Home & Office

The White House hack: Imagining a system breach's nightmare scenario

Breaches happen all the time, even in government. But an unclassified system breach can be as bad as a classified breach. David Gewirtz offers a worst-case scenario.
Written by David Gewirtz, Senior Contributing Editor
There are conflicting reports about whether or not Russian hackers breached White House network security. While there have been some uncredited and non-specific denials, a report as of 7:29am ET today from CBS News states that federal agencies are investigating a breach that occurred last year.

The report includes an interesting statement attributed to Deputy National Security Adviser Ben Rhodes: "The fact is that's why we have a classified system, because there's less risk in the classified system and that is secure. On the unclassified system we take regular actions to prevent vulnerabilities and to enhance security."

There is a prevailing belief in Washington that as long as classified systems remain secure, we are safe. The feeling is that if bad guys breach unclassified systems, it's an inconvenience, but does not pose a risk to national security.

In 2007, I looked into this issue in great depth. The Bush Administration confirmed a large number of email messages were unaccounted for and that led me to look into how, exactly, the White House dealt with electronic messaging. That research led to a book. A major focus of the book was the split between secured messaging via the Executive Office of the President and unsecured messaging required as a result of compliance with the 1939 Hatch Act.

Then, as now, the belief was that as long as classified systems remain secure, risk was minimized.

I disagreed then and I disagree now. As part of my research, a nightmare scenario was constructed that, while horrible, was plausible. What follows is that scenario. It should be noted that my reference to an email server located in Chattanooga, Tennessee was based on fact. The Bush Administration did, indeed, route its political (unsecured) email through a small service provider.

With that, let's move onto the scenario itself, excerpted from my book.

The ultimate nightmare scenario

This morning, the President is going to give a fund-raising speech in Palo Alto and then fly from San Francisco International Airport back to Washington. Unknown, however, to everyone but a select few, the President's not going to be driven from Palo Alto directly back to SFO. He's going to detour to the small town of Sunol in the East Bay, population 1,332.

There, the President's going to have a most private conversation with a Senator in the opposing political party. Ever since the last election, when the opposing party won majorities in both the House and Senate, the President's agenda has been hog-tied. But, due to a minor disagreement with a leader in his own party, this particular Senator is thinking of switching sides. If he does, the entire teeter-tottering balance of power in Washington would shift in the President's favor.

All it would take for the Senator to switch is a few promises of political influence - and a face-to-face meeting between the President and the Senator. But no one can know about the meeting until the Senator makes his final decision and announces he's jumped to the President's ship. If word got out before everything was set, the Senator would deny the whole thing and the President's political coup would never happen.

And that's why the President will be taking a very secret detour to Sunol this very morning. Sunol is an out of the way town, and no one will notice one black limo traveling through Niles Canyon for a half-hour conversation over coffee.

Leaving Palo Alto, the bulk of the President's motorcade continues up 101 to the airport. Two unmarked cars, populated with agents of the Presidential Protective Detail, the President in his armored limo, and a helicopter bearing commercial markings all turn east, travel over the Dumbarton Bridge, turn right on Mission Boulevard, and head into the narrow Niles Canyon.

Just before the President's limo rounds the curve leading to the Niles Canyon Quarry and the railroad museum, four Ruchnoy Protivotankovyy Granatomyot (rocket propelled grenades) smash into the President's structurally-reinforced car. Another two smash into the escort car leading the small caravan and two more destroy the following car. Smoke obscures the area. The overflying helicopter can't see a thing.

The meeting never takes place.

But how could anyone have known that the President's limousine would be in the ambush-friendly zone that is Niles Canyon? Security was at its tightest. There were maybe ten people in the U.S. who knew the meeting was scheduled and the Senator hadn't told anyone, not even his wife or his closest aides.

How could this have happened?

The leak, it turns out, was a simple email message.

A senior White House official needed to send an email message about the President's visit to another senior White House official. Because the subject was about the political conversion of the Senator, the official knew he wasn't allowed to use the secure government email system. Instead, he was required to use the email system set up for political communication.

No harm in that, right?

No harm, except the system set up for political communication didn't go through secured channels. It was run by a 12-person company in Chattanooga, Tennessee. The company knew its stuff, and did a great job of managing email. There was just one gotcha. All such political email had to travel through the public Internet to get to and from the company's servers.

And, as has been the case for the last few years, there was a computer in the back of a store on Broad Street, just a few doors down from the Chattanooga company managing the President's political email. Connected to the computer was a simple DSL connection to BellSouth. Nothing fancy - except that the upstream network provider to the political ISP (Internet service provider) was also BellSouth.

The computer in the back of the store on Broad Street simply "sniffed" all the network packets it could find, hoping for a whiff of something yummy. This was possible since nearly everything that travels over the Internet is easy to intercept. The wide-open nature of Internet protocols made the Internet easy to design initially, but has long been a fatal flaw from the perspective of security.

Some of the packets the computer sniffed could be reconstructed into email messages. And one of the email messages the computer reconstructed just happened to be one from the one White House staffer to the other White House staffer. Since the Internet is generally open and unsecured, especially when it comes to email, it was really easy to intercept these particular email messages.

Of course, the computer in the back of that store on Broad Street wasn't being operated by anyone with affection for the U.S. government. It was one of the many off-the-shelf PCs bought and placed throughout the country, constantly scanning, hoping to capture something juicy. Something that could be used to hurt America.

This particular message detailed the White House staffer's excitement about the upcoming Niles Canyon road trip. After all, Charlie Chaplin filmed The Champ in Niles Canyon and this staffer loved the historical significance.

Little did our staffer know that, just a few days later, Niles Canyon would forever be known for something far more horrible.

Truth and fiction

The scenario you've just read is, thankfully, pure fiction.

Unfortunately, such a scenario is far more possible than anyone knew. It is based on the disturbing, yet verifiable details about White House email operations I discovered over the course of my investigation.

Here's what you should take away from this bit of speculative story-telling. A breach into our unclassified systems could be just as terrible as penetration into classified systems.

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.

Editorial standards