Pentagon’s unclassified email system breached, Russian hackers blamed
Pentagon’s Joint Staff unclassified email system, used by 4,000 military and civilian personnel, has been compromised by attackers, and it has been taken offline until the threat is dealt with.
According to the NBC, US officials believe the attackers to be Russian, but can’t yet tell if the attack was executed at the behest of the Russian government.
The intrusion happened on July 25. DoD officials told The Register that the attackers got a hold of huge amounts of data from compromised email accounts, but no confidential information.
The cyberattack apparently relied on some kind of automated system, which allowed them to gather massive amounts of data and expressly distribute it to thousands of accounts on the Internet, and relied on encrypted accounts on social media to coordinate the attack.
CNN reports that the intrusion started with a spear phishing attack that exploited an until now unknown vulnerability.
Defense Department spokeswoman Lt. Col. Valerie Henderson said that no details about the attack or comments will be given “for operational security reasons.” The email system is still offline.
“These attackers took enough data in a few minutes to shut down a vast email system for two weeks—the ramifications of which may not be fully known,” Haiyan Song, Splunk’s SVP of Security Markets commented for Help Net Security.
“While shutting down the system was a good isolation measure, you can be assured security teams are investigating further to understand the scope of this attack. When credentials get stolen, additional and more damaging attacks are inevitable. This is why being ready is so critical. Speed of detection and response is the only true defense.”
“We cannot keep having the same weekly conversation about cybersecurity. It is well known that cyber space is the new front line. If we are not better prepared, we will continue to see stories like this play out, and there will be ongoing threats to our national security,” she added. “It is the responsibility of government and industry to work together and find comprehensive policy and technology solutions that better equip agencies’ security teams.”