targets.
