Russian Hackers Seized Control of Pentagon Email System

An unclassified email system used by the Pentagon was compromised by Russian hackers in 2015, forcing security teams to take the entire network down in order to fix the breach.

Martin Dempsey, who was at that time Chairman of the Joint Chiefs, told CBS that he was informed of the breach by the Director of the National Security Agency, Admiral Mike Rogers, revealing that in approximately one hour, hackers seized control of the entire email system.

However, Dempsey explains that the email service was used by staff of the Pentagon’s Joint Chiefs staff, which involves some 3,500 military officers and civilians who work for the chairman, and included only unclassified emails that “had no real intelligence value.”

According to Dempsey, hackers managed to obtain passwords and electronic signatures that he personally used to access the network, so taking the entire system offline was the only way to deal with the problem.

As for the identity of the hackers, the United States officials believed they were Russians who were trying to fight back at the Pentagon after the US issued economic sanctions against their country for the conflict in Ukraine and the annexation of Crimea.

The attack was launched with compromised severs from a West Coast university, which were used to send a total of 30,000 emails. Four of them were eventually forwarded to Joint Chiefs of Staff employees and included malicious files that infected computers when executed. At least one of them was opened by an employee and eventually compromised the system before spreading across the entire network.

The Pentagon had to replace both hardware and software following the attack and this required approximately two weeks, Dempsey revealed in the interview.

Obviously, the Pentagon hasn’t provided any statement on this, but given the fact that the information comes from the former Chairman of the Joint Chiefs of Staff, there’s a good chance that everything is accurate. As for Russia’s involvement in the attack, you can be sure that the country would deny it.

 source: Softpedia

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA