White House confirms network breach, thwarted attack
Summary: The White House confirms a hacking attempt on an unclassified network, but shows that humans often remain the weak link in the security chain.
Another day, another attempt on the President's networks.
The White House confirmed today it was subject to a cyberattack, that saw one of the most secure networks in the world almost attacked by hackers.
But the incident, which is thought to have taken place earlier this month, was downplayed by White House staff and described as an "isolated" incident.
An unclassified network was affected and quickly locked-down, but there was no evidence to suggest any material had been stolen, despite claims that the attack took place in the White House Military Office, home to the so-called "nuclear football," that carries the codes to the U.S. government's nuclear arsenal.
Described by Conservative publication The Washington Free Beacon, Bill Gertz explained that one U.S. official said the breach was "one of Beijing’s most brazen cyber attacks against the United States."
Politico fired back with a stealthy quote from another official explaining the situation in much calmer terms. What was the culprit? An email attachment laden with malware, according to the official. The attack used "spear phishing," or 'specific phishing', sent to a particular target masking as someone the recipient may know, in the hope that malware would be installed on the computer allowing in a backdoor to the network.
But the official claimed that none of the White House's secure networks or classified computers were affected, and that there was no "attempted breach" of a classified system.
While spear phishing attempts are far from sophisticated, they are on the rise. But while the attack may worry those in Washington, both the Free Beacon and Politico -- despite on both sides of the political divide -- were both clear to state that no classified materials were taken.
As Business Insider notes, while the White House's networks are undeniably secure, unclassified and lower-classification materials will travel on encrypted but lower-end networks, while extremely sensitive information -- just as it would be in the U.K. and other Allied nations -- would be sent through highly-encrypted networks that are closed-circuit to the outside world, or protectively marked, filed on paper and armed to the teeth, perhaps as much as the President's own secret service detail.
At least the West can sleep soundly tonight knowing that we're not on the edge of (another) Cold War.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Let's also not forget political email communication
This happens a lot. It's not major new here. But government and White House security is a constant concern and foreign nation states are regularly testing our perimeters.
Government employees are perfect!
You, Sir
Important Points
Also, I can imagine that the folks in charge of keeping the government lines secure have been at it for a while and aren't easily tricked nor are the security measures easily breached. I don't worry much about this. As far as the Hatch Act of 1939 goes, I would imagine the political communications are done via other non-government supplied yet secure means? Is the government the only place to find secure communications?
Umm.. those pictures
ummm... yeah.
Perfect response acmw@,
And the photos are behind the president, on a smaller desk. Probably so when he pushes away from the large desk, to take a five minute break, he can look at the pictures or gaze outside.
Man! Some of you people are reall out there!
Again acmw, just priceless!!!
Pictures are on....
Email security
Isn't there a way to test the From address for validity?
Yes You Can Test for Email Validity
When I was en Exchange Admin, I used to contact the owners of email relays that passed the spoofs and tell them how to tighten up their systems.
Email security
As always, good practice is to send to spam and auto delete these suspect e-mails. Write a script to allow for e-mails to be deleted without being opened if necessary and never send a reply to the spam, they will then know you are a valid e-mail address and keep coming at you. Also, don't allow for message "read replies" for the same reason. If you must open an attachment, do it in a virtual machine that can be re-set immediately after you have completed your analysis of the attachment. Do your analysis in Backtrack or Knoppix, which has many tools with which to play.
Not a comprehensive overview, but some good practices for you.
Hope it helps.
Correct, you are not knowledgeable
It is easy to (completely) fake a from address on an e-mail. Those e-mails that come from sos-and-so@uk-lottery.ru are made by the seriously incompetent spammers, not sophisticated chinese government sponsored hackers.
Sheeesh
It has been a really, really, long time since I have been chastised for asking a question.
Thank you for reminding me there are posters like you who have total knowledge and are prepared to let everyone know of your knowledge.
Once more, thank you.
Yes, you are correct...
filter
Of course, if you have a pirate account in .ru for downloading snazzy stuff, you might want to exempt them ;')
Isn't there a way to test the From address for validity?
Further the recipients email servers are doing automatical check the responsibilites their counterparts for Email domain of the particular sender.
http://en.wikipedia.org/wiki/Sender_Policy_Framework
And typically the sender's Email server requires authorization (i.e login/password) to check validaty if his addres in the from.
So that this phishing attack is not so simple as it may look like.
Sooo ... someone sent an attachment?
I say,
So let me get this straight you guys blocked a simple phising attack and stated it was to be a sever attack on the White House? God forbid a real mother fucker going in there and doing what hacking is all about
You guys gonna classify him as world war 5?
white house: Oh but world war 5 has not happened yet.......
Attack: Oh but u see thats the thing , This is so powerful it over rides world war 3 , & 4 which comes up to 5 :)
Sad thing is United States broadcast that they have blocked a hacking attack?
Oh yay wippy fucking doooooo , So statistic wise the USA is still the top 1. country to get hit by cyber attacks,
Gonna broadcast that whitehouse? PRob not cause you only want the morons to see you guys do good
What you fail to realize is that those that are smarter then you know the truth and sooner or later Society will to
USA needs to step up its Cyber Security standards dramatically and force laws to require all Sys admins , IT tech' , etc etc to be certified in some form of Technology that relates to this.
Its because of morons that our systems are so unsecured
Trust me - You will see one day
Too bad
The real reason they're even going public with this.
I'll tell you why.
CISPA. Cyber Intelligence Something Bla Bla.
Despite having been downvoted in the Senate, and severely attacked on all fronts by netizens and privacy/free speech organizations alike, Obama is pushing this as a so called executive order. That means, "I'm a dictator who doesn't give a shit about what my parliament says".
So what does he use to prove that he is right? Obviously he needs to paint a picture that internet security is risky business, and giving the government all the power they want is a way to prevent bad guys. Yeah cool. It isn't, but that's a different story.
Publishing this story, is essentially a lead up to the announcement that the CISPA executive order has been signed. When someone asks critical questions, he'll just point to this incident. As if it even happened, much less that it was any threat at all.