White House network breach was likely nation-sponsored

The White House has confirmed that the unclassified Executive Office of the President network has been breached by unknown hackers.

People in the know speculate that the attackers are working for the Russian government. This would not be the first time that a Russian cyber group has targeted US’ government and military networks, and the recently discovered cyber espionage efforts aimed at NATO, the European Union, Ukrainian and Polish government organizations by the hands of the pro-Russian SandWorm Team points towards a concentrated effort to spy on states deemed to work against Russian interests.

Naturally, it will be hard – if not impossible – to prove the origin of the attack and pin it to a specific group or state.

Another thing that is yet unknown is what the attackers were after and what information they managed to access.

The compromise apparently happened two or three weeks ago. US officials didn’t notice it themselves, but received a tip from an allied country.

The FBI, Secret Service and National Security Agency have been called in to investigate the intrusion, and the White House “took immediate measures to evaluate and mitigate the activity.”

White House workers were asked to change their passwords and remote access to the network via VPN was made temporarily impossible. The email system was slower that usual, but kept working.

An anonymous White House official shared with the Washington Post that, so far, it appears that the classified network wasn’t breached, and that the attackers didn’t do any internal damage on the unclassified one.

“The reconnaissance attack on the White House is a dramatic reminder of a general truth: whenever we look for any kind of attack, we find that yes, indeed, it is happening. Anyone assuming they are not under attack because nothing has gone wrong so far is suffering the “Christmas Turkey fallacy’ – all the days the turkey spends seem to be pretty good, except for that last one,” commented Dr. Mike Lloyd, CTO at RedSeal.

“Attacks are very often not destructive at all – modern malware is frequently designed to do as little as possible, so as to avoid detection. Adversaries understand the value of good information – of maps, and the relationship of assets. Such information can be extracted with a minimum of fuss, unless the person being scanned is very diligent and observant.”

“Government networks the world over are on the front lines of a digital conflict, so it’s no surprise the White House has been targeted as it presents a very rich target,” says Chris Boyd, Malware Intelligence Analyst at Malwarebytes.

“Whilst political tensions are often played out in public, it seems that highly specialist cyber-incursions have become a popular and lower profile offensive tactic. Whilst this particular breach doesn’t seem to have compromised any sensitive information, it is still a sign of how geopolitical tensions are expressed in the modern world.”

“As details on the actual breach are still thin on the ground, it’s difficult to comment on the technical aspects, but it does underline the growing success of advanced attacks. Traditional security solutions are continually being left wanting as advanced exploits, social engineering and other complex attacks develop too fast. Large organizations, particularly those in sensitive areas, need to combine advanced countermeasures with frequent staff training to ensure the best possible defence against this relentless progression in attacks.”