The Washington Post reports that hackers successfully breached the White House’s unclassified computer networks a few weeks ago.
While the attacks resulted in temporary disruptions to some services, White House officials told the Post there’s no indication at this point that the classified network was breached.
“In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President [EOP] network,” a White House official, speaking on condition of anonymity, told the Post. “We took immediate measures to evaluate and mitigate the activity. … Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it.”
Although the Post says the hackers are thought to have been working for the Russian government, the White House official wouldn’t comment on who was behind the intrusion. “Certainly a variety of actors find our networks to be attractive targets and seek access to sensitive information,” the official said. “We are still assessing the activity of concern.”
“On a regular basis, there are bad actors out there who are attempting to achieve intrusions into our system,” a second White House official told the Post. “This is a constant battle for the government and our sensitive government computer systems, so it’s always a concern for us that individuals are trying to compromise systems and get access to our networks.”
The Huffington Post published a White House internal email regarding the breach, which states, “In the course of assessing recent threats, we identified activity of concern on the unclassified EOP network. Any such activity is something we take very seriously. In this case, we took immediate measures to evaluate and mitigate the activity. Our actions are ongoing, and some have resulted in temporary outages and loss of connectivity for our users.”
“Our computers and systems have not been damaged, though some elements of the unclassified network have been affected,” the email added. “The temporary outages and loss of connectivity that users have been experiencing is solely the result of measures we have taken to defend our networks.”
Perspecsys CMO Gerry Grealish told eSecurity Planet by email that breaches like these serve as a reminder of how well-funded cyber attacks can be. “What had been the domain of the criminal enterprises in Russia are now being escalated to include state-sponsored activity, which means that nearly limitless resources are in play to achieve objectives such as the White House network breach,” he said.
And Malwarebytes Labs malware intelligence analyst Chris Boyd said by email that it’s no surprise the White House was targeted. “While political tensions are often played out in public, it seems that highly specialized cyber-incursions have become a popular and lower profile offensive tactic,” he said. “Even though this particular breach doesn’t seem to have compromised any sensitive information, it is still a sign of how geopolitical tensions are expressed in the modern world.”
Administration officials told the New York Times the attack didn’t seem to be aimed at destroying data or hardware, which suggests that it was aimed instead at mapping the White House’s unclassified networks to search for entry points to other systems.
RedSeal CTO Dr. Mike Lloyd said by email that a reconnaissance attack like that can still be enormously useful to the attacker. “Adversaries understand the value of good information — of maps, and the relationship of assets,” he said. “Such information can be extracted with a minimum of fuss, unless the person being scanned is very diligent and observant. It seems in this instance the White House did well — they were paying enough attention to detect someone just trying to gather information without immediately doing any harm.”
“Think of it, perhaps, as ‘casing the joint,'” Lloyd added.