U.S. and private security specialists are trying to expel unidentified hackers from the unclassified portion of the U.S. State Department’s e-mail system, two officials familiar with the investigation said Thursday.
The problem persists three months after the hackers were first discovered because the intruders’ techniques keep shifting, said the officials, who asked for anonymity because the inquiry is classified even though no classified material appears to have been obtained.
The attacks are worrisome because they could enable the hackers to generate false e-mails, delete some real ones or seek a way into classified communications systems, the officials said.
The nature of the attack suggests that it may have originated in Russia, one of the officials said. A former U.S. intelligence official said that country has developed cyber-espionage capabilities that are almost equal to those of the U.S. National Security Agency.
The intrusions coincide with rising tensions between the U.S. and Russia, and hackers linked to the government of Russian President Vladimir Putin have used the same “phishing” technique, in which the opening of deceptive e-mail attachments downloads malicious software, to attack other unclassified U.S. government e-mail systems.
So far, investigators from the NSA and private contractors haven’t reached a firm conclusion about the intruders’ origins, said the two officials involved in the inquiry.
“We have robust security to protect our systems and our information, and we deal successfully with thousands of attacks every day,” said Marie Harf, a State Department spokeswoman, in an e-mail. “We take any possible cyber intrusion very seriously.”
The Russian embassy in Washington didn’t immediately respond to an e-mail request for comment made after normal business hours.
The persistence of the attacks, which were reported on earlier by the Wall Street Journal, comes after the Moscow-based Kaspersky Lab published a report saying a sophisticated spying campaign infected tens of thousands of computers worldwide with surveillance software.
Kaspersky didn’t explicitly identify the group as being affiliated with the NSA. However, given its sophistication and activities, the group must be backed by a government agency such as the NSA or the intelligence services of Britain, Russia or China, said Costin Raiu, director of Kaspersky’s global research and analysis team.