White House hit with primitive cyber-attack
Staffers under US President Barack Obama have already confirmed that the Oval Office is readying the release of a cybersecurity executive order to be forced down the digital throats of every American any day now, and the beating of war drums sounding off the start of an assault on Internet freedoms is only getting louder. Now the White House says that they have thwarted an attempt to attack a computer system serving 1600 Pennsylvania Avenue, but the facts of the hack revealed so far suggest the latest news is nothing more than the same fear-mongering rhetoric used to unsuccessfully rally for a cyber-bill in Congress.
The Washington Free Beacon wrote Sunday, September 30, that sources within the Washington defense and intelligence community confirmed on condition of anonymity that hackers linked to the government of China broke into a computer system used by the White House Military Office for nuclear commands.
“One official said the cyber breach was one of Beijing’s most brazen cyber attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks,” Bill Gertz wrote for the Free Beacon.
On Monday, the White House confirmed to POLITICO that a cyber-attack had been attempted, but denied to confirm earlier allegations that hackers involved were recruited by the Chinese. Their admission did, however, explain the severity of the attack and suggests that the so-called cyber breach was driven by primitive attempts to access the emails of Obama administration staffers, not with stealth code but with social engineering.
One White House official speaking of the attack to POLITICO said the alleged hacker or hackers employed "spear phishing” techniques to try and access the Executive Branch’s systems, a method of attack that often involves little more than masquerading as an authorized agent over the Internet. A person behind spear phishing may decide to adopt the identity of someone seemingly harmless, then send emails to specifics targets within a certain business, corporation or — in this case — a branch of federal government and ask for information to be readily handed over.
Bruce Scheiner, a computer security researcher, is quoted by The Norman Transcript as explaining the attacks as such:
“It’s a really nasty tactic because it’s so personalized. It’s an e-mail from your mother saying she needs your Social Security number for the will she’s doing. This is hacking the person, it’s not hacking the computer.”
Spear-phishing is listed on the FBI’s website as a popular method of perfecting cyber-fraud, as well. There, the bureau says criminals “send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data,” only to try and dupe unsuspecting saps into providing personal information or inadvertently downloading malware that will target the networks accessed by that individual’s device.
“[The] victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.,” the FBI adds.
But is that really all these high-tech hackers had to do to drum up a scare from the White House? Apparently.
To Fox News, a White House official added Monday morning that the assault was indeed a spear phishing attack that targeted an unclassified network. Separately, a law enforcement official described as a collaborator “with members of the White House Military Office” said this latest cyber-scare was something all too simple:
"This [White House Communications Agency] guy opened an email he wasn't supposed to open," the source said to Fox. "The attack originated in the form of a spear phish, which involves a spoofed inbound email with either a link to a malicious website or a weaponized document attachment such as a .pdf, Microsoft Excel file or Word document.”
In other words, yes: sources speaking out on the assault so far confirm that a crafty email attempting to extract information from a White House staffer was sent to their inbox. And that was it.
Regardless, the latest effort is all but certain to be used in the ongoing charades that have helped craft a cybersecurity executive order expected to be rolled out any moment now.
Earlier this year, the US House of Representatives and Senate tried — unsuccessfully — to draft legislation that would let the government share information inputted in the private third-party servers of business and corporations as to come into possession with Americans’ personal communications, all in the name of counterterrorism and cybersecurity. Following the failure to advance any legislation, the White House confirmed last month that they have indeed been at work on an executive order, versions of which have already been leaked to the Web.
"We need to give this critical priority – it needs to be a discussion at every level of our government and we must rapidly adopt new technologies to protect our nation from this threat,” Anup Ghosh, founder and CEO of security company Invincea, tells Fox after the latest attempt to attack the White House.
"The White House, every Fortune 1,000 and Global 2,000 organization – medium-sized business, small businesses, consumers – ALL are at risk from spear-phishing attacks,” Ghosh adds. The reason, however, isn’t because networks are necessarily vulnerable — it’s the people who can put the White House’s security at stake by opening a single email attachment that can unleash a virus on the Obama administration’s system.
"Today, training is the primary solution to this problem … and training simply does not work,” Ghosh says.
Ignorance, one would have it then, is enough to add one more reason to the White House’s list for unveiling their cybersecurity executive order.