Last year’s breach of unclassified White House computer systems was far more intrusive than initially thought and included the theft of some presidential correspondence, The New York Times reported Friday.
No classified systems were compromised in the attack, including the servers that control the message traffic from President Obama’s BlackBerry mobile device, the paper said.
However, much of the information the unclassified servers handle — items such as schedules, email exchanges with State Department officials, and discussions of personnel moves, legislation and policy — is considered sensitive.
“That type of information is significant, because it’s a social engineering treasure trove,” said Renee Bradshaw, senior solutions marketing manager for NetIQ.
“Although it wasn’t a classified system, it gives cybercriminals information that can be used to access those classified systems,” she told TechNewsWorld.
Gold for Spies
The breach could be very serious if, as the Times was told, the intruders were working for the Russian government.
“One of the top priorities of espionage is to measure an adversary’s intent,” explained Richard Stiennon, chief research analyst with IT Harvest.
“Most espionage over the years did an OK job of measuring capability — such as troop movements and number of missile installations — but it’s always hard to tell a leader’s intent unless you’re eavesdropping on their conversations,” he told TechNewsWorld.
“While Obama’s email wasn’t compromised,” he continued, “a lot of people who engaged in email conversations with him were.”
Protecting a broad network like the one used by the White House isn’t easy, noted Scott Borg, CEO and chief economist with the U.S. Cyber Consequences Unit.
“If you’ve got a network that a lot of people have to use, and that accepts communication from a lot of different directions, it’s very hard to secure that,” he told TechNewsWorld.
“It’s not a big deal that kind of network was penetrated, so I think the story is in danger of getting overblown,” Borg said, “but it’s certainly reason to be wary.”
Operation Pawn Storm
The attack on the White House and State Department systems is part of an ongoing campaign that Trend Micro is calling “Operation Pawn Storm.” It is mainly targeting military, government and media organizations in the United States and its allies, as well as Russian dissidents and Ukrainian activists.
“The campaign is ongoing and was ratcheted up last September,” explained Tom Kellermann, chief cybersecurity officer with Trend Micro. “Since then, it’s gone nuclear in a most stealthy and robust fashion.”
Classified systems, which are typically “air gapped” and not connected directly to the Internet, haven’t been compromised yet, but that’s small comfort.
“This group has the capacity to bypass air gaps,” Kellermann said. “Air gaps are not invincible.”
“My concern is [the federal system defenders] haven’t effectively eradicated the footprint of the adversaries from the system.”
It’s also worrisome that the total bill of damages may still be unknown.
“The fact that they could read the president’s email means they were on the network,” observed Rear Admiral (Ret.) Jamie Barnett, head of the cybersecurity practice at Venable.
“What hasn’t been said is what else might have been compromised,” he told TechNewsWorld. “We just don’t know, and I doubt that we’re going to find out.”
Although it’s believed that Russians were behind the computer system breach at the White House, the administration has been mum on the subject.
“There’s this myth that the Chinese only go after IP and the Russians only go after political stuff or financial crime,” said Taia Global CEO Jeffrey Carr, author of Inside Cyber Warfare: Mapping the Cyber Underworld.
“That’s nonsense,” he told TechNewsWorld. “Technically, anyone could have done this, which may be why the White House isn’t publicly saying it’s the Russians.
President Obama’s predecessor, George W. Bush, avoided email security concerns by avoiding email, which may have been an extreme solution to the problem.
“It’s essential for presidents to be using contemporary technology,” said U.S. Cyber’s Borg. “When we have politicians that delegate this stuff to assistants, those politicians get out of touch with how the modern world really works, and that can be a real problem.”