State Department Struggling To Kick Out Russian Hackers

WASHINGTON DC – Three months after the State Department confirmed hackers breached its unclassified email system, the government still hasn?t been able to evict them from the department?s network, according to three people familiar with the investigation, reports the Wall Street Journal.

Government officials, assisted by outside contractors and the National Security Agency, have repeatedly scanned the network and taken some systems offline. But investigators still see signs of the hackers on State Department computers, the people familiar with the matter said. Each time investigators find a hacker tool and block it, these people said, the intruders tweak it slightly to attempt to sneak past defenses.

It isn?t clear how much data the hackers have taken, the people said. They reaffirmed what the State Department said in November: that the hackers appear to have access only to unclassified email. Still, unclassified material can contain sensitive intelligence.

The episode illustrates the two-way nature of high-technology sleuthing. For all of the U.S. government?s prowess at getting into people?s computers through the NSA and the military?s Cyber Command, the government faces challenges keeping hackers out of its own networks. The discrepancy points to a commonly cited problem with defending computers: Playing offense almost is always easier than playing defense.

The revelation that hackers are still in the State Department?s network comes less than a week after President Barack Obama led a cybersecurity summit at Stanford University and signed an executive order prodding companies to share more information on hacking threats.

The White House and NSA referred questions to the State Department. The NSA?s director, Adm. Michael Rogers, led a similar hacking investigation for the U.S. Navy. The Federal Bureau of Investigation, which also is involved in the investigation, declined to comment.

?We deal successfully with thousands of attacks every day,? State Department spokeswoman Marie Harf said in a written statement. ?We take any possible cyber intrusion very serious?as we did with the one we discussed several months ago?and we deal with them in conjunction with other relevant government agencies.?

No official determination has been made about who is behind the breach. But five people familiar with the original intrusion said they had seen or been told of links suggesting involvement by the Russian government.