The U.S. State Department revealed
some details of how its computer networks were penetrated last Summer. The
attack was a precision one, with special emails sent to specific individuals in
embassies overseas. If the recipient opened the official (State Department
style) looking WORD file that accompanied the email, a secret bit of code would
load a program on the PC, and enable the hackers to obtain passwords and other
useful data. This penetration eventually triggered some of the defenses in
State Department networks, and resulted in the very public shut down of State
Department Internet access in east Asia. This was done to enable engineers to
find and remove all the hacker software that had been planted in State
Department computers. But before that, the U.S. engineers were monitoring what
the hackers were doing. This was going well, until the Associated Press got
wind of the penetration, and went public with it. This let the hackers know
that they had been discovered and were being watched.
This penetration was on the same scale as several
others, against Department of Defense networks, last year. There have been at
least four of these major attacks, hitting targets like the National Defense
University, the Naval War College and Fort Hood. Each of these cost $20-30
million to clean up after.
Expect to hear more about this battle in the coming
year. Whoever is behind the attacks, has been careful to conceal their
identity. Cyber War experts believe much of the action is coming from China.
But there has not been any official recognition of this, although there may be
discreet diplomatic discussions going on about it. Some of the activity appears
to be coming from criminal gangs, who are known to do corporate espionage, for
a price. Foreign nations have hired these gangs in the past, to break into
American government networks and steal things. A lot of attackers are still
"recreational Hackers" (usually teenage males with too much time on their
hands.) But the State Department hit had all the marks of a professional
The scariest aspect of all this is that the
attackers keep improving their tools and techniques. It's gotten to the point
that, you can't always be sure you've cleaned all the malware out of an
infected system, once you've done all you could to clean it up.