The National Oceanic and Atmospheric Administration (
NOAA) has admitted that it has been the target of another online breach, just a few days after the United States Postal Service (USPS)
revealed it too endured an intrusion. The attack took place in late September, though unlike the other governmental intrusion, NOAA officials are not revealing whether any classified data was acquired by intruders, nor if systems were altered.
According to sources of
the Washington Post, officials did not give any indication that there was an intrusion until October 20th, and that the agency did not notify law enforcement about the issue at all. A statement from NOAA released yesterday claims the "incident response began immediately," all systems were working fine, and that weather forecasts continue to be published, though the spokesperson declined to answer further questions due to the investigation.
Commerce Department Inspector General Todd Zinser suggests the officials may be right about NOAA delaying its notifications, as he claims his office was not informed until November 4th. Agency policy dictates that such security incidents need to be reported to the office within two days of discovery. "We're in the process of looking into the matter, including why NOAA did not comply with the requirements to notify law enforcement about the incident," advised Zinser.
As for the point of entry, one source claims a web server connected to other NOAA computers was attacked, and though it had some level of security, it was compared to a house being protected by "just a screen door." Four sites were apparently affected by the breach, though last month NOAA claimed it was performing "unscheduled maintenance" on the network, possibly to fix the security hole and repair affected systems.
Though NOAA refuses to mention in public who was behind the intrusion, one congressman claims it was performed by a foreign power. "NOAA told me it was a hack and it was China," advised Representative Frank R. Wolf (R-Va.). Wolf goes on to accuse officials of "deliberately misleading the American public in its replies. They had an obligation to tell the truth. They covered it up."
A report suggested Chinese hackers were behind the intrusion of the USPS earlier this week, though postal service officials have also avoided accusing any specific party, but it did admit the breach was performed by a "sophisticated" attacker, one that did not appear to have an interest in identity theft or credit card fraud.