(via boingboing)
Some days, things just don’t go your way. For the people responsible for US State Department computer and network security, it looks like that day was at least one day last month.
WASHINGTON (AP) — The State Department is recovering from large-scale computer break-ins worldwide over the past several weeks that appeared to target its headquarters and offices dealing with China and North Korea, The Associated Press has learned.
I’ve worked computer security at government sites before. This is the nightmare I think everyone at those sites has at least some times.
Investigators believe hackers stole sensitive U.S. information and passwords and implanted backdoors in unclassified government computers to allow them to return at will, said U.S. officials familiar with the hacking.
. . .
“The department did detect anomalies in network traffic, and we thought it prudent to ensure our system’s integrity,” department spokesman Kurtis Cooper said. Asked what information was stolen by the hackers, Cooper said, “Because the investigation is continuing, I don’t think we even know.”
Unfortunately, most break-ins do involve losses of unknown amounts of data. There’s just more happening on networks than can be completely tracked. The challenge is tracking enough to know what is happening without tracking so much that no one monitors because it is too much.
In the tense weeks preceding North Korea’s missile tests, that bureau lost its Internet connectivity for several days.
Hmmmm. Related events? Who knows? It does seem a bit fishy, though, doesn’t it?
After the State Department break-ins, many employees were instructed to change their passwords. The department also temporarily disabled a technology known as secure sockets layer, used to transmit encrypted information over the Internet.
Hackers can exploit weaknesses in this technology to break into computers, and they can use the same technology to transmit stolen information covertly off a victim’s network.
It’s most unfortunate when a security system has a flaw that requires disabling the system. It’s happened with SSH (among other well-known security systems) in the past, as well. Some companies fall-back to cutting off the vulerable system until it can be fixed. Some companies fall-back to the unsecurable in place of the flawed security system. No matter what, if you’re using a vulnerable product, dealing with it can be painful.
Many diplomats were unable to access their online bank accounts using government computers because most financial institutions require the security technology to be turned on. Cooper said the department has since fixed that problem.
Hey! What happened to the “no personal use of government systems” mandate? I would think personal banking falls until personal use.  🙂
[tags]State department security breach[/tags]