The White House told the press this week that its Executive Office of the President (EOP) network was hacked a few weeks ago, and pooh poohed the data breach by pointing out that it was "only" an unclassified network and the hackers were committing "fairly standard espionage." Yeah, sure.
The fact an unclassified White House network has been penetrated is an epic fail, and that they are downplaying the hack indicates it is probably a lot worse than they are admitting. To add insult to injury, they did not even know until a friendly foreign government told them about the compromise. Ouch.
It's likely that this hack was a staging area so the hackers could get into a classified network, potentially using something similar to the AirHopper keylogger which allows bridging the air gap using FM radio signals. Here is a video that demonstrates this very scary new technology: https://www.youtube.com/watch?v=2OzTWiGl1rM
Part of the mitigation procedures included white house staffers having to change their passwords, and some intranet and VPN access was being shut off temporarily. Their email systems seems to have been shut down for a while as well, while they responded to the breach.
The Washington Post reported that Russian hackers may be to blame, which is an educated guess at this point, but very likely spot on as the Post report goes on to mention recent hacking campaigns that have targeted NATO, the Ukrainian government and US defense contractors – and draws a parallel with those incidents.
The FBI, Secret Service and National Security Agency are all involved in the investigation. White House officials are not commenting on who was behind the intrusion or how much data, if any, was taken.
It's not the first time that Russian intelligence has breached U.S. networks, in 2008 a Defense Dept staffer picked up an infected USB stick and stuck it in a workstation connected to a Military classified network. In 2012, Chinese hackers breached the White House network using a phishing attack that gave them access.
Graham Cluley over at ESET noted that "If the White House attack is linked to other recent attacks against nation states, that could implicate... the [Russian] Sandworm cyberespionage gang who have been using highly targeted email attacks to infect victims’ systems with the BlackEnergy trojan horse.
"Last month, ESET researchers Robert Lipovsky and Anton Cherepanov gave a presentation at the Virus Bulletin conference in Seattle, detailing how the BlackEnergy trojan has evolved over time from having simple DDoS functionality to exploit Word and PowerPoint vulnerabilities and incorporate the ability to spy on targeted computers." Here is their presentation: https://www.virusbtn.com/conference/vb2014/abstracts/LM3-LipovskyCherepanov.xml
So, how did the attackers get in? Highly likely spear-phishing. A recent report from April 2014 show 56% of employees in large enterprise and government still receive NO security awareness training. The data comes out of an interesting survey from the folks at Enterprise Management. According to employee responses in the survey report:
- 30% leave mobile devices unattended in their vehicle
- 33% use the same password for both work and personal devices
- 35% have clicked on a link in an email from an unknown sender
- 58% have sensitive information on their mobile devices
- 59% store work information in the Cloud
They said: "Some of the reported behaviors present inherent risks, while others depend on contributory factors like the failure to use device or data encryption. Insights into why employees make risky choices are revealed in two other report findings. Fifty-six percent of corporate employees, excluding security and information technology staff, have not had security or policy awareness training from their organization, while 45% of employees received training in one annual session. Without the foundation of on-going security awareness training, employees don’t receive the critical security information they need
to make secure choices."
As we have seen in continuous data breaches, and now at the very highest level.