The State Department still has not been able to boot out hackers from its network, even after three months have passed since confirming that hackers have breached its unclassified email system.
The information was reported by the Wall Street Journal, citing three sources that are familiar with the matter.
Government officials, aided by the National Security Agency and third-party contractors, have made repeated scans of the network and have taken several systems down. However, investigators are still seeing signs that the hackers are still in the computers of the State Department, as whenever a hacker tool is found and blocked, the hackers tweak the tool to be able to again breach the defenses of the system.
Investigators are also seeing signs that the hackers are attempting to re-enter systems that have been scrubbed clean using tweaked versions of the malware.
The sources said that the amount of data that the hackers have taken have not been determined, but confirm that the hackers only have access to the unclassified portion of the State Department's email. Unclassified email, however, may still include pieces of sensitive intelligence.
The persistence of the hackers in the State Department's system shows the common problem in cybersecurity that launching offensive attacks is much easier than setting up impenetrable defenses.
There has been no official announcement on who are the attackers behind the security breaches. However, five sources said that there was a possibility of an involvement by the government of Russia in the hack attacks.
The malware used for hacking into the State Department's unclassified emails is similar to the hacker tools that have previously been linked to Russia. Two sources stated that the hackers extracted emails related to the Ukraine crises, and additionally, the hack attacks appeared very similar to a security breach on the unclassified email system of the White House, which has also been linked to Russia.
While the embassy of Russia has not responded to requests for comments on the matter, it is known that the United States and Russia have been implementing hacking tricks on one another. Just this week, Kaspersky Lab ZAO, a cybersecurity company in Russia, released a report on the spying activities carried out by the United States against Russia and other nations.
It is thought by investigators that the hackers were first able to breach the computers of the State Department through a phishing link that was clicked on by one of the employees. By clicking the link, the employee allowed malicious software to enter the system.
