The FBI has opened investigations into hacking attacks on the U.S. State Department and Postal Service amid a rash of computer intrusions that cybercrime experts say bear the hallmarks of espionage.
The weekend hacking attack at the State Department, which forced officials to disable part of the agency e-mail system through yesterday, may be linked to a previously disclosed intrusion of the White House network.
U.S. officials said no classified information was stolen.
Hackers can glean valuable insight about government operations and personnel by watching activity on unclassified networks, said John Dickson, a principal with the software security company Denim Group Ltd. in San Antonio. That suggests the attacks’ motive was espionage, said Dickson, a former U.S. Air Force cybersecurity specialist.
“Don’t underestimate the importance of these attacks,” Dickson said in a phone interview. “Unclassified networks provide attackers a lot of context and they could provide a jumping off point” for more serious attacks.
U.S. agencies are under constant assault by hackers and the number of reported breaches on federal computer systems surged to 46,605 in 2013 from 26,942 in 2009, according to the U.S. Computer Emergency Readiness Team. U.S. officials have accused Russian and Chinese hackers of being behind other computer intrusions, although it’s often difficult for investigators to pinpoint the exact sources and motives.
The FBI announced yesterday that it opened investigations into the State Department attack as well as a separate hack on the Postal Service.
“We are aware of these reports and are working with our interagency partners to investigate the matter,” Joshua Campbell, a spokesman for the Federal Bureau of Investigation, said in an e-mail.
He declined to comment on any link between the State Department and White House attacks, though State Department spokesman Jeff Rathke told reporters in Washington yesterday they are thought to be linked.
The Postal Service attack jeopardized the names, birth dates and Social Security numbers for 800,000 employees. Names, addresses, telephone numbers and e-mail accounts of customers who called or e-mailed the Postal Service Customer Care Center from Jan. 1 through Aug. 16 also were vulnerable, according to a Nov. 10 statement.
The National Oceanic and Atmospheric Administration, which runs the National Weather Service, says four of its Web sites were hacked in recent weeks.
Unclassified government networks usually don’t have information that criminals would steal for making money, such as credit card numbers, Dickson said. That’s why it’s likely the attacks were espionage attempts, he said.
“Nation-state players have such incredible resources that they will collect and analyze little bits of pieces of data that in aggregate means something,” he said.
The FBI last month reported a trend in which agents of foreign governments work with criminals to carry out hacking attacks on companies for financial gain.
The State Department disconnected its unclassified system from the Internet during a scheduled update, meaning officials were communicating outside the agency using private services like Google Inc.’s Gmail.
Internal, unclassified communications remained accessible and government employees could send e-mails to each other, Rathke, at the State Department, said. The department’s separate classified e-mail systems wasn’t affected, he said.
“We have no reason to believe classified information was compromised,” he said. Rathke declined to comment on who may be behind the attack.
“The compromise of public and private sector systems is something we take very seriously, and the FBI will continue to investigate and hold accountable those who pose a threat in cyberspace,” the FBI’s Campbell said.
The Obama administration said in October that it had identified potentially threatening activity on the White House computer network.
Russian government or criminal hackers are suspected of being behind the attack on the White House computer system, according to two American officials. It’s not clear whether the attack was carried out by Russian government agents or criminals, the officials said, speaking on condition of anonymity because they aren’t authorized to speak to the media. The line between agents and criminal hackers is sometimes non- existent, they said.
The attack on the executive office was an inconvenience that “has not affected the ability of White House staffers and others who use the White House network to conduct their work on a daily basis,” Obama spokesman Josh Earnest said at an Oct. 29 briefing.
The attacks have renewed efforts by lawmakers to pass legislation that would let agencies and companies share information about hackers in order to better secure vital public and private computer networks.
“Criminals, hacktivists and nation states are attacking our government networks at an alarming rate,” Representative Michael McCaul, a Texas Republican and chairman of the House Homeland Security Committee, said in a statement.
“Every day that Congress does not pass vital and bipartisan cybersecurity legislation is a day Congress leaves this country vulnerable to these persistent and increasingly dangerous attacks,” McCaul said “If a larger attack occurs, it’s going to be on Congress for not acting.”
© Copyright 2022 Bloomberg News. All rights reserved.