Hacking of Government Email Was Traditional Espionage, NSA Official Says

The hack of Microsoft's cloud that resulted in the compromise of government emails was an example of a traditional espionage threat, a senior National Security Agency official said. From a report: Speaking at the Aspen Security Forum, Rob Joyce, the director of cybersecurity at the N.S.A., said the United States needed to protect its networks from such espionage, but that adversaries would continue to try to secretly extract information from each other. "It is China doing espionage," Mr. Joyce said. "It is what nation-states do. We have to defend against it, we need to push back against it. But that is something that happens."

The hackers took emails from senior State Department officials including Nicholas Burns, the U.S. ambassador to China. The theft of Mr. Burns's emails was earlier reported by The Wall Street Journal and confirmed by a person familiar with the matter. Daniel J. Kritenbrink, the assistant secretary of state for East Asia, also had his email hacked, a U.S. official said. The emails of Commerce Secretary Gina Raimondo were also obtained in the hack, which was discovered in June by State Department cybersecurity experts scouring user logs for unusual activity. Microsoft later determined that Chinese hackers had obtained access to email accounts a month earlier.

Microsoft

[groobly]

Lowest bidder.

Re:

[r1348]

Highest briber.

No biggie.

[Zibodiz]

"It's no biggie, everyone does it. It's just how us governments play tag. Don't worry, people, it's totally normal." Riiiiight.

Re:

[ole_timer]

-1

Re:

[Train0987]

Are you nuts? It is perfectly normal and has been since nations were a thing. We often get copies of foreign diplomatic cables before the intended recipients do. We were even caught tapping all of Angela Merkels phones and Germany is one of our strongest allies. We tap everybody on the planet.

Re:

[ole_timer]

same goes for the OPM break in that nabbed all 20 million background investigation files

Re: No biggie.

[Alypius]

Honestly, since the OPM hack involved accessing SF-86s for security clearances, I'm more concerned about what they put in rather than took out. What better way to get your spies access than a legitimate clearance?

Re:

[Petersko]

Yes, actually.

Re:

[sapgau]

+10

No way!

[Train0987]

Why are we acting like this is an outrage? These things are what intelligence agencies exist to do. As if we don't spend trillions every year eavesdropping on every foreign leader and diplomat on the planet, even our friends. I'm so sick of this "it's OK when we do it" bullshit.

Re:

[ole_timer]

+1

Email is outlook, nuclear codes on...

[edi_guy]

...probably something like win95

As long as its traditional espionage...

[lpq]

I guess that means its ok...?

Of course when someone like Snowden does it -- now that's just
downright embarrassing! Hmmmmm...

Re:

[ole_timer]

because snowden signed a document that said he wouldn't do what he did...

Re:

[lpq]

Was this substantially different from what Daniel Ellsberg did in releasing pentagon papers?

One year from now

[BytePusher]

One year from now there will be a story about an employee with access to the account using a VPN to watch geolocked anime. They left it on while on the clock and now the logs show some fishy IP addresses.

So is stealing nuke secrets

[Tablizer]

80 years old

ClippyGPT

[Tablizer]

"It looks like you are trying to steal state secrets. I can help you!..."

Lets assume it was bound to happen?

[Murdoch5]

I'm still unclear why the emails were left in an unencrypted state, or why the encryption keys were stored alongside or nearside to the emails. The real conversation we need to be having, is if it's time to start taking communication security seriously. The global response to community security, from various governments, is that it doesn't matter, you have no right to privacy, and what you say better be government approved, but is that a proactive policy?

Security and Tech minded people can say : "Encrypt Encrypt Encrypt" all day long, but if the tools and platforms aren't making that motto accessible, then it's all crickets in the field. If I grab a copy of Windows 11 and Outlook, will it guide me through setting up a PGP key, and getting PGP validation enabled? If I grab an email client, Alpine, Pine, Mutt, Geary, Windows Mail, Thunderbird, will any of them help me guide me? No, and they won't because the general larger community doesn't care, and can't be bothered.

The fact you can install Windows 11 and you don't have PGP built into the OS, is a clear indicator that most systems aren't designed with security in mind.

AGAIN!

[bussdriver]

They always get their emails hacked... it's getting so common and likely more than we know that it may stop working as a wise tactic...

I sure would accidentally leave the doors open to my office papers if I had people wanting to know my business... then keep anything important elsewhere. Hell, it could be fun thinking up fake docs to leave behind; or alternative plans that are canceled can be thrown away to the office...