The US State Department spent the weekend trying to mop up its unclassified email system and public sites in the aftermath of a recent attack.
The attack was first reported by The Associated Press on Sunday.
A senior department official told the AP that the agency discovered “activity of concern” in or around September: the same time as the intrusion that hit the White House’s networks.
The White House attack is similar to that at the State Department in that it also targeted unclassified networks, and it similarly resulted in a temporary shutdown of communications systems.
Following fast on the heels of the White House breach came news of attacks on the US Postal Service (USPS) and the National Oceanic and Atmospheric Administration, making the State Department the fourth US government agency to be hit in a matter of weeks.
The State Department official, who spoke without authorization and thus wasn’t named, told the AP that the agency’s classified systems were not affected.
He or she said that the department shut down its worldwide email late on Friday as part of a scheduled outage of some of its internet-linked systems to make security improvements to its main unclassified computer network.
The State Department obviously didn’t want to publicize the fact that its systems had been invaded.
On Friday, the department had announced that “maintenance” would be done, classifying it as a routine, scheduled outage.
But on Sunday, following the AP’s report of the breach, officials acknowledged they had found traces of suspicious activity in their system and were updating security in the middle of the scheduled outage, according to the Washington Post.
It was a pretty complete shutdown: duty officers were reportedly forced to use Gmail accounts.
The senior State Department official declined to say how many of the department’s email accounts were affected, or whether personal information on employees may have been exposed as it was in the USPS attack, but the official did say that the system was expected to be working normally again “soon”.
So far, nobody seems to know who’s responsible for the breaches, although the governments of China and Russia have both been mentioned as possible suspects, particularly behind the attack on the White House.Follow @NakedSecurity