The US State Department has shut down the whole of its unclassified email system after fears a hacker managed to obtain access. An official said none of the departments classified systems were affected while security upgrades are currently taking place.
The official, who was not authorized to disclose the information, said that “activity of concern” was discovered by technicians at around the same time that the White House’s computer system was also targeted in late October. It was announced that maintenance would be carried out on the network on Friday, however AP reported on Sunday that the organization had shut down the network due to fears that hackers had managed to compromise the system.
Just in: State Department hacked the same time as the White House: http://t.co/2YExAYbKVkpic.twitter.com/ykkOD5q8Vc
— Nextgov (@Nextgov) November 16, 2014
During the outage, personnel within the department were using Gmail accounts, according to the Washington Post. Security improvements are currently taking place and the system is expected to be back online on Monday or Tuesday.
It is not known who may have carried out the attack, though previous breaches have been blamed on Chinese or Russian hackers. However, there has been no concrete evidence that Beijing or Moscow is behind this latest incident.
On October 28, a White House official said a cyber-attack was detected on a computer system used by the Executive Office of the President (EOP).
"In the course of assessing recent threats we identified activity of concern on the unclassified EOP network. Any such activity is something that we take very seriously. In this case we took immediate measures to evaluate and mitigate the activity," the official told Reuters.
The White House is often the target of hackers, but the one revealed in late October had a more significant duration, affecting the system’s functionality for nearly two weeks.
“Certainly a variety of actors find our networks attractive targets and seek to access to sensitive government information. We are still assessing the activity of concern, and we are not in a position to provide any additional details at this time,” a White House official said in a statement in October.
On November 10, the personal data of more than 800,000 US Postal Service employees was compromised following a major USPS breach that was initially attributed to Chinese hackers, the Washington Post reported.
A non-related report by AP on the same day found that federal agencies and government contractors in the US had suffered almost a quarter of a million cyber-attacks during the last year. However, not all were the result of hackers, but the vast majority were the result of mistakes by technicians tasked with keeping their networks safe.
The US spends in the region of $10 billion a year to protect its systems from hackers; however AP’s investigation has found that despite the massive resources at their disposal, the efforts have been largely unsuccessful. Federal agents and contractors alike are all too guilty of letting systems become infected by clicking bogus links, accidentally installing malware or otherwise opening up networks to hackers by way of their own inept operational security.
“Workers scattered across more than a dozen agencies, from the defense and education departments to the National Weather Service, are responsible for at least half of the federal cyber incidents reported each year since 2010,” the AP wrote, citing their own internal report on November 10.