New details of a November 2014 incident have emerged, where top U.S. cyber defenders battled hackers who were allegedly tied to a Russian spy agency. The hackers breached into the unclassified State Department computer system and displayed intense levels of aggression, the Washington Post reports.
Despite National Security Agency hackers severing the ties between their command and control server and the malware in the U.S. system, the opposing hackers continued to set up new ones.
“It was hand-to-hand combat,” said NSA Deputy Director Richard Ledgett, who described the incident at a recent cyber forum, but did not name the nation behind it, according to the Washington Post. The perpetrators were disclosed to the Post by other current and former intelligence officials who remain anonymous. According to those officials Russia isn't the only one trying to flex their cyber muscles.
"In recent years, China and to a lesser extent Iran have become more aggressive in their efforts to break into U.S. computer systems, giving fight to defenders from within the network and refusing to slink away when identified, the current and former officials said," according to the Washington Post.
When the State Department shut down its unclassified email system, it was under the guise of "maintenance purposes" but that acted as a cover story in order to avoid alerting the Russians that the government was about to try to kick them out, one official told the Post. The NSA defenders, with assistance from the FBI, succeeded in their efforts.
The Washington Post reports:
The NSA was alerted to the compromises by a Western intelligence agency. The ally had managed to hack not only the Russians’ computers, but also the surveillance cameras inside their workspace, according to the former officials. They monitored the hackers as they maneuvered inside the U.S. systems and as they walked in and out of the workspace, and were able to see faces, the officials said.
The Russians’ heightened belligerence is aimed not just at collecting intelligence, but also confronting the United States, said one former senior administration official. “They’re sending a message that we have capabilities and that you are not the only player in town,” said the official.
There is also increasing concern that if these attacks were to occur in the private sector, they may be ill-equipped. “We need to figure out, how do we leverage the private sector in a way that equips them with information that we have to make that a fair fight between them and the attacker?” Ledgett said, according to the Washington Post.