---------- Forwarded message ----------
From: Declan McCullagh <declan@well.com>
[State Department spokesman James Foley yesterday afternoon. --Declan]
Q About the GAO report of suspected hackers in the State Department
system? Anything on that?
MR. FOLEY: Yes. The GAO conducted an audit of the department's
unclassified computer systems networks last year. This audit found some
vulnerabilities in the security of these systems. We take the GAO's
findings very seriously and are currently working to improve the security
of our unclassified computer systems. We believe we have corrected a
number of the vulnerabilities.
However, there were some errors in the press report that you're
referring to. For example, we have no information that there was a hacker
who had access to computer systems of two overseas posts or the State
Department itself. And moreover, the report - or the allegation that the
department shut down portions of its computer system last fall,
purportedly as a result of the GAO's findings, is untrue. As far as we're
able to determine, no systems were shut down.
Q What did you say as far as you are able to determine, Jim?
MR. FOLEY: Well, we've looked high and low, and we can find no
evidence that any State Department system, central or local, classified or
unclassified, domestic or overseas, was shut down under any circumstances
in any way resembling what was described in the article. We can only
conclude that this rumor or allegation is either simply erroneous or such
an exaggeration that it's unrecognizable.
Q Can you say why the department classified the report,
essentially completely?
MR. FOLEY: Well, the GAO report is classified, and so -
Q Right, but the press reports say that that's at the
prerogative of the State Department. Why would you want to classify the
entire report?
MR. FOLEY: Well, I'd be happy to look into get you the right
answer, but it seems to me, insofar as this is a subject that involves
protection of our systems, and whether it be classified or unclassified
material, it's not something that we would want to be out there in a
public domain for adversaries to be able to read.
Q Can I ask you a question about Iraq?
MR. FOLEY: Yes.
Q Can I do one more on this before we move on?
MR. FOLEY: Sure.
Q Are you saying that then the descriptions apparently of a
State Department officials having to hand-carry communications around the
world in order to avoid using computer systems, that that part also was
not correct; or was that true? ...
MR. FOLEY: I'd have to look into that
particular aspect of it.
But the reports of the shutdown, though, as far as we can determine, were
erroneous.
Q You don't deny the basic thrust of the article, though?
MR. FOLEY: I'm sorry?
Q You don't deny the basic thrust of the article about the GAO
reports?
MR. FOLEY: Well, as I stated, the audit, GAO audit, found some
vulnerabilities that we're currently addressing.
Yeah?
Q But you're not - you're denying that you shut down portions
of your international computer system for two weeks last fall?
MR. FOLEY: Yes.
Q But there was no outside event that prompted this GAO
report? Or was this in the course of a regular review?
MR. FOLEY: I'm not aware what the genesis of the report was,
whether it was prompted by a particular incident or whether it was a sort
of normal or regular audit of that nature. I can try to find that out for
you.
Q You say the GAO report uncovered some vulnerabilities -
MR. FOLEY: That's right.
Q - but you're saying that they were - that at no time were
they ever taken advantage of, that no one every -
MR. FOLEY: I'm not aware of that. Certainly there was a -
apparently, in the article, a report about a hacker having access to
computer systems of overseas posts or in the department last fall, and
we're just not aware of that.
Q There was no penetration?
MR. FOLEY: Not that we're aware of.
[...]
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated
Received on Sat Mar 28 03:03:42 1998