So now it’s the White House’s turn. Having taken a swing at just about every other piece of the U.S. government’s network infrastructure, attackers, reportedly based in China, recently targeted a machine on an unclassified network inside the White House Military Office and were able to compromise it through a spear-phishing attack. The attack has drawn a lot of attention, as stories that include the words “White House” and “attack” do, but the notion that this attack may be the one that finally forces the U.S. to address the threat from foreign attacks is misguided.

The White House’s networks, like every other network owned by the federal government, is under continuous attack. The machines on those networks, whether classified or unclassified, are viewed as high-value targets and as a way into the broader government infrastructure as a whole. So attackers do what they do, and go after those targets. We don’t know how often they succeed, nor do we know how they succeed when they do get in. And so hearing publicly about a successful intrusion on the White House’s network is a rare event. 

The story of the compromise, first reported by a conservative site called The Washington Free Beacon, reads like the account of so many other intrusions at high-profile organizations in the last few years. A spear-phishing attack, an exploit and a compromised PC. Job done. The folks at RSA can relate to that scenario, as can security officials at a variety of banks, software companies and defense contractors. Boring, sure, but quite successful. This time, the attack on the White House network didn’t result in any lost data and the attackers never had access to any classified machines, according to Politico.

These attacks, and other much more sophisticated ones, have been banging up against government networks since there were government networks to break into. Most recently, a lot of the organized, long-term campaigns have been tied to attackers from China, whether they’re state-sponsored groups or freelance crews working for a specific client. Security researchers have said there are two main groups of attackers operating in China that are consistently targeting U.S. assets, both in the private sector and the government. Security officials inside the government are well aware of this situation and know where the majority of the attacks are coming from and what the attackers are after. They know what’s happening, as do people at the highest level of the administration.

The attackers have gone after military secrets, corporate intellectual property, financial information and anything else that has economic or political value. They’ve succeeded many times and failed other times, but the attacks continue unabated.

So what’s different about the attack on the White House? Nothing. 

It stands out because it’s the White House and because government officials are talking about it (off the record, of course). But there is little evidence to suggest that this attack could be the one to send politicians and administration officials over the edge to start demanding answers or accountability from China. The problem is that these attacks aren’t done as one-offs or on a whim. They’re part of a long-term campaign with goals, division of labor and serious financial backing. This is not something that anyone is going to give up at the first sign of diplomatic anger.

It’s the equivalent of the years or decades-long espionage operations that have been run by intelligence services for hundreds of years. Technology simply has made the job easier and less dangerous.

Categories: Government

Comments (4)

  1. Anonymous
    1

    Government computers on the Internet are like debt cards and checks, or visiting Vegas. One doesn’t keep enough on them or themselves that they need to worry about losing, if something happens then no big deal. The real information is so secure that it’s electronic signature doesn’t even pass through one wall, much less several. Of course this WH hack makes nice press, but it’s essentially meaningless far as the quality of data acquired.

  2. Anonymous
    2

    See Paul Ducklin’s comment about this on the Sophos blog for October 2, 2012.  Looks like the White House got some spam (if it was ID’d as spam, it went into a spam box–just like my/your spam) and nothing happened.  Instead, some people/reporters/security “experts” are using the incident to indict the USA’s IT security–which is no worse than anyone else’s anywhere else (and it might be better).

    Regards,

  3. Anonymous
    3

    See Paul Ducklin’s comment about this on the Sophos blog for October 2, 2012.  Looks like the White House got some spam (if it was ID’d as spam, it went into a spam box–just like my/your spam) and nothing happened.  Instead, some people/reporters/security “experts” are using the incident to indict the USA’s IT security–which is no worse than anyone else’s anywhere else (and it might be better).

    Regards,

  4. JeffreyCarr
    4

    Its funny that Kaspersky is commenting on this as if they wish America had better cybersecurity. Last time I checked, Russia does the same type of shtuff that China does, and Kaspersky doesn’t bat an eye.

Comments are closed.