Slashdot Mirror

← Back to Stories (view on slashdot.org)

US State Department Can't Get Rid of Email Hackers

Posted by Soulskill on from the your-government's-computer-is-broadcasting-an-IP-address dept.

An anonymous reader sends this quote from a Wall Street Journal report: Three months after the State Department confirmed hackers breached its unclassified email system, the government still hasn't been able to evict them from the network, say three people familiar with the investigation. Government officials, assisted by outside contractors and the National Security Agency, have repeatedly scanned the network and taken some systems offline. But investigators still see signs of the hackers on State Department computers, the people familiar with the matter said. Each time investigators find a hacker tool and block it, these people said, the intruders tweak it slightly to attempt to sneak past defenses. It isn't clear how much data the hackers have taken, the people said. They reaffirmed what the State Department said in November: that the hackers appear to have access only to unclassified email. Still, unclassified material can contain sensitive intelligence.

86 comments

  1. It probably IS the NSA by Dr_Barnowl · · Score: 4, Informative

    Isn't asking the NSA to secure your system like asking the fox to check the barbed wire fence around the henhouse?

    1. Re:It probably IS the NSA by Shakrai · · Score: 2, Funny

      The National Security Agency (NSA) is a United States intelligence agency responsible for global monitoring, collection, decoding, translation and analysis of information and data for foreign intelligence and counterintelligence purposes - a discipline known as Signals intelligence (SIGINT). NSA is also charged with protection of U.S. government communications and information systems against penetration and network warfare. The agency is authorized to accomplish its mission through clandestine means, among which are bugging electronic systems and allegedly engaging in sabotage through subversive software.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:It probably IS the NSA by Anonymous Coward · · Score: 2, Funny

      Yes but all the fox does is record all the clucks between chickens and run cluck search algorithms to make sure none of the chickens are actually terrorists chickens. The fox apparently did nothing about the chicken outside the henhouse clucking.

    3. Re:It probably IS the NSA by blue9steel · · Score: 1

      For some reason we have the civilian crypto folks, the overseas & local info spies and the cyber warfare command all packed into the same agency. It's a bad design that compromises their mission.

    4. Re:It probably IS the NSA by Anonymous Coward · · Score: 1

      Well, that explains why the NSA hacked into computers belonging to congress! They were "protecting U.S. government communications and information systems," obviously.

      With a reputation like that, I can't see why anyone would even consider it a possibility that they also were responsible for this.

    5. Re:It probably IS the NSA by Anonymous Coward · · Score: 0

      Isn't asking the NSA to secure your system like asking the fox to check the barbed wire fence around the henhouse?

      The problem with that analogy is that the fox already does check the fence around the hen house and is why you lose hens. In this case it's more likely incompetent or handcuffed-by-management sysadmins as to why this is persisting. That and idiots users that need some serious behavioral correction when it comes to email, classified or not.

    6. Re:It probably IS the NSA by rmdingler · · Score: 3, Insightful

      If you've lived in the U.S. long enough, you may find yourself of the opinion that the real enemies of the state are in Congress.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    7. Re:It probably IS the NSA by Aighearach · · Score: 1

      Because a programmer that replaces something... must not know how it works?

      Uh.....

      I know you wanted to spew some hate, but I don't think you really thought that one through. If my SysV init scripts needed "checking," and I had Mr Poettering in my employ, he would be a fine person to "check" them because he is a talented programmer who understands shell scripting.

      BTW, it is SysV init, not sysVinit. It just means the style of init script that AT&T had in their System V UNIX from the 80s, which replaced the BSD style that was in use prior to that. (And that continues to be used by the major BSD distros today)

      To make the current hate-spewing-fad even funnier in its ignorance, Slackware Linux doesn't even use SysV-style init, they use BSD-style. And Gentoo doesn't use either. You wouldn't know it from Slashdot comments though, where Slackware users who don't know shit about *nix init systems or shell scripts will happily defend their intention to "keep" using SysV init. roflcopter!

    8. Re:It probably IS the NSA by Anonymous Coward · · Score: 0

      You are so right. The legislative branch is tearing the country apart. They ignore the real problems and elevate meaningless issues meant to distract the public. The hardcore fringe elements on both the left and right just throw gasoline on the hot topics just to watch the country burn.

    9. Re: It probably IS the NSA by Anonymous Coward · · Score: 0

      You clearly failed to obtain a sufficient history education causing a lack of critical awareness. Congress is not the root cause. Over indulging the federal government and empowerment of the Executive is a greater threat. Keep telling yourself Rome, King Charles and Oliver Cromwell...

    10. Re:It probably IS the NSA by MobSwatter · · Score: 1

      In all actuality, Congress was a part of a democracy, to put a finger on Congress would be like the pot calling the kettle black. What we have is a first world problem and they don't run a democracy. There cannot be a single order over the entire world with respect to individuality or culture.

    11. Re:It probably IS the NSA by drinkypoo · · Score: 2

      To make the current hate-spewing-fad even funnier in its ignorance, Slackware Linux doesn't even use SysV-style init, they use BSD-style.

      Last I checked, slackware did use sysvinit for its init process, just without SysV-style init scripts. Let's see, hmm, there is actually support for SysV init scripts, and it sure looks to me like there's a sysvinit package.

      And Gentoo doesn't use either.

      Uh no. Guess what? OpenRC doesn't replace your init. Gentoo does use sysvinit, with OpenRC.

      roflcopter!

      I guess what makes the roflcopter go around and around is that you're laughably ignorant, and complaining that others are ignorant about the very things about which you're currently displaying your ignorance.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    12. Re:It probably IS the NSA by Aighearach · · Score: 1

      Quoting from the file you linked:

      # something goes wrong. For this reason, Slackware has always
      # used the traditional BSD style init script layout.

      In the 70s there was BSD style init.
      In the 80s came AT&T style init, later to be known only as SysV-style.
      (crickets)
      (more crickets)
      In the `10s came systemd, and those remotely managing large numbers of systems rejoiced in the virtual streets, briefly until bands of ruffians got their neckbeards bunched and started throwing rotten fruit.

      You're saying I'm ignorant because I think slackware uses BSD-style init. But Slackware agrees with me. And according to their own compatibility package, they've always done things that way. They probably always will, too. My first distro was slackware 3.0, they're pretty awesome. I got it on a disk glued to a computer magazine. Then I spent 3 days downloading an ISO so I could upgrade to 3.5. It was pretty awesome after being stuck on SunOS for a long time.

      The part where you fell on your face was when you missed the word "style" when I said, "Slackware Linux doesn't even use SysV-style init, they use BSD-style." So then you conflated the actual init process. But when people are talking about [BSD|SysV]-style, they're talking about the scripts. So you mixed up the two similarly named things that are confusing here, and decided on that basis that I'm "ignorant." I'll give you another hint, I looked it up and verified my memory before I said it.

    13. Re: It probably IS the NSA by Anonymous Coward · · Score: 0

      point still remains, systemd is crap. thanks for pointing that out.

    14. Re:It probably IS the NSA by nightsky30 · · Score: 1

      I think I found the fox's security assessment.

    15. Re:It probably IS the NSA by __aanbvm4272 · · Score: 1

      ANSWER: use real post office mail. Not hackable AND we can save the US post office from looking for additional revenue too. Sometimes convenience needs to be examined under a microscope. Send a hard copy. Then the NSA will get a paper cut opening envelopes and quit spying...Naaaaaah! At least it won't be so easy to spy on the disgruntled crowd.

    16. Re:It probably IS the NSA by drinkypoo · · Score: 1

      The part where you fell on your face was when you missed the word "style" when I said, "Slackware Linux doesn't even use SysV-style init, they use BSD-style."

      But you were wrong.

      So then you conflated the actual init process. But when people are talking about [BSD|SysV]-style, they're talking about the scripts.

      Yes, and slackware will use both BSD-style init scripts, and sysvinit-style. Which is why I didn't fall down, and you are now just talking out of your ass to try to make what you said correct, when it isn't.

      You are free to install sysvinit scripts for every single daemon you ever install on your slackware box. It's left up to the individual.

      You are ignorant, and you're also a disingenuous douchebag.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    17. Re:It probably IS the NSA by Aighearach · · Score: 1

      You say I[sic] was wrong, but you're accusing slackware of not knowing what system they use. BSD-style is a real thing. You can't tell the difference, but they can. And AT&T could. And people that can't tell the difference probably shouldn't be pining for software that is over 30 years old. Figure out what it is first.

      Or do you think, because they allow you to use a different one, that changes which one "slackware uses?" That would be daft, because Fedora still "lets" a person use SysV crap. So then all the systemd whining would be self-refuting. Usually only 3/4th of it is.

  2. Clearly these hackers just need jobs!!! by DaHat · · Score: 2

    ... or is that 'too nuanced’ of an explanation?

    Maybe we just can't clean our way out of these attacks?

    --
    Help Brendan pay off his student loans
    1. Re:Clearly these hackers just need jobs!!! by ScentCone · · Score: 5, Insightful

      Mr. Laden didn't carry out the attacks himself: he got grunts to it.

      Yeah, he conned a bunch of uneducated, down-on-their-luck grunts into abandoning their personal sense of decency and agreeing to kill thousands of people - not because their religious convictions told them it was the right thing to do, but because ... they just couldn't find work?

      That must have been the case with "grunts" like Mohamed Atta, right? Totally uneducated. Well, except for going to college to study architecture, and spending time at the Technical University of Hamburg. You know where he met with other poor grunts who could only afford to do things like fly back and forth between Germany and various middle eastern destinations, spend time training in Afghanistan, and so on. He traveled to Spain for some meetings, then - the poor, uneducated, desperate guy! - flew to Maryland, where he met up with fellow grunt Hani Hanjour, then off to other destinations where the fellow grunts were living in various states of perfectly comfortable. They didn't just round up some scruffy guys from some poverty-stricken village in the desert and talk them into this because they had no options. These were people who were dedicated to the world view preached by Bin Laden and their intellectual fellows in the Taliban. Focusing on the leaders IS important, because it's what they say and stand for that thousands and thousands of their compatriots - including those living comfortably in western nations, where they've been educated and employed - find agreeable enough to follow.

      This whole notion that the guys running, say, the media production facilities, newsletter operations, and logistics for groups like ISIS as they line up insufficiently hardline Muslims and of course western hostages out of whom they can't squeeze enough cash, and lop off their heads or burn them alive ... that the guys doing that are doing so because they're not happy with the local employment prospects ... that would be really funny if it weren't so dark and just plain evil. Not enough schools? Of course not! These are the people who are dragging the teachers out into the street and shooting them in the head before they burn down the schools. The problem isn't lack of foreign investment, it's cultural rot in the form of their local religion crashing headlong into the rest of the world's more contemporary ways of life. These guys don't want modern jobs, they want medieval jobs.

      --
      Don't disappoint your bird dog. Go to the range.
    2. Re:Clearly these hackers just need jobs!!! by Tablizer · · Score: 1

      Those with college degrees rarely seem to do the dangerous parts themselves. Managing is a lot more fun than blowing your brains out in a market.

      Anyhow, without reliable surveys on the profile of the average terrorist or extremist, it's just speculation or thumbnail estimates from reporters either way, and probably not worth arguing about.

      --
      Table-ized A.I.
    3. Re:Clearly these hackers just need jobs!!! by DaHat · · Score: 1

      Your continued attempts at deflection continue to amaze. First you attack the source I cited (I could have picked one of many, NRO seemed the least controversial. Clearly though you didn't click on it as it has a YouTube video from CNN where the quote I was mocking was uttered), now you speak about 'surveys' and call comments like the above just 'speculation or thumbnail estimates'... why don't you try doing what ScentCone did above... offer some specifics?

      Allow me, lets consider the terrorists who hijacked the two aircraft that ran into the World Trade Center with some quotes from their Wikipedia pages about their education or work history:

      American Airlines Flight 11 – One World Trade Center

      • Mohamed Atta - ibid
      • Abdulaziz al-Omari - "attained a degree from the Imam Muhammad Ibn Saud Islamic University"
      • Wail al-Shehri - "After graduating from Abha teachers college in 1999, Wail al-Shehri took a job as an elementary school physical education teacher at the Khamis Mushait airbase."
      • Waleed al-Shehri - "Studying to become a teacher like his brother", left to go see a faith healer. Later, "Waleed later served in the security forces at Kandahar International Airport with Saeed al-Ghamdi."
      • Satam al-Suqami - "Suqami was a law student at the King Saud University"

      United Airlines Flight 175 – Two World Trade Center

      • Marwan al-Shehhi - "was admitted into a military scholarship program that allowed him to continue his education in Germany", later "Marwan returned to Hamburg to study shipbuilding"
      • Fayez Banihammad - "Banihammad left his family to pursue relief work"
      • Mohand al-Shehri - "Shehri was a former college student who dropped out after failing his courses"
      • Hamza al-Ghamdi - no mention
      • Ahmed al-Ghamdi - "Ghamdi quit school to fight in Chechnya against the Russians in 2000"

      As we see, most of these men had some level of education beyond grade/high school. Many pursued college, some graduated and worked, some dropped out, either to go fight, or more often because they struggled academically.

      I'd bring up the other two planes... but I think you get my point.

      I shall now wait for your next attempt to move the goal posts.

      --
      Help Brendan pay off his student loans
    4. Re:Clearly these hackers just need jobs!!! by Tablizer · · Score: 0

      I didn't deflect. You are still cherry-picking. These are not scientifically chosen examples by any stretch. It still says nothing about the average. You have offered no evidence about the average.

      And why are you mostly focusing on US terrorism? Education visas can be a rouge to stay in the US longer and/or learn the language and culture in order to blend in better.

      --
      Table-ized A.I.
    5. Re:Clearly these hackers just need jobs!!! by DaHat · · Score: 2

      Yes, deflection.

      A point is raised and you poo poo it by attempting to divert attention rather than argue something substantive.

      An additive point is raised and you poo poo it again by again attempting to divert attention rather than argue something substantive.

      A valid premise which you still reject is expanded upon... and all you can do is poo poo it without citing A SINGLE THING while still trying to divert attention to something else.

      You had 3 chances, you struck out.

      --
      Help Brendan pay off his student loans
    6. Re:Clearly these hackers just need jobs!!! by Tablizer · · Score: 0

      Projection. You have no proof of average boom boom edu or income, and are guessing out of your south pipe. The average is key to this debate and you shed darkness on it. You lost. Go home.

      --
      Table-ized A.I.
    7. Re: Clearly these hackers just need jobs!!! by Anonymous Coward · · Score: 0

      LOL are you kidding me? you offer no information on why he is wrong but continue to spout nonsense without backing it up. If this was a debate, you sir would lose. please turn in your low digit id because you are 100% worthless and useless in any slashdot discussion.

      thank you DaHat for roasting this kid.

    8. Re: Clearly these hackers just need jobs!!! by Tablizer · · Score: 1

      He shows nothing about the AVERAGE, especially over multiple nations. I cannot make it any simpler than that. If you don't understand averages, I can't help you.

      --
      Table-ized A.I.
    9. Re:Clearly these hackers just need jobs!!! by Tablizer · · Score: 1

      Not enough schools? Of course not! These are the people who are dragging the teachers out into the street and shooting them in the head before they burn down the schools....These guys don't want modern jobs, they want medieval jobs.

      People generally don't know they are ignorant until AFTER they are educated. You think those in the middle ages knew they were ignorant while they were doing medieval things?

      --
      Table-ized A.I.
    10. Re:Clearly these hackers just need jobs!!! by ScentCone · · Score: 1

      People generally don't know they are ignorant until AFTER they are educated. You think those in the middle ages knew they were ignorant while they were doing medieval things?

      Which has what to do with Islamist groups that seek out and destroy schools and educators because they are schools and educators? If your point is that they can't help themselves because they are ignorant, then you're indirectly also saying that they must be forced to overcome that ignorance (since they act, aggressively, to destroy the institutions that would gladly educate them if they showed up wanting an education). And forcing them to be educated means ... using force. It means physically protecting schools, teachers, and students with rough men willing to use violence to beat back the school destroying people and organizations.

      In the meantime, other cultures seem to have nicely figured out how to avoid embracing medieval sensibilities. They used to be anti-education theocracies, too. But they're not, now. What changed? Why can't these Islamist groups and their millions of Muslim apologists and funding sources do the same?

      --
      Don't disappoint your bird dog. Go to the range.
    11. Re:Clearly these hackers just need jobs!!! by Tablizer · · Score: 1

      It's a gradual process. A 30-year-old thug is probably a lost cause. Focus on his children.

      --
      Table-ized A.I.
  3. Researchs by Anonymous Coward · · Score: 0

    Those Researchers are such rascals!

  4. Hackers by Anonymous Coward · · Score: 0

    Today I was watching a virus infected machine call home to Haliburton's network.

  5. 'Unclassified' by Kaenneth · · Score: 1

    Does 'Unclassified' is this context mean not yet given a class, or is it the same as 'declassified'?

    1. Re:'Unclassified' by Anonymous Coward · · Score: 1

      No, unclassified means that it has never been classified. It may still be "sensitive" material though.

    2. Re:'Unclassified' by Anonymous Coward · · Score: 0

      it means it's not classified as anything or does not need to be classified but it can still be sensitive in various ways.

    3. Re:'Unclassified' by Anonymous Coward · · Score: 0

      Not to be confused with classless information which when politicians are caught with, they lose their job.

  6. Solution by Anonymous Coward · · Score: 0

    Make every emails classified. Even emails from little timmy who asked if you've seen his dog.

  7. Nothing can stop the PARTYVAN!!!!! by Anonymous Coward · · Score: 0

    let's all celebrate!

    it's a tempest party and i can cry if i want to cry if i want to

  8. Unclassified vs. declassified by Anonymous Coward · · Score: 0

    Unclassified implies something was and is still public.

    Declassified implies something was private, but the classification has been reversed and the thing is now unclassified.

    1. Re:Unclassified vs. declassified by PeterM+from+Berkeley · · Score: 1

      No, unclassified information is NOT necessarily public. There is a lot of stuff US government agencies don't reveal that isn't "classified" as Secret, Top Secret, Confidential or other. Like for example, Privacy Act information (government employees SSNs are one) is NOT public and is NOT classified.

  9. If you can't figure out... by Razed+By+TV · · Score: 4, Insightful

    ...how to get them off of your network, then I don't think I'd trust you to accurately determine what the hackers have and haven't accessed.

    1. Re:If you can't figure out... by CaptainDork · · Score: 1

      This.

      Is the goddam US government competent or not?

      They let Bradley Manning and Edward Snowden walk off with the goods and now they can't handle a breach from outsiders.

      Bunch of fucking Keystone cops.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re: If you can't figure out... by Tablizer · · Score: 1

      Yeah, they should contract out to Sony or Target instead.

      --
      Table-ized A.I.
  10. Blacklist by Anonymous Coward · · Score: 0

    "Each time investigators find a hacker tool and block it [...] the intruders tweak it slightly to attempt to sneak past defenses"
    Far be it from me to lecture the NSA and "outside contractors" about security, but doesn't that suggest they're taking a black-list approach, rather than identifying the security hole that the hacker tool exploited in the first place?

    1. Re:Blacklist by Em+Adespoton · · Score: 4, Interesting

      The security hole is likely end users. The software being "tweaked" is probably Word documents pushing Dyreza malware. The issue they face is that if they want to allow Office documents with embedded VBA macros (this is probably heavily embedded in their office workflows), it doesn't matter that they've identified the security hole, they can't close it without making massive changes to how they do business (or significantly change their IT security policies for desktop endpoint use).

      Based on the mincemeat the Office macro payloads have been making of everyone's security lately, this is probably all it is. There's probably no targeted hacking going on at all; just a failure to keep up with the latest generic malware attacks, like with almost everyone else. Of course, since the attackers probably realize by this point where they've gotten into, they're going to ensure they stay there by using the same methods.

      That said, it could be just about anyone else employing APT methods too -- wouldn't be all that difficult; just more difficult than deploying the already common crimeware packages you can get on the darknet at a discount.

    2. Re:Blacklist by datavirtue · · Score: 1

      "they're taking a black-list approach, rather than identifying the security hole that the hacker tool exploited in the first place?"

      I think everyone is mind numbingly in a thoughtless black-list approach. I used to work security at a college where I would perform application risk assesments, penetration testing, network analysis, and so on. The help desk, for which I was tier 3 (contacted me when they couldnt figure something out essentially), was constantly removing "viruses." I would have to get involved with removal sometimes because I understood the nature of the various malwares and how they would get a foothold in the system. Anyway, after doing this a few times I would talk with the users trying to get an idea of WHERE they got the virus by tracing their browser history and interviewing them. A majority of the time (mostly academic types) thee people were just on popular news sites like MSNBC or whatever. Their browser history often backed up their stories 100% and these people where not in a place to be browsing privately if you know what I mean and they were not savvy enough to clear their tracks anyway. I always felt the root cause was the most important aspect of removing malware but my boss and "colleagues" never gave it a second thought..."oh...you got a virus...lets try to remove it" was the extent of their thought process.

         

      --
      I object to power without constructive purpose. --Spock
    3. Re:Blacklist by Anonymous Coward · · Score: 0

      VBA code can be cryptographically signed since Office 2007 or 2003, IIRC. For the cost of a few certs and restricting documents having unsigned VBA, they could have avoided such a problem - although we don't yet know if that might be how hackers are breaching their security.

      - T

  11. If you are is ignorant as the State Dept... by Anonymous Coward · · Score: 0

    Then you can't even wipe ass correctly... What makes them think they are >Hackers? LOLOLOLOL Dream on Gov-Goons... Didn't Momma Teach you Boys that "There is ALWAYS somebody better!"

    1. Re:If you are is ignorant as the State Dept... by Anonymous Coward · · Score: 0

      as*

    2. Re: If you are is ignorant as the State Dept... by Anonymous Coward · · Score: 0

      | as*
      Did you just call me an asshole ?

  12. cyber-war by Tablizer · · Score: 1

    The US may have to allow more immigrants in order to be competitive with China and perhaps other populous countries in a potential cyber-war. It's more or less a game of man-power. Either that, you siphon techies off of other fields. Maybe the "secret plan" is to send all non-military IT work to India, freeing the rest to be cyber warriors? Our trade deficit will be Jupiter-sized, though.

    --
    Table-ized A.I.
    1. Re:cyber-war by currently_awake · · Score: 1

      Why would you want large numbers of foreigners working on national defense? You want your cyber-war troopers to have friends and family in the same country you are trying to protect to ensure their loyalty.

    2. Re:cyber-war by Tablizer · · Score: 1

      You gotta start somewhere.

      --
      Table-ized A.I.
  13. Chicken coming home to roost? by Noryungi · · Score: 2

    Hellooooooooo NSA! Do you like having a taste of your own medicine?

    This is the future, people. Hack and counter-hack. Ad infinitum. In other words, bleak and without hope.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
    1. Re:Chicken coming home to roost? by Aighearach · · Score: 1

      News Flash: The NSA isn't part of the US State Department. They are part of the US Department of Defense.

      Generally those are departments are considered to be substantially at odds; one is in charge of diplomacy, the other is in charge of blowing things up. They have different wants and needs, and generally would not feel each others pain.

      If you hate something but don't understand it, what do you really hate? Answer: You really hate yourself, because without understanding you must be hating a thing that exists only inside your own mind. Unfortunately, this is the future. And the past.

    2. Re:Chicken coming home to roost? by UnknownSoldier · · Score: 1

      > News Flash: The NSA isn't part of the US State Department. They are part of the US Department of Defense. /sarcasm Glad we got that cleared right up. I was worried about who was hacking who.

    3. Re:Chicken coming home to roost? by CaptainDork · · Score: 1

      whom.

      --
      It little behooves the best of us to comment on the rest of us.
  14. dem haxxorz r in ur emailz by Anonymous Coward · · Score: 0

    Keep up the scare words, people. More empty scare words that really only say "O HAI I DUNNO WAT I R SAIN ROFLCOPTERBBQ", because that shows how knowledgeable you are with this intarwebz security thing.

    1. Re:dem haxxorz r in ur emailz by Aighearach · · Score: 1

      I had a ROFLCOPTERBBQ and it wasn't just words. The burns are real, bro, the burns are real.

  15. Reformat and Turn off Everything. by Anonymous Coward · · Score: 0

    The NSA, which specializes in Advanced persistent threats should be able to give you the same advice any Security pro would.

    Wipe everything and start over. Trying to play catch up with hackers is a losing game, especially since the network is so compromised they can just recompile and inject new malware/rootkits/etc. into the network.

    Call up Dell or HP, replace all your servers with new ones and decommission the old ones. There will never be a time when you can say you are 100% recovered if you are using the same servers and software.

    Sucks it's your email but management needs to buck up and do the right thing here.

    1. Re:Reformat and Turn off Everything. by TapeCutter · · Score: 1

      So rather than isolating and repairing the hole they should bulldoze everything and build another one and just hope it doesn't have the same hole? - sound like a government plan to me.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    2. Re:Reformat and Turn off Everything. by Narcocide · · Score: 1

      [trolling]No, they should bulldoze everything and then install Linux.[/trolling]

    3. Re:Reformat and Turn off Everything. by PPH · · Score: 2

      replace all your servers with new ones and decommission the old ones.

      Nope. Keep the old ones running as honeypots.

      Problem is: it's not just the servers. Some of the employees' PCs have probably been pwned. And when they connect to the new servers it starts all over.

      --
      Have gnu, will travel.
    4. Re:Reformat and Turn off Everything. by CaptainDork · · Score: 2

      OR ...

      We could make user's desktop computers much, much smarter than the user.

      "We're sorry, but our predictive algorithms, which run a shitload of scenarios well into the future, indicate that the action you just chose, like clicking on a link or attachment, is contraindicated and your computer is locked, air-gapped, and nonfunctional in an operative sense and will remain so until IT, who has already been contacted, so there's no need to call, arrives at your location to reinforce your prior security training with a bop on the nose with a rolled up newspaper."

      --
      It little behooves the best of us to comment on the rest of us.
  16. Okaaaaay.... Lemme take a couple guesses here... by Narcocide · · Score: 3, Interesting

    Assuming its not actually one of their own employees/consultants helping re-infect the systems maybe one or more of these fairly common situations applies:

    * Using Cisco routers with default configurations and firmware that hasn't been updated in years...
    * Using unencrypted, plain text authentication for systems instead of public key auth...
    * No password strength standards (some employees predictably using "911" or "123456" for their passwords)
    * Employees allowed to re-use the same passwords after the supposed "clean sweep"
    * Windows filesharing services
    * Wireless networking at all, or possibly using WEP or even completely open
    * Microsoft office documents from outside sources
    * HP printers, or really any network/wifi enabled printers
    * That one old Windows XP box nobody is allowed to reformat clean because its "mission critical"
    * Employees are allowed to bring in their own laptops/cellphones and other usb/bluetooth/wifi enabled devices

    Did I miss anything? Anyone else seen this crap enough times to know the intrusion vector is probably nothing highly advanced or original?

  17. Jobs by Anonymous Coward · · Score: 0

    If they had more employment opportunities, they wouldn't hack! The State Department can’t focus on finding the hackers and they should be helping them find work. The State Department needs to get to the root cause of hacking, which includes “lack of opportunity for jobs.”

    1. Re:Jobs by TapeCutter · · Score: 1

      You can justifiably blame the state for lack of opportunity, but there's nobody to blame for a lack of morals other than yourself. And before you ask - I have walked many miles in a poor man's shoes.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    2. Re:Jobs by Anonymous Coward · · Score: 0

      The comment you're replying to is State department spokesperson Marie Harf's comments about terrorsts, especially that last bit -- " the root cause of terrorism, which includes 'lack of opportunity for jobs.'”

  18. Presumption by Anonymous Coward · · Score: 1

    This article and the PR folks for the government presume or falsely claim there is a different system for unclassified email as classified email. If so, why doesn't the government use the classified methodology for unclassified messages starting tomorrow?

    The fact is even the classified system uses about the same hardware and services. It might have some additional encryption, that as we all know have already been breached by "five eyes". Based on what we have seen there are at least six.

    1. Re:Presumption by Anonymous Coward · · Score: 0

      It also uses a different network.

  19. Re:Okaaaaay.... Lemme take a couple guesses here.. by Anonymous Coward · · Score: 0

    Simple solution...

    Get rid of Windows based systems.

  20. Re:Okaaaaay.... Lemme take a couple guesses here.. by TapeCutter · · Score: 2

    Did I miss anything?

    The massive slashdot paradox in this thread? - In other stories the NSA are seen as omnipotent hackers who know more about me than my closest friends, but in this thread they suddenly don't know their arse from their elbow?

    --
    And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  21. Re:Okaaaaay.... Lemme take a couple guesses here.. by Narcocide · · Score: 2

    I think its more accurate to say "The left hand does not know what the right hand is doing."

  22. Re:Okaaaaay.... Lemme take a couple guesses here.. by Anonymous Coward · · Score: 0

    The nice folks over at NSA have been compromising networks operated by State for many, many years.

  23. No paradox. by khasim · · Score: 1

    There's no paradox.

    When you have a budget of millions of dollars AND practically unrestricted access to everyone's Internet transmissions then it is a lot easier to appear to be "omnipotent" in your ATTACKS.

    But DEFENSE is a lot more difficult.

  24. "The enemy is us" (Pogo) by AndyCanfield · · Score: 1

    Who are the hackers? The United States Federal Government (NSA, CIA, etc). No mystery. You're biting youself and getting sick; bruch your own teeth. Seriously, the climate of paranoia and total espianage that is Uncle Sam today promotes hacking everyone, including "youself". If the Pentagon is encouraged to hack the German State Department, why shouldn't it hack the U.S. State department while it's at it? Sure, Germany is supposed to be an ally, and the US is supposed to be an ally, but Uncle Sam hacks allies already. If eveywhere, why not here?

  25. schadenfreude by Anonymous Coward · · Score: 0

    What comes around, goes around (or vice versa).

  26. Run Exchange by wezelboy · · Score: 1

    Pay the price.

  27. No, because ... by CaptainDork · · Score: 1

    ... Manning and Snowden.

    --
    It little behooves the best of us to comment on the rest of us.
  28. Re:Okaaaaay.... Lemme take a couple guesses here.. by CaptainDork · · Score: 1

    The NSA is not charged with defending the government from hackers.

    The NSA is fucked up already ... let's not give them more stuff to fuck up.

    --
    It little behooves the best of us to comment on the rest of us.
  29. Re:Okaaaaay.... Lemme take a couple guesses here.. by Anonymous Coward · · Score: 0

    They're just falling victim to the same mistake in reasoning that leads people to hate "Congress:" Namely that congress is not a monolithic entity. And neither is the NSA. There are three branches and the completely insane SIGINT maniacs, who are apparently bound and determined to make sure nobody ever trusts American hardware again, are only one of them.

    That, and as the NSA are doubtlessly aware, this particular game is horrifyingly stacked against the defenders: You have to be perfect, unfailingly, every single time. If they get lucky once, the whole network the team has spent hours or days cleaning is screwed again, possibly literally in a matter of seconds.

    *snert* captcha is "inspects"!

  30. And we trust the gubment w. health care data? by Kili · · Score: 1

    This is the same government we trust with our healthcare data which on the black market is worth much more than verified usable credit card data?

    I'm no conspiricay theorist, but as many in government have said "Let no crisis go to waste". I suspect they will use this and other examples to advocate more government control over the internet in the name of "national security". Because regulation will do so much more than hiring people who know how to properly secure a network...

  31. Yeah right by terrywirth5 · · Score: 1

    US State department cannot get rid of the ultimate hackers and never will -- their rivals for taxpayer dollars at the NSA.

  32. Not about just 911 by Tablizer · · Score: 1

    I was not just talking 911, but also Bin Laden's followers in Afghanistan and elsewhere. I feel my position has been twisted to be mostly about 911, when in fact 911 is a drop in the bucket. The education visa issue probably tilts "immigrant" terrorist statistics, as mentioned in a nearby message.

    Information on the education and goals of TYPICAL terrorists and extremists is still fuzzy, at least as given here. The above is merely speculation based on an insufficient sample size (including lack of samples from other countries).

    --
    Table-ized A.I.