A pitched battle between foreign hackers who breached a U.S. national security system and the National Security Agency defenders trying to kick them out actually took place in 2014 rather than 2015, an NSA spokesperson confirmed to Nextgov Monday.
The altercation, which the Washington Post reported, was prompted by Russian hackers’ breach of an unclassified State Department network, developed into a 24-hour battle of wits as NSA defenders destroyed their enemies’ command and control systems only to see those adversaries set up new command centers inside the network, a top NSA official said.
It also marked a sea change in the behavior of cyberattackers that has continued to this day, NSA Deputy Director Richard Ledgett said at an Aspen Institute discussion earlier this month.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Ledgett initially described the battle as taking place in late 2015 and declined to name the adversary nation. The Post corrected Ledgett’s mistaken time frame Monday and linked the attack to a well-publicized late-2014 breach of State Department systems that necessitated shutting down the department’s email systems for several days.
The NSA confirmed that Ledgett misstated the time frame to Nextgov but declined to comment on other details of the story.
“The deputy director was clear that he was discussing a nation-state actor and a government agency. We are not expanding upon his comments,” Media Relations Chief Michael Halbig said in an email.
Ledgett described the conflict in dramatic terms as “basically hand-to-hand combat within a network” and “a 24-hour period of parry-riposte, parry-riposte, measure, countermeasure.”
NSA defenders were aided in their mission by the agency’s intelligence gathering side, which had fresh information about attackers’ actions, he said.
The Post expanded on that description Monday, reporting that the spy agency of a U.S. ally had compromised surveillance cameras inside the Russian hackers’ workspaces and was monitoring their operations.
Russian government-linked hackers were also reportedly behind hacks at the White House and Pentagon. Most famously, the U.S. Cold War adversary breached Democratic party networks during the 2016 presidential campaign and released information damaging to the party’s candidate Hillary Clinton.