First it was the White House. Then the United States Postal Service (USPS). Two days later it was the National Oceanic and Atmospheric Association (NOAA). And now, the State Department.
The Associated Press reported on Sunday that the State Department detected “activity of concern” lurking in its systems since October, around the same time as the White House computer network breach.The two incidents appear to be tied, Jeff Rathke, State Department spokesman, told the AP in a Monday report. This recent attack is said to have not affected any State Department classified systems.
However, Rathke did say the attack impacted unclassified email systems. Although officials said they initially took the department's email system down for regularly scheduled patching, the State Department ended up needing to make more significant and comprehensive updates than those scheduled because of the attack. The email system was still down on Monday.
Multiple researchers have seen these attacks as evidence of foreign governments attempting to poke around U.S. networks to see what information is readily available.
“It seems likely that they are trying to see if they can penetrate government systems to gain access to classified networks,” Eric Cowperthwaite, vice president, Advanced Security & Strategy, Core Security, said in an email correspondence with SCMagazine.com. “(They could also be) conducting general surveillance and gaining intelligence on the security capability of our systems.”
Chinese government hackers were suspected in the USPS incident, as well as in the NOAA website hacks, according to reports. The breach at the White House was attributed to Russian hackers. However, no ties have been linked to attackers in this incident.
In an email correspondence with SCMagazine.com, Tom Cross, security research director, Lancope, explained that the response to these attacks carries as much weight as the attack itself.
“These agencies know what they are doing; they know the threats that are out there and what it takes to defend against them and in spite of how well prepared they are, the attackers are still getting in,” he said. “The bottom line is that an organization's ability to investigate and respond when breaches like this occur is just as important as that organization's ability to prevent attacks from occurring, because on the internet today, incidents like this are inevitable.”