White House sources partly confirmed an alarming report that U.S. government computers, reportedly including systems used by the military for nuclear commands, were breached by Chinese hackers.
“This was a spear phishing attack against an unclassified network,” a White House official said. “These types of attacks are not infrequent and we have mitigation measures in place.”
A law enforcement official who works with members of the White House Military Office confirmed the Chinese attack on Monday, but it remains unclear what information, if any, was taken or left behind.
“This White House Communications Agency guy opened an email he wasn’t supposed to open,” the source said.
That email contained a spear phishing attack from a computer server in China, the law enforcement source said. The attack was first reported by the blog Free Beacon. Spear phishing involves the use of messages disguised to appear as valid; in fact, they contain targeted, malicious attempts to access sensitive or confidential information.
By opening the email, which likely contained a link to a malicious site or some form of attachment, the agency member allowed the Chinese hacker to access a system, explained Anup Ghosh, founder and CEO of security company Invincea.
“The attack originated in the form of a spear phish, which involves a spoofed inbound email with either a link to a malicious website or a weaponized document attachment such as a .pdf, Microsoft Excel file or Word document,” he said.
Free Beacon claimed that the U.S. government’s most sensitive networks were breached in the incident, which took place early last month.
“One official said the cyberbreach was one of Beijing’s most brazen cyber attacks against the United States,” the report said.
The law enforcement source was notified of the successful phishing incident but did not know what information was actually accessed. A White House official downplayed that report, saying that the system involved was not a sensitive nuclear system, and no evidence indicated that information was actually taken.
“In this instance the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place. Moreover, there was never any impact or attempted breach of any classified system,” he said.
The attempted hacking of U.S. military networks used by the White House is a common occurrence, but success is rare.
Due to the volume of these attempts on secure computers, law enforcement, military, and members of other agencies with access to those systems and other White House secure networks have strict rules about email and Internet usage, the law enforcement official explained.
Chinese hackers are often cited as the cause of such incidents, Ghosh said.
“Over the past 24 months, China has been aggressively targeting America’s corporations for their intellectual property and our government agencies and departments for critical national security information,” he said.
The incident underscores the real cyber security challenge today: people.
“The cyber security industry is woefully behind the curve in terms of protecting the network from spear-phishing attacks against employees,” Ghosh said. “Today, training is the primary solution to this problem … and training simply does not work.”
“The White House, every Fortune 1,000 and Global 2,000 organization — medium-sized business, small businesses, consumers — ALL are at risk from spear-phishing attacks.”
Technologies need to be developed to protect against such attacks, Ghosh said, and government and private companies will remain at risk until computer users are placed in some form of “protective bubble” when they encounter untrusted content.
America is on the losing end of an aggressive cyber conflict waged by nation states, organized cybercriminals and hacktivists, he said.
“We need to give this critical priority — it needs to be a discussion at every level of our government and we must rapidly adopt new technologies to protect our nation from this threat.”
Source: Business Insider