-Caveat Lector-
Begin forwarded message:
From: [EMAIL PROTECTED]
Date: April 23, 2007 9:25:19 PM PDT
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: First Shot Fired in CyberWar I: Red China Hacked into US
Govt Computer Networks
April 19, 2007
Hackers breached US State Department security
Times Online and AP
http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/
article1676910.ece
The US State Department has revealed that hackers stole data from
its network after an employee in Asia opened a mysterious e-mail
that allowed them to break into the government’s computer system.
The security breach happened last summer but details have not been
revealed until now. A senior State Department official said that
sophisticated international hackers had used an elaborate ploy to
exploit a design flaw in Microsoft software. Consumers using the
same software remained vulnerable until months afterward.
Donald R. Reid, the senior security coordinator for the Bureau of
Diplomatic Security, also confirmed that a limited amount of US
Government data was stolen by the hackers before tripwires severed
all the State Department’s internet connections throughout eastern
Asia. The shut-off left government offices without web access in
the weeks preceding missile tests by North Korea.
Mr Reid is expected to tell a congressional cybersecurity hearing
today that an employee in the State Department’s Bureau of East
Asian and Pacific Affairs opened an e-mail message in late May that
gave hackers access to the government’s network.
He is not expected to disclose the identities or nationalities of
the hackers believed to have been responsible for the break-ins, or
to disclose whether American authorities believe a foreign
government was responsible.
Bennie Thompson, the chairman of the Homeland Security Committee,
said hackers are no longer considered harmless, bored teenagers:
“These are experienced, sophisticated people who are trying to
exploit our vulnerabilities and gain access to our information.”
The mysterious State Department e-mail appeared legitimate and
included a Microsoft Word document with material from a
congressional speech related to Asian diplomacy, Mr Reid said. By
opening the document, the employee activated hidden software
commands establishing what Mr Reid described as backdoor
communications with the hackers.
The technique exploited a previously unknown design flaw in
Microsoft’s Office software, Reid said. State Department officials
worked with the Homeland Security Department and even the FBI to
urge Microsoft to develop a protective software patch, but the
company did not offer the patch until August 8, about eight weeks
after the break-in.
Microsoft said it works as quickly as it can to provide customers
with security updates. “If we release a security update that is not
adequately tested, we could potentially put customers at risk,
especially as the release of an update can lead to reverse-
engineering the fix and lead to broader attacks,” Phil Reitinger,
Microsoft’s senior security strategist, said. “Updates must be able
to be deployed by customers with confidence.”
At the time, Microsoft described the software flaw as “a newly
discovered, privately reported vulnerability,” but did not suggest
any connection to the US government break-in. It recommended that
consumers should not open or save Microsoft Office files they
receive from sources they do not trust or files they receive
unexpectedly from trusted sources.
The State Department detected its first break-in immediately, Mr
Reid said, and worked to block suspected communications with the
hackers. During its investigation, however, it discovered new break-
ins at its Washington headquarters and other offices in East Asia.
At first, the hackers did not appear to be trying to steal
government data and the authorities quietly monitored the hackers’
activity. Then tripwires severed internet connections in the region
after a limited amount of data was detected being stolen, Mr Reid
said.
He also complained the State Department’s efforts to deal quietly
with the break-in were disrupted by news reports. “We were
successful here until a newspaper article telegraphed what we were
dealing with,” he said.
See what's free at AOL.com.
www.ctrl.org
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are unwelcomed. Substance—not soap-boxing—please! These are
sordid matters and 'conspiracy theory'—with its many half-truths, mis-
directions and outright frauds—is used politically by different groups with
major and minor effects spread throughout the spectrum of time and thought.
That being said, CTRLgives no endorsement to the validity of posts, and
always suggests to readers; be wary of what you read. CTRL gives no
credence to Holocaust denial and nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://www.mail-archive.com/ctrl@listserv.aol.com/
<A HREF="http://www.mail-archive.com/ctrl@listserv.aol.com/";>ctrl</A>
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
