12 September 2015

NSA Director Says Russian Cyber Attack on JCS Email System Was Sophisticated

Damian Paletta
September 9, 2015

NSA Chief Says Cyberattack at Pentagon Was Sophisticated, Persistent

WASHINGTON—A recent breach of the unclassified network for the Pentagon’s Joint Staff was persistent and evolved quickly from a failed attack just a week before, the head of the National Security Agency said Tuesday, offering a window into the barrage of cyberattacks that the U.S. military confronts daily.

The Joint Staff includes some of the nation’s most senior military officials. The email server for 4,200 of the Joint Staff’s accounts was taken offline several weeks ago after officials discovered a hacker had penetrated part of the network. Officials described the breach as an elaborate phishing attack, which essentially lures an unsuspecting email recipient into opening a link or attachment that is laced with malware and allows an intruder to seep into a network. It is an old but effective maneuver.

Officials are investigating whether Russian hackers were behind the breach, people familiar with the probe have told The Wall Street Journal.

Adm. Michael Rogers, who heads the NSA and the U.S. Cyber Command, said at an event hosted by the Woodrow Wilson International Center for Scholars in Washington, D.C., that security officials were quickly able to contain the breach and “develop an immediate set of workarounds” to allow officials to send secure emails. Still, he said the sophisticated design of the attack surprised even him.


”The campaign went against dozens of networks, segments of the network within the network,” Adm. Rogers said, and the attack was “able to achieve that level of penetration one time.”

The attacker tried a similar gambit the week before, Adm. Rogers said. “We totally forestalled it. Within a week I watched them totally change the structure that they used,” he said. The admiral described the new attack as a “different scheme and maneuver that I had not seen before.”

His description of the breach suggested it was aggressive, persistent and sophisticated, though he wouldn’t identify the group he believes was behind the attack.

Adm. Rogers described a digital battlefield that is active and intense, with a constant stream of cyberattacks from nations and criminal groups, as well as potential threats from the hacking capabilities of terrorist groups.

A big concern for Cyber Command is the interest that foreign countries have in breaking into the U.S. power grid, despite extensive security precautions, he said. Some of the attacks may be attempts to pave the way for more damaging assaults in the future.

“We have seen nation states spending a lot of time and a lot of effort to try to gain access to the power structure within the United States, to other critical infrastructure, and you have to ask yourself why,” Adm. Rogers said. “It’s because in my mind they are doing this with a purpose, doing this as a way to generate options and capabilities for themselves should they decide that they want to potentially do something.”

The U.S. military is working to become more transparent about its cyberdefenses and offensive planning, hoping that such information could deter cyberattacks in the future, he said. The process is ongoing, however, and foreign countries and criminal hackers for now believe there is “little price to pay” for breaching the U.S. government or U.S. companies, Adm. Rogers said.

U.S. officials haven’t yet agreed on what the overall response should be to a huge intelligence breach at the U.S. Office of Personnel Management, he said, in which background clearance information of more than 21 million Americans was stolen.

“This is an ongoing topic of debate,” Adm. Rogers said. “It’s of significance. We all realize that this is not some minor occurrence.”

No comments: