A chunk of the US Department of Defense's email system has been down for 11 days, following what appears to have been a successful attempt to hack it.
On Thursday, DoD officials told The Register the unclassified email system of the Pentagon's Joint Chiefs of Staff was compromised following a "sophisticated cyberattack" on July 25. The servers, used by 4,000 government workers, were shut down in response. The system is still not up.
There are vague and conflicting reports over what exactly happened, but officials have confirmed that the intruders gathered huge amounts of data and distributed it across the internet, leading them to suspect it was an automated assault.
The attackers exploited "a new and different vulnerability," according to one report. Another says that a "spear phishing" effort resulted in malware being installed on Pentagon computers.
Earlier this week and a week after the attack, the US Army announced it would start limiting the size of email accounts to 512MB, with "business accounts" limited to 4GB. There are approximately 1.4 million DoD email accounts.
When the system was taken down, employees were told it was the result of a "planned outage," and the system was being upgraded. All email accounts were suspended and web browsing was also periodically restricted.
The defense department has said it is not sure who was behind the attack, but that it was most likely the work of a "state actor." It has also stated that no confidential information was stolen, and that only "unclassified" accounts have been compromised.
Suspicion has immediately fallen on Russia, which was publicly named by Defense Secretary Ash Carter back in April for accessing an unclassified defense computer network earlier in the year.
However, China is also a key suspect, given a number of previous attacks that the US government has pinned on the communist state, including the recent hack of government personnel records.
Defense Department spokeswoman Lt. Col. Valerie Henderson refused to give any additional details about the hack, providing us instead with the statement:
"Joint Staff unclassified networks for all users are currently down. We continue to identify and mitigate cybersecurity risks across our networks. With those goals in mind, we have taken the Joint Staff network down and continue to investigate. Our top priority is to restore services as quickly as possible. As a matter of policy and for operational security reasons, we do not comment on the details of cyber incidents or attacks against our networks." ®