Assessing the White House breach
- By Colby Hochmuth
- Oct 29, 2014
Officials acknowledged that hackers breached the White House's unclassified computer networks in the past few weeks, and a Washington Post report says the Russian government was the likely culprit.
"The White House has detected some activity of concern on the White House network," said spokesman Josh Earnest, who would not speculate on the identity of the hackers.
A White House official told Reuters that mitigation efforts were ongoing but declined to identify the nature of the breach.
"In the course of assessing recent threats, we identified activity of concern on the unclassified [Executive Office of the President] network," the official told Reuters. "Any such activity is something that we take very seriously. In this case, we took immediate measures to evaluate and mitigate the activity."
According to the Post, the breach caused "temporary disruptions to some services," though unnamed sources told the newspaper that the breach did not damage any systems and there was no immediate evidence that a classified network had been breached.
Some experts are saying the attack might not have sought to cause any real damage. Mike Lloyd, chief technology officer at RedSeal, said modern malware is often designed to do as little as possible in order to avoid detection.
"Adversaries understand the value of good information, of maps and the relationship of assets," Lloyd said. "Such information can be extracted with a minimum of fuss, unless the person being scanned is very diligent and observant."
According to the Power Line blog, the computer system in the Executive Office of the President was down for about a week while IT staffers identified and fixed the issue, although email and Internet access were quickly restored.
Michele Borovac, vice president of HyTrust, said the breach highlights the importance of building defense with more depth.
"Perimeter security is no longer adequate as hackers are clearly able to get inside networks almost at will," Borovac said. "Once inside, hackers will 'land and expand,' ideally finding privileged administrator accounts that would grant them unfettered access to more important systems."
Lloyd lauded the White House's response.
"It seems in this instance the White House did well," he said. "They were paying enough attention to detect someone just trying to gather information without immediately doing any harm."
Colby Hochmuth is a former staff writer for FCW.