The White House, home of U.S President Barack Obama and office to the Executive Branch of the U.S. government, is the latest organization to be a victim of a network breach.
A report in The Washington Post claims that an unclassified network in the White House was breached by hackers that are likely aligned with the Russian government. A Reuters report citing an unnamed White House official noted that “activity of concern” was found on the unclassified network used at the White House. The official added that the White House took immediate measures to mitigate the risk. Some of those measures involved restricted access to the network.
“The temporary outages and loss of connectivity that users have been experiencing is solely the result of measures we have taken to defend our networks,” a White House internal memo published by the Huffington Post stated.
The attack and the White House’s response to it were not surprising to security experts eWEEK contacted.
Even after shutting down part of the network, there would still be an effort to track down the source of the attack, Greg Kazmierczak, CTO at Wave Systems, said.”The decision to temporarily shut down the network was probably dictated by a combination of the type of attack, the remediation required and whether additional data could be lost during the remediation process,” Kazmierczak told eWEEK.
The allegation that the attack has its source of origin in Russia is not surprising to Dmitri Alperovitch, co-founder and CTO at CrowdStrike. The company has seen a lot of activity lately from a variety of groups it tracks, under the cryptonym “Bear,” that have ties to the Russian government, he said.
“It’s certainly not the least bit surprising that the White House communication system would be a very high intelligence collection priority for them,” Alperovitch said. “Shutting down parts of the infected network is a very prudent step to mitigate damage of the compromise [that] is believed to be extensive and not easily contained otherwise.”
Lucas Zaichkowsky, enterprise defense architect at AccessData, noted that even after shutting down part of the network, investigators will have lots of forensic evidence available to them. The allegation that Russia is involved in an attack against an unclassified network doesn’t mean that the information is any less valuable.
“Most nations have expanded espionage activity by engaging in computer network exploitation,” Zaichkowsky said. “Even unclassified data is useful to progress to larger campaigns.”
Whether Russia is, in fact, involved, the first step in any attack is information-gathering and that includes unclassified networks as well as classified, Hord Tipton, executive director of (ISC)2, said. “Assembly of information from key people found on unclassified networks can become valuable and, in many cases, classified,” Tipton said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.