US officials have laid the blame for an attack against the Pentagon’s Joint Chiefs of Staff unclassified email system firmly on Russia’s doorstep.
Explaining how the second attack against the Pentagon this year had led to severe restrictions being placed on the network, officials said the work of around 4,000 military and civilian personnel had been disrupted (interestingly, The Register reports that staff were told the service disruption was an expected side effect of a planned system upgrade).
The latest attack, believed to have occurred on or around 25 July, had originally passed without any fingers being pointed, as evidenced by Pentagon spokeswoman Lieutenant Colonel Valerie Henderson’s statement to Reuters:
We continue to identify and mitigate cyber-security risks across our networks.
With those goals in mind we have taken the Joint Staff network down and continue to investigate. Our top priority is to restore services as quickly as possible.
As a matter of policy and for operational security reasons we do not comment on the details of cyber incidents or attacks against our networks.
But, according to the Guardian, when asked to comment on Russia’s potential involvement in the latest incident, one official said “It was a spearphishing attack traced to that country.”
If that is true, this attack against the Pentagon will be yet another example of how criminals are using information readily found on the web to craft personalised phishing emails to dupe the unwary into giving up passwords and other sensitive information.
If you want just one example of the magnitude of problems caused by such an attack, look at the Sony Pictures breach in November 2014, an attack we later learned had passed below the NSA’s radar as it failed to recognise the significance of the first spearphishing attacks two months beforehand.
In the case of the Pentagon, NBC News says the attack appeared to rely upon an automated system that gathered huge amounts of data that was then distributed out to thousands of accounts across the internet. This activity, it says, was coordinated via encrypted social media accounts.
The classified network used by the Joint Chiefs is said to be unaffected and no classified information has been stolen or otherwise compromised. Officials are hopeful that the network will be back up and running by the end of this week.
As for the attribution, the defense department says it is unsure who is behind the attack, though it was certainly the work of a “state actor”.
Unnamed sources, however, told NBC that the “sophisticated cyberattack” was launched by Russia, while another official threw an alternative name into the ring, telling Fox News that only one other country had the capability to pull off such an attack: China.
Given how difficult it is to pinpoint hackers who are becoming increasingly adept at covering their tracks, I for one will not be jumping to conclusions, unlike The Daily Beast which goes all out and suggests the involvement of the same Russian hacking team that infiltrated the State Department and the White House last year, an attack that saw President Obama’s unclassified emails compromised.