Black Hat 2015: Russia blamed for Pentagon hack

LAS VEGAS – Earlier today NBC News reported that anonymous sources said the recent email outage at the Pentagon is due to an attack launched by actors believed to be operating out of Russia.

Given the attention this story has gotten here at Black Hat and in some parts of DEF CON, it’s worth a quick write-up outside of the normal live updates.

The basic story is that anonymous U.S. officials told NBC News that sometime around July 25, Russia launched a “sophisticated cyberattack” against the unclassified email system used by the Pentagon’s Joint Chiefs of Staff.

As a result, the email system has been offline for nearly two weeks, and the incident is said to have impacted 4,000 employees.

Everyone has weighed in on this. Most of the mass media has their spin doctors working overtime to talk about the spooky attack and how advanced it must have been to have worked against the Pentagon.

“Sources tell NBC News that it appears the cyberattack relied on some kind of automated system that rapidly gathered massive amounts of data and within a minute distributed all the information to thousands of accounts on the Internet. The officials also report the suspected Russian hackers coordinated the sophisticated cyberassault via encrypted accounts on social media,” NBC’s report states.

Some kind of automated system? You mean they used a script to locate and dump email attachments and other data? How is that sophisticated?

Encrypted social media? Will this be another point of argument in the war on encryption? Are we now going to hear about how criminals use encrypted tweets and IMs to control massive waves of attacks on government email?

In a statement emailed to Salted Hash, Richard Blech, CEO and Co-Founder of Secure Channels, said:

“In this cyber war, Russia is one of the more sophisticated bad actors. The Russians clearly knew what they were looking for, which implies this was a precision attack. The hackers gathered highly sensitive data in a very short time. Considering the high level target, this is just a small piece of the bigger puzzle that should be leaving everyone alarmed. The officials are stressing (or protesting) that no classified data was seized or compromised, this data still came from the Joint Chief of Staff Office”

There is nothing in the NBC News report that supports any of this. No one knows how the hack happened (I call dibs on Phishing), who did it, or why. And if the Pentagon knows what was taken, they’re not talking.

So how sensitive could this data be?

It’s an unclassified email network at the Pentagon. The bulk of the email compromised is more likely to be spam and poorly written jokes between staff, than secret plans. The issue is that some of those emails could contain credentials, both to internal services and external services (think email, Facebook, etc.). If so, that’s a problem, but we don’t know for sure.

Moreover, aside from the reactionary shutdown of the email network, it isn’t clear what the Pentagon has done to recover from this incident.

Defense Department spokeswoman Lt. Col. Valerie Henderson issued a statement to the media, which the Register first published earlier this afternoon.

“Joint Staff unclassified networks for all users are currently down. We continue to identify and mitigate cybersecurity risks across our networks. With those goals in mind, we have taken the Joint Staff network down and continue to investigate. Our top priority is to restore services as quickly as possible. As a matter of policy and for operational security reasons, we do not comment on the details of cyber incidents or attacks against our networks.”

Again, this is the only official statement. Everything else, including the immediate blame on Russia, can’t be verified.