White House 'Cyberattack' Nothing to Panic About
CREDIT: 350z33/Creative Commons
Did the White House get hit by a cyberattack? Yes.
Is it a big deal? Maybe not.
On Sunday evening, the Washington Free Beacon, a conservative-leaning news blog, posted a story entitled "White House Hack Attack."
It said Chinese hackers earlier this month got into "one of the U.S. government's most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands."
According to unidentified White House officials who spoke to the Free Beacon, Politico and the Associated Press, the reality was more mundane.
"This was a spear-phishing attack against an unclassified network," one official told the Free Beacon.
In other words, someone in the White House received a spear-phishing email on a workplace computer that was connected to the regular Internet.
An unnamed source told FoxNews.com that a White House employee had "opened an email he wasn't supposed to open."
Whether or not the email's malicious payload — an attached file or embedded Web link — was opened as part of the second step necessary for infection, we don't know.
Catching big fish
Spear-phishing emails are frequently used by Chinese state-sponsored hackers to try to penetrate an organization's internal network.
Typically, a person within the organization will receive an email that appears to come from a colleague or acquaintance. Attached is a file crafted to be of interest to the recipient; for example, a document detailing an upcoming industry conference. In other scenarios, a link to a website is embedded in the body of the email.
But if the attachment is opened or the link is clicked, it will try to install malware, which, if successfully loaded, will then try to spread into the secure part of the network.
A White House official told Politico that the attack had been "isolated" and that no data had been lost.
Other information in the Free Beacon story was unclear, such as whether any high-security network had indeed been penetrated.
Technically, if a spear-phishing email were to get past the White House's email filters, then a White House network would indeed be breached — much in the same way your home network is breached when you get spam.
A White House official told the Associated Press that it was "not infrequent" for spear-phishing emails to be received by the White House.
Crude but effective
The White House Military Office is an obvious target for information-stealing hackers working for a hostile nation-state.
The office employs around 100 people and controls several aspects of the president's transportation, including the presidential helicopter and motorcade, as well as basic White House functions including the telephone and computer networks, the cafeteria and the medical center.
State-sponsored Chinese hackers have had some notable success with spear-phishing emails. In 2011, someone at the digital-security firm RSA received a spear-phishing email and opened the attached Excel file. The file installed a "backdoor" that let hackers remotely access RSA's internal network.
The hackers then stole secret codes that controlled RSA SecurID authentication algorithms, which thousands of companies and organizations issue to employees to permit remote logins into secure networks.
With the stolen RSA codes, the hackers broke into the secure networks of Lockheed Martin and other American defense contractors.
In order to guard against spear-phishing emails, companies and organizations train employees not to open unsolicited email attachments. As the RSA attack shows, such training doesn't always work, even in the most security-minded organizations.