Two weeks after it was shut down by a "highly sophisticated cyber attack," the Pentagon’s Joint Staff unclassified email system is expected to be back up and running later Friday, defense officials said.
The intrusion occurred sometime around July 25 and affected about 4,000 military and civilian personnel who work for the Joint Chiefs of Staff.
Officials told NBC News it’s suspected that the same Russian hackers believed to have infiltrated White House and State Department unclassified emails in April carried out the cyber attack against the Joint Staff.
It’s not clear if the Russian government was behind the attack, but a senior defense official said, "This attack was so sophisticated, it had to be the work of a state actor" and not a random hacker.
The Joint Staff emails were penetrated as the result "spear phishing" and "human error, not technical vulnerabilities," officials said. It’s believed that one or more of the thousands of military and civilians personnel who use the system "violated protocols and security procedures" by "opening and clicking on" emails from unknown sources.
Cyber security officials were disturbed by "the speed at which the attack infiltrated the system," sources told NBC News. Defense officials said the "intrusion was quickly detected and the entire system was shut down," and stressed that no classified material was compromised or stolen, and only a relatively small amount of information was lost.
"Think megabytes, not gigabytes," one senior official said.
Over the past two weeks cyber security personnel have "conducted a deep scrub" on the entire system and increased some security measures, officials added.
Officials say when the system gets back up and running, users will first see instructions on navigating the new security measure and a simple lesson in "Cyber Security 101. If it says click it, don’t."