Slashdot Mirror

← Back to Stories (view on slashdot.org)

US State Department Can't Get Rid of Email Hackers

Posted by Soulskill on from the your-government's-computer-is-broadcasting-an-IP-address dept.

An anonymous reader sends this quote from a Wall Street Journal report: Three months after the State Department confirmed hackers breached its unclassified email system, the government still hasn't been able to evict them from the network, say three people familiar with the investigation. Government officials, assisted by outside contractors and the National Security Agency, have repeatedly scanned the network and taken some systems offline. But investigators still see signs of the hackers on State Department computers, the people familiar with the matter said. Each time investigators find a hacker tool and block it, these people said, the intruders tweak it slightly to attempt to sneak past defenses. It isn't clear how much data the hackers have taken, the people said. They reaffirmed what the State Department said in November: that the hackers appear to have access only to unclassified email. Still, unclassified material can contain sensitive intelligence.

16 of 86 comments (clear)

  1. It probably IS the NSA by Dr_Barnowl · · Score: 4, Informative

    Isn't asking the NSA to secure your system like asking the fox to check the barbed wire fence around the henhouse?

    1. Re:It probably IS the NSA by Shakrai · · Score: 2, Funny

      The National Security Agency (NSA) is a United States intelligence agency responsible for global monitoring, collection, decoding, translation and analysis of information and data for foreign intelligence and counterintelligence purposes - a discipline known as Signals intelligence (SIGINT). NSA is also charged with protection of U.S. government communications and information systems against penetration and network warfare. The agency is authorized to accomplish its mission through clandestine means, among which are bugging electronic systems and allegedly engaging in sabotage through subversive software.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:It probably IS the NSA by Anonymous Coward · · Score: 2, Funny

      Yes but all the fox does is record all the clucks between chickens and run cluck search algorithms to make sure none of the chickens are actually terrorists chickens. The fox apparently did nothing about the chicken outside the henhouse clucking.

    3. Re:It probably IS the NSA by rmdingler · · Score: 3, Insightful

      If you've lived in the U.S. long enough, you may find yourself of the opinion that the real enemies of the state are in Congress.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    4. Re:It probably IS the NSA by drinkypoo · · Score: 2

      To make the current hate-spewing-fad even funnier in its ignorance, Slackware Linux doesn't even use SysV-style init, they use BSD-style.

      Last I checked, slackware did use sysvinit for its init process, just without SysV-style init scripts. Let's see, hmm, there is actually support for SysV init scripts, and it sure looks to me like there's a sysvinit package.

      And Gentoo doesn't use either.

      Uh no. Guess what? OpenRC doesn't replace your init. Gentoo does use sysvinit, with OpenRC.

      roflcopter!

      I guess what makes the roflcopter go around and around is that you're laughably ignorant, and complaining that others are ignorant about the very things about which you're currently displaying your ignorance.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. Clearly these hackers just need jobs!!! by DaHat · · Score: 2

    ... or is that 'too nuanced’ of an explanation?

    Maybe we just can't clean our way out of these attacks?

    --
    Help Brendan pay off his student loans
    1. Re:Clearly these hackers just need jobs!!! by ScentCone · · Score: 5, Insightful

      Mr. Laden didn't carry out the attacks himself: he got grunts to it.

      Yeah, he conned a bunch of uneducated, down-on-their-luck grunts into abandoning their personal sense of decency and agreeing to kill thousands of people - not because their religious convictions told them it was the right thing to do, but because ... they just couldn't find work?

      That must have been the case with "grunts" like Mohamed Atta, right? Totally uneducated. Well, except for going to college to study architecture, and spending time at the Technical University of Hamburg. You know where he met with other poor grunts who could only afford to do things like fly back and forth between Germany and various middle eastern destinations, spend time training in Afghanistan, and so on. He traveled to Spain for some meetings, then - the poor, uneducated, desperate guy! - flew to Maryland, where he met up with fellow grunt Hani Hanjour, then off to other destinations where the fellow grunts were living in various states of perfectly comfortable. They didn't just round up some scruffy guys from some poverty-stricken village in the desert and talk them into this because they had no options. These were people who were dedicated to the world view preached by Bin Laden and their intellectual fellows in the Taliban. Focusing on the leaders IS important, because it's what they say and stand for that thousands and thousands of their compatriots - including those living comfortably in western nations, where they've been educated and employed - find agreeable enough to follow.

      This whole notion that the guys running, say, the media production facilities, newsletter operations, and logistics for groups like ISIS as they line up insufficiently hardline Muslims and of course western hostages out of whom they can't squeeze enough cash, and lop off their heads or burn them alive ... that the guys doing that are doing so because they're not happy with the local employment prospects ... that would be really funny if it weren't so dark and just plain evil. Not enough schools? Of course not! These are the people who are dragging the teachers out into the street and shooting them in the head before they burn down the schools. The problem isn't lack of foreign investment, it's cultural rot in the form of their local religion crashing headlong into the rest of the world's more contemporary ways of life. These guys don't want modern jobs, they want medieval jobs.

      --
      Don't disappoint your bird dog. Go to the range.
    2. Re:Clearly these hackers just need jobs!!! by DaHat · · Score: 2

      Yes, deflection.

      A point is raised and you poo poo it by attempting to divert attention rather than argue something substantive.

      An additive point is raised and you poo poo it again by again attempting to divert attention rather than argue something substantive.

      A valid premise which you still reject is expanded upon... and all you can do is poo poo it without citing A SINGLE THING while still trying to divert attention to something else.

      You had 3 chances, you struck out.

      --
      Help Brendan pay off his student loans
  3. If you can't figure out... by Razed+By+TV · · Score: 4, Insightful

    ...how to get them off of your network, then I don't think I'd trust you to accurately determine what the hackers have and haven't accessed.

  4. Chicken coming home to roost? by Noryungi · · Score: 2

    Hellooooooooo NSA! Do you like having a taste of your own medicine?

    This is the future, people. Hack and counter-hack. Ad infinitum. In other words, bleak and without hope.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  5. Okaaaaay.... Lemme take a couple guesses here... by Narcocide · · Score: 3, Interesting

    Assuming its not actually one of their own employees/consultants helping re-infect the systems maybe one or more of these fairly common situations applies:

    * Using Cisco routers with default configurations and firmware that hasn't been updated in years...
    * Using unencrypted, plain text authentication for systems instead of public key auth...
    * No password strength standards (some employees predictably using "911" or "123456" for their passwords)
    * Employees allowed to re-use the same passwords after the supposed "clean sweep"
    * Windows filesharing services
    * Wireless networking at all, or possibly using WEP or even completely open
    * Microsoft office documents from outside sources
    * HP printers, or really any network/wifi enabled printers
    * That one old Windows XP box nobody is allowed to reformat clean because its "mission critical"
    * Employees are allowed to bring in their own laptops/cellphones and other usb/bluetooth/wifi enabled devices

    Did I miss anything? Anyone else seen this crap enough times to know the intrusion vector is probably nothing highly advanced or original?

  6. Re:Reformat and Turn off Everything. by PPH · · Score: 2

    replace all your servers with new ones and decommission the old ones.

    Nope. Keep the old ones running as honeypots.

    Problem is: it's not just the servers. Some of the employees' PCs have probably been pwned. And when they connect to the new servers it starts all over.

    --
    Have gnu, will travel.
  7. Re:Okaaaaay.... Lemme take a couple guesses here.. by TapeCutter · · Score: 2

    Did I miss anything?

    The massive slashdot paradox in this thread? - In other stories the NSA are seen as omnipotent hackers who know more about me than my closest friends, but in this thread they suddenly don't know their arse from their elbow?

    --
    And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  8. Re:Okaaaaay.... Lemme take a couple guesses here.. by Narcocide · · Score: 2

    I think its more accurate to say "The left hand does not know what the right hand is doing."

  9. Re:Blacklist by Em+Adespoton · · Score: 4, Interesting

    The security hole is likely end users. The software being "tweaked" is probably Word documents pushing Dyreza malware. The issue they face is that if they want to allow Office documents with embedded VBA macros (this is probably heavily embedded in their office workflows), it doesn't matter that they've identified the security hole, they can't close it without making massive changes to how they do business (or significantly change their IT security policies for desktop endpoint use).

    Based on the mincemeat the Office macro payloads have been making of everyone's security lately, this is probably all it is. There's probably no targeted hacking going on at all; just a failure to keep up with the latest generic malware attacks, like with almost everyone else. Of course, since the attackers probably realize by this point where they've gotten into, they're going to ensure they stay there by using the same methods.

    That said, it could be just about anyone else employing APT methods too -- wouldn't be all that difficult; just more difficult than deploying the already common crimeware packages you can get on the darknet at a discount.

  10. Re:Reformat and Turn off Everything. by CaptainDork · · Score: 2

    OR ...

    We could make user's desktop computers much, much smarter than the user.

    "We're sorry, but our predictive algorithms, which run a shitload of scenarios well into the future, indicate that the action you just chose, like clicking on a link or attachment, is contraindicated and your computer is locked, air-gapped, and nonfunctional in an operative sense and will remain so until IT, who has already been contacted, so there's no need to call, arrives at your location to reinforce your prior security training with a bop on the nose with a rolled up newspaper."

    --
    It little behooves the best of us to comment on the rest of us.