The White House network breach was carried out by hackers “likely working” for the Russian government
The Russian government has allegedly hacked into the White House’s computer systems, according to a report on CNN, which claims the hackers first penetrated the State Department’s email system last October and were “likely working for the Russian government”.
Using their foothold in the State Department’s computer network, the hackers then apparently managed to hack into the White House computer system, namely the unclassified Executive Office of the President network.
Whilst the attackers apparently did not hack into any classified systems at the White House, they were able to obtain sensitive information about President Obama, including his private schedule.
White House Down
CNN quoted federal law enforcement, intelligence and congressional officials who were briefed on the investigation, as saying that the hack of the State email system was the “worst ever” cyberattack intrusion against a federal agency.
Investigators were apparently been able to find signs that point to the Russian government being behind the attack, despite doubts from security experts about the ability to attribute the attack to a particular country.
“Once an attacker gets into your systems it can be notoriously difficult to get them out, particularly when your network and internal security controls allow the attacker to move around on your network without being noticed,” said Dwayne Melancon, CTO Tripwire.
“There are a few significant challenges in breaches like this,” Melancon added. “First, attribution is difficult. A savvy attacker can not only cover their tracks, they can often mislead you into believing someone else is behind the attacks. I hope the White House has strong evidence to claim Russian responsibility.”
This point was echoed by Tripwire’s senior security analyst, Ken Westin.
“The intrusion into the unclassified State Department network was assumed to be Russian by many in the government and security community,” said Westin. “As portions of the network were shut down for long periods of time for extensive security upgrades many speculated that the extent of the intrusion may have been more severe than originally thought.”
“The new insights into the investigation with the US government implicating Russia would imply that there is strong evidence that the Russian government was involved,” said Westin. “However, given the sensitive and confidential nature of US intelligence agencies methods only a few will have access to the actual evidence which may raise suspicions as to the accuracy and veracity of the accusation.”
Westin pointed to the coincidence that this “naming and shaming” of Russia coming hot on the heels of President Obama declaring a national emergency and issuing an executive order regarding cyberthreats.
Earlier this month, Obama launched a punishment scheme usually reserved for terrorist organisations and rogue states. He created a US sanctions program, which for the first time ever, will use sanctions to financially punish individuals and groups outside the United States who are involved with malicious cyber attacks.
The US has previously “named and shamed” a number of countries for allegedly carrying out cyber attacks. Last May for example, the US took the unprecedented step of filing criminal indictments against members of Unit 61398 of the Chinese People’s Liberation Army (PLA).
Are you a security pro? Try our quiz!