White House confirms network breach, thwarted attack

White House confirms network breach, thwarted attack

Summary: The White House confirms a hacking attempt on an unclassified network, but shows that humans often remain the weak link in the security chain.

SHARE:

Another day, another attempt on the President's networks.

The White House confirmed today it was subject to a cyberattack, that saw one of the most secure networks in the world almost attacked by hackers. 

But the incident, which is thought to have taken place earlier this month, was downplayed by White House staff and described as an "isolated" incident. 

Screen Shot 2012-10-01 at 17.04.12
Image credit: The White House

An unclassified network was affected and quickly locked-down, but there was no evidence to suggest any material had been stolen, despite claims that the attack took place in the White House Military Office, home to the so-called "nuclear football," that carries the codes to the U.S. government's nuclear arsenal.

Described by Conservative publication The Washington Free Beacon, Bill Gertz explained that one U.S. official said the breach was "one of Beijing’s most brazen cyber attacks against the United States." 

Politico fired back with a stealthy quote from another official explaining the situation in much calmer terms. What was the culprit? An email attachment laden with malware, according to the official. The attack used "spear phishing," or 'specific phishing', sent to a particular target masking as someone the recipient may know, in the hope that malware would be installed on the computer allowing in a backdoor to the network. 

But the official claimed that none of the White House's secure networks or classified computers were affected, and that there was no "attempted breach" of a classified system. 

While spear phishing attempts are far from sophisticated, they are on the rise. But while the attack may worry those in Washington, both the Free Beacon and Politico -- despite on both sides of the political divide -- were both clear to state that no classified materials were taken.

As Business Insider notes, while the White House's networks are undeniably secure, unclassified and lower-classification materials will travel on encrypted but lower-end networks, while extremely sensitive information -- just as it would be in the U.K. and other Allied nations -- would be sent through highly-encrypted networks that are closed-circuit to the outside world, or protectively marked, filed on paper and armed to the teeth, perhaps as much as the President's own secret service detail. 

At least the West can sleep soundly tonight knowing that we're not on the edge of (another) Cold War. 

Topics: Security, Government US, Privacy

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

37 comments
Log in or register to join the discussion
  • Let's also not forget political email communication

    Let's also add to that the unclassified and often poorly secured political communication, which by law (1939's Hatch Act) can't run on government secured networks.

    This happens a lot. It's not major new here. But government and White House security is a constant concern and foreign nation states are regularly testing our perimeters.
    David Gewirtz
  • Government employees are perfect!

    And I'm certain they would never use an unclassified network to communicate classified information because that would just be asking for trouble!
    MajorlyCool
    • You, Sir

      Seem to be the type that would love to help others. You see, I am a Nigerian prince...
      Benjamin NElson
  • Important Points

    Yes, but look at the photo of President Obama at his desk. Does he really keep all of those photographs on his desk all day long? Do they interfere with his signing of laws? Who are all those people? Why are the photographs facing "out"? Wouldn't that make it difficult for the President to see the pictures?

    Also, I can imagine that the folks in charge of keeping the government lines secure have been at it for a while and aren't easily tricked nor are the security measures easily breached. I don't worry much about this. As far as the Hatch Act of 1939 goes, I would imagine the political communications are done via other non-government supplied yet secure means? Is the government the only place to find secure communications?
    dvanderwerken
    • Umm.. those pictures

      Are on a smaller desk behind him. lol.
      BowTech
    • ummm... yeah.

      Like on the credenza. My guess is family pictures, but I'm sure Glenn Beck and company think they are Karl Marx and company.
      acmw@...
      • Perfect response acmw@,

        Actually just priceless.

        And the photos are behind the president, on a smaller desk. Probably so when he pushes away from the large desk, to take a five minute break, he can look at the pictures or gaze outside.

        Man! Some of you people are reall out there!

        Again acmw, just priceless!!!
        T-Wrench
    • Pictures are on....

      the credenza behind him.
      andilynne
  • Email security

    I not knowledgeable of the nuts and bolts of email security, but I get a lot of phishing emails with the From address looking legitimate, but the response address somewhere in .ru.

    Isn't there a way to test the From address for validity?
    mperata
    • Yes You Can Test for Email Validity

      Most email tools scan the header of an email to see if the sender is spoofing as was the case with the email described. Then the payload is usually deleted.

      When I was en Exchange Admin, I used to contact the owners of email relays that passed the spoofs and tell them how to tighten up their systems.
      scjeff
    • Email security

      mperata: There are a number of ways you can look to see what the actual return e-mail address is. Depending on your mail client, have it show the e-mail address, vs. the resolved name. You can often right click or even hover over the return address to see this.

      As always, good practice is to send to spam and auto delete these suspect e-mails. Write a script to allow for e-mails to be deleted without being opened if necessary and never send a reply to the spam, they will then know you are a valid e-mail address and keep coming at you. Also, don't allow for message "read replies" for the same reason. If you must open an attachment, do it in a virtual machine that can be re-set immediately after you have completed your analysis of the attachment. Do your analysis in Backtrack or Knoppix, which has many tools with which to play.

      Not a comprehensive overview, but some good practices for you.

      Hope it helps.
      solutions_z
    • Correct, you are not knowledgeable

      But you also didn't read too closely either. A spear Phishing attempt was actually described, in which the "from address" is _completely faked_ to appear as if from a legitimate source - someone you know.

      It is easy to (completely) fake a from address on an e-mail. Those e-mails that come from sos-and-so@uk-lottery.ru are made by the seriously incompetent spammers, not sophisticated chinese government sponsored hackers.
      dimonic
      • Sheeesh

        dimonic

        It has been a really, really, long time since I have been chastised for asking a question.
        Thank you for reminding me there are posters like you who have total knowledge and are prepared to let everyone know of your knowledge.
        Once more, thank you.
        mperata
        • Yes, you are correct...

          About 'dimonic', which I think is really 'demonic' misspelled. At least that is how he acts. I have grown absurdly tired and fed up with this 'thing' that takes place on the Internet where people do the best they can to show off their 'superior' intelligence by correcting others in a mean and childish manner. "Dim" there is a good example. He supposes that he knows everything but that is really anxiety about what he does not know, or understand. He is worried that people will learn the truth about him. So, he responds in a manner that betrays his true emotional status thus revealing himself to be that which he truly is, but, does not want others to have knowledge of. That is called 'fooling yourself', but not anyone else. Thank you for the opportunity dimonic.
          DFORENSICS1
    • filter

      If you use gmail you can just set a filter to delete all mail from .ru - unless you have relatives in Russia. Same goes for domains in China and most of Eastern Europe, Africa, and to some extent, the Middle East. You can just google for the domain names.

      Of course, if you have a pirate account in .ru for downloading snazzy stuff, you might want to exempt them ;')
      James Mooney
    • Isn't there a way to test the From address for validity?

      Sure, there is technology so-called "digital signature". http://en.wikipedia.org/wiki/Digital_signature

      Further the recipients email servers are doing automatical check the responsibilites their counterparts for Email domain of the particular sender.
      http://en.wikipedia.org/wiki/Sender_Policy_Framework

      And typically the sender's Email server requires authorization (i.e login/password) to check validaty if his addres in the from.

      So that this phishing attack is not so simple as it may look like.
      Andrey Lartsev
  • Sooo ... someone sent an attachment?

    That's the net sum of this, someone sent malware as an email attachment, and the mail gateway didn't catch it? Golly, stop the presses ...
    daboochmeister
  • I say,

    I do say that if the USA Deems " Beijing’s " one of the most sophisticated cyber attacks that was plotted to attack one of the most Classified - Secure systems in the USA ( If not being the top 10 ) and the government comes out ( Our's USA ) and says they blocked it

    So let me get this straight you guys blocked a simple phising attack and stated it was to be a sever attack on the White House? God forbid a real mother fucker going in there and doing what hacking is all about

    You guys gonna classify him as world war 5?

    white house: Oh but world war 5 has not happened yet.......

    Attack: Oh but u see thats the thing , This is so powerful it over rides world war 3 , & 4 which comes up to 5 :)


    Sad thing is United States broadcast that they have blocked a hacking attack?


    Oh yay wippy fucking doooooo , So statistic wise the USA is still the top 1. country to get hit by cyber attacks,

    Gonna broadcast that whitehouse? PRob not cause you only want the morons to see you guys do good

    What you fail to realize is that those that are smarter then you know the truth and sooner or later Society will to


    USA needs to step up its Cyber Security standards dramatically and force laws to require all Sys admins , IT tech' , etc etc to be certified in some form of Technology that relates to this.


    Its because of morons that our systems are so unsecured


    Trust me - You will see one day
    Hex00010
    • Too bad

      You would've had a great response but you used the 'f' word and messed it all up. Now you only get a B-. Darn, phooey, fiddlesticks, and shoot are all better words with more dramatic flare these days. Think about using them next time.
      DFORENSICS1
    • The real reason they're even going public with this.

      Ok, maybe they were actually attacked by "hackers" (it's crackers, like the biscuits). Even if they were, there is no sane reason why they would actually go public with it. What purpose does it serve anyone that someone almost came close to having a look at a dream about imagining knocking on the front door of the white house?

      I'll tell you why.

      CISPA. Cyber Intelligence Something Bla Bla.

      Despite having been downvoted in the Senate, and severely attacked on all fronts by netizens and privacy/free speech organizations alike, Obama is pushing this as a so called executive order. That means, "I'm a dictator who doesn't give a shit about what my parliament says".

      So what does he use to prove that he is right? Obviously he needs to paint a picture that internet security is risky business, and giving the government all the power they want is a way to prevent bad guys. Yeah cool. It isn't, but that's a different story.

      Publishing this story, is essentially a lead up to the announcement that the CISPA executive order has been signed. When someone asks critical questions, he'll just point to this incident. As if it even happened, much less that it was any threat at all.
      Tåddi Valåmo