Hackers Break-into U.S. Government Network through E-Mail
Hackers captured data from the network of the U.S. State Department after a staff member in Asia clicked open an e-mail that enabled the hacking. The hack took place in the summer of 2006. A senior official in the state department described it as an elaborate prank by sophisticated attackers. They managed to break-in by exploiting design vulnerability in Microsoft program. Consumers who used that software were in a vulnerable situation for months that followed.
According to Donald R. Reid, senior security coordinator for the Bureau of Diplomatic Security, the theft was of limited data of the U.S. government. But soon tripwires snapped all the Internet connection of the State Department across eastern Asia, reported TIMESONLINE on April 19, 2007.
Reid was scheduled to testify on April 19, 2007 at a cyber security hearing session for a committee of House of Representatives Homeland Security. He was going to narrate to the politicians about the employee's action from the state department's Bureau of East Asian and Public Affairs. He was going to say how the employee opened a tricky e-mail towards May end last year that allowed the breach. The Bureau handles diplomacy between countries like China, Japan and Korea.
Bennie Thompson, chairman of the Homeland Security Committee said gone were the days when hackers were considered harmless, bored people. Now they were experienced and sophisticated individuals who tried to take advantage of software vulnerabilities and seize consumer information. TIMESONLINE reported this on April 19, 2007.
The mysterious e-mail looked legitimate because it had a Word document giving an excerpt from a speech by a congressman about Asian diplomacy, Reid said. When the employee clicked on the document it activated a backdoor communication program with the attackers.
The hacking technique exploited one design flaw in Microsoft Office, Reid explained. The State Department officials together with the Homeland Security Department and the FBI requested Microsoft to develop a security patch. But the company was ready for the release only on August 8, 2006.
About the vulnerability Microsoft said it was new and came as privately reported flaw but denied its connection to the security break-down.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 26-04-2007