A break-in targeting US State Department computers around the world happened after an employee in Asia opened a mysterious email that quietly allowed hackers inside the government’s network.
In the first public account revealing details about last summer’s intrusion and the government’s hurried behind-the-scenes response, a senior state department official described an elaborate ploy by sophisticated international hackers.
They used a secret break-in technique that exploited a design flaw in Microsoft software. And consumers using the same software remained vulnerable for months afterwards.
Donald Reid, the senior security co-ordinator for the Bureau of Diplomatic Security, also confirmed that a limited amount of US government data was stolen by the hackers until tripwires severed all the state department’s internet connections throughout eastern Asia.
However, the shut-off left US government offices without internet access in the tense weeks preceding missile tests by North Korea.
Reid, who will testify today at a cybersecurity hearing for a House of Representatives Homeland Security sub-committee, is expected to tell politicians that an employee in the state department’s Bureau of East Asian and Pacific Affairs – which co-ordinates diplomacy in countries including China, the Koreas and Japan – opened a rigged email message in late May that gave hackers access to the government’s network.
The Democratic chairman of the Homeland Security Committee, Bennie Thompson, said hackers were no longer considered harmless, bored teenagers.
“These are experienced, sophisticated people who are trying to exploit our vulnerabilities and gain access to our information,” he said.
Reid was not expected to disclose the identities or nationalities of the hackers believed to have been responsible for the break-ins or to disclose whether US authorities believe a foreign government was responsible.
The panel’s chairman, Democratic Rep James Langevin, called cybersecurity an often-overlooked line of defence.
“Since much of our critical infrastructure is dependent on computers and networks and is interconnected and interdependent, a cyberattack could disrupt major services and cripple economic activity,” he said.
The mysterious State Department email appeared legitimate and included a Microsoft Word document with material from a congressional speech related to Asian diplomacy, Reid said.
By opening the document, the employee activated hidden software commands establishing what Reid described as back-door communications with the hackers.
The technique exploited a previously unknown design flaw in Microsoft’s Office software, Reid said. State department officials worked with the Homeland Security Department and even the FBI to urge Microsoft to develop quickly a protective software patch, but the company did not offer the patch until August 8, about eight weeks after the break-in.
Microsoft said it worked as quickly as it could to provide customers with security updates.
“If we release a security update that is not adequately tested, we could potentially put customers at risk, especially as the release of an update can lead to reverse-engineering the fix and lead to broader attacks,” said Microsoft’s senior security strategist Phil Reitinger.
“Updates must be able to be deployed by customers with confidence.”
At the time, Microsoft described the software flaw as “a newly discovered, privately reported vulnerability”, but did not suggest any connection to the US government break-in.