According to media reports, the US Department of Energy has been hit by a “sophisticated cyber attack” in the last few weeks, which resulted in the personal information of several hundred employees being compromised.
The Washington Free Beacon, which broke the story, claims that Energy Department officials believe that the intentions of the hackers may not have been limited to stealing information about employees, but may also have planned to establish a bridgehead to gain future access to classified information.
The FBI is said to be investigating the hack, which occurred two weeks ago at the Department of Energy’s Washington-based HQ, and affected 14 servers and 20 desktop workstations.
A Fox News headline on the incident attempts to link the attack to Chinese hackers, but the original Free Beacon report admits that both the source and identity of the hackers is unknown.
Of course, no-one would be surprised if there was a Chinese link, especially following the revelations last week of attacks against the New York Times and other newspapers that were widely blamed on Beijing.
But, once again, it’s important to remember that it’s very hard to prove who is behind an internet attack – especially as hackers can easily bounce their attacks between multiple compromised computers spread around the globe.
And there is a chance that China could become an all-too-convenient bogeyman, that can easily be blamed for any embarrassing security breach.
Once again, we see a familiar line rolled out about the advanced nature of the attack against the DoE:
"..the relative sophistication of the cyber attack is an indication of nation-state involvement."
Compare that with the statement from Twitter, who themselves got hacked late last week:
"This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked."
I’m just thinking out loud here – but if my organisation was hacked, and the news was going to come out in public, would I feel more comfortable saying that the hack was “extremely sophisticated” rather than “the kind of thing our security systems really should have stopped”?
Would the general public be more accepting of a security breach, if it were hinted that a sinister foreign nation state was behind it, rather than a bunch of pizza-eating 4chan-loving geeks in their back bedrooms?
I’m not saying that it wasn’t China that hacked the US Department of Energy. Maybe they did, maybe they didn’t. It certainly sounds plausible, and you can easily believe that Chinese intelligence officers might want to snoop upon important US government offices.
But that’s as far as it goes as a theory – plausible. We’ll need to see more evidence before we can be anything close to 100% certain.
In the meantime, protect your computers with a layered defence and educate your staff to always keep their eyes peeled for anything unusual.