Hackers raid US foreign affairs servers

PUBLISHED : Friday, 20 April, 2007, 12:00am
UPDATED : Friday, 20 April, 2007, 12:00am

A break-in targeting US State Department computers worldwide last summer occurred after a department employee in Asia opened a mysterious e-mail that allowed hackers inside the government's network.

In the first public account revealing details of the intrusion and the government's hurried secret response, a senior State Department official described an elaborate ploy by sophisticated international hackers. Their entry exploited a design flaw in Microsoft software.

Consumers using the same software remained vulnerable until months later.

A limited amount of data was stolen until 'tripwires' severed all the department's internet connections throughout eastern Asia. The shut off left US government offices without internet access in the tense weeks before missile tests by North Korea, said Donald Reid, the senior security co-ordinator for the Bureau of Diplomatic Security.

Mr Reid was scheduled to testify yesterday at a cyber-security hearing before a House of Representatives Homeland Security sub-committee. He was expected to tell lawmakers an employee in the department's Bureau of East Asian and Pacific Affairs - which co-ordinates diplomacy in countries including China, the Koreas and Japan - opened a rigged e-mail message in late May that gave hackers access to the network.

Mr Reid was not expected to disclose the identities or nationalities of the hackers believed to have been responsible for the break-ins or to disclose whether US authorities believed a foreign government was responsible.

The department struggled with the break-ins between May and early July. The panel's chairman, Democratic Congressman James Langevin, called cyber-security an often-overlooked line of defence. 'Since much of our critical infrastructure is dependent on computers and networks and is interconnected and interdependent, a cyber-attack could disrupt major services and cripple economic activity.'

The e-mail appeared legitimate and included a Microsoft Word document with material from a congressional speech related to Asian diplomacy, Mr Reid said. Opening the document activated hidden software commands establishing what Mr Reid described as back-door communications with the hackers.

The technique exploited a previously unknown design flaw in Microsoft's Office software, Mr Reid said.

Officials worked with the Homeland Security Department and the FBI to urge the company to develop quickly a protective software patch, but the company did not offer the patch until August 8, roughly eight weeks after the break-in.

The company claimed it works as quickly as it can to provide customers with security updates.

'If we release a security update that is not adequately tested, we could potentially put customers at risk, especially as the release of an update can lead to reverse-engineering the fix and lead to broader attacks,' said Microsoft's senior security strategist, Philip Reitinger.

At the time, the firm described the software flaw as 'a newly discovered, privately reported vulnerability' but did not suggest any connection to the government break-in. It urged consumers to apply the update immediately. It also recommended that consumers not open or save MS Office files they receive from sources they do not trust.

The State Department detected its first break-in immediately, Mr Reid said, and it worked to block suspected communications with the hackers. But during probes, new break-ins were discovered at the department's Washington headquarters and offices in East Asia, he said.