Possible hacker attack at the State Department

CBS News is careful to note that the State Department shut down its unclassified email system to repair “possible” damage from a “suspected” hacker attack, but those suspicions must run pretty deep to justify the measures that were taken:

A senior department official said Sunday that “activity of concern” was detected in the system around the same time as a previously reported incident that targeted the White House computer network. That incident was made public in late October, but there was no indication then that the State Department had been affected. Since then, a number of agencies, including the U.S. Postal Service and the National Weather Service, have reported attacks.

The official said none of the State Department’s classified systems were affected. However, the official said the department shut down its worldwide email late on Friday as part of a scheduled outage of some of its internet-linked systems to make security improvements to its main unclassified computer network. The official was not authorized to speak about the matter by name and spoke on condition of anonymity.

The State Department is expected to address the shutdown once the security improvements have been completed on Monday or Tuesday.

State-sponsored hacking handicappers are giving out good odds that the Russians were involved in the State Department incident, while the Chinese were behind the Postal Service and NOAA capers.  The nature of the intrusions gives them the feel of probes, testing out the strength of the U.S. government’s cyber-defenses, noting how long it takes for intrusions to be discovered, and studying the government’s response to security alerts.  Knowing this, U.S. authorities are reluctant to disclose the intrusions or discuss counter-measures, which unfortunately means the public tends to be kept in the dark about these attacks until long after they have occurred… putting their own computer systems at risk, because they’re unwittingly interfacing with systems that have been compromised in ways the government is reluctant to immediately discuss.

This could all be part of the usual Spy-vs-Spy game of intrusion and counter-measure, but it’s troubling that so many high-profile and unprecedented intrusions have occurred in such rapid succession, even as the Russians keep doing provocative things with their military forces.  (Russian bombers over the Gulf of Mexico?  Sure, why not?  What could go wrong?  And it looks like the Russian army has decided to spend its vacation in Ukraine again, bringing along its tanks and armored carriers for laughs.)  If this cyber-reconnaissance is all leading up to something, it probably isn’t something good.