USAToday is reporting that the hacking of the State Department’s email went way farther than has been reporting up until now.
The State Department has been fighting to get the hackers out of their unclassified email system for months now, even enlisting the help of private contractors and the NSA – to no avail. CNN is reporting that the hackers used their compromise of the State Department to hack the White House.
The White House did report that they had a breach of their unclassified Office Of The President network last year, but did not tie it to the State Department email hack.
In general, if you allow people to use email and surf the web, someone will click on the wrong thing some time and compromise any security that you might have had.
For high security environments like the WH and State, you really need to separate functions – could be virtually – in order to stop the cross border pollution. The problem is that people would like the systems to be interconnected. For example, if you have an email attachment that you want to store in Sharepoint and you have something from a web page that you also want to store in Sharepoint (or any other document repository), you have, by allowing that, connected two otherwise independent applications (email and browsing).
The White House did not confirm – or deny – the report. Previously, they say that the computers were not damaged although some elements of the unclassified system were “affected”. Unclassified, of course, does not mean unsensitive, so who knows what the attackers got.
Ben Rhodes, deputy White House national security adviser, said “We do not believe that our classified systems were compromised.” That certainly provides me with a high level of confidence. If I do not believe that the sun will come up tomorrow morning, that probably does not decrease the likelihood that it will rise tomorrow.
I am sure that the White House and State Department are hot targets and that their I.T. organizations try hard to protect them, but that is not an easy task.