Chinese cyber attack against the White House

Tuesday, October 02, 2012

Pierluigi Paganini

03b2ceb73723f8b53cd533e4fba898ee

(Translated from the original Italian)

The news is circulating on the internet creating great concern once again that  Chinese hackers have hit the infrastructure of a foreign state, and once again we are speaking of cyber espionage, but this time they were able to access the White House Military Office.

The Washington Free Beacon announced the cyber attack against the White House originated from Beijing, reporting the admission of an Obama administration national security official who stated:

‘"This was a spear phishing attack against an unclassified network"

“In this instance the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place.”

Confirming that similar attacks happen daily against national networks and that this time the offensive haven’t had disastrous consequences.

According the official the attack is started earlier this month and has targeted the  White House Military Office (WHMO), apparently the hackers have moved the offense from a server located in China.

The incident is really serious due the nature of the sensible information managed by the Office, its network is the US president's military office, a department responsible for government's most sensitive communications, including presidential travel, government teleconferences and also strategic nuclear commands.

According a former senior U.S. intelligence official:

“This is the most sensitive office in the U.S. government,” “A compromise there would cause grave strategic damage to the United States.”

The article of The Washington Free Beacon reports:

"According to the former official, the secrets held within the WHMO include data on the so-called “nuclear football,” the nuclear command and control suitcase used by the president to be in constant communication with strategic nuclear forces commanders for launching nuclear missiles or bombers.

The office also is in charge of sensitive continuity-of-government operations in wartime or crises."

Many cyber experts have no doubts, this is a Chinese cyber warfare operation, in particular responsible for these type of attacks is the famous cyber unit called the 4th Department of General Staff of the People’s Liberation Army.

According rumors the attacks could be linked to the U.S. interference in the  dispute over the Senkakus Islands between China and Japan.

But events like this raise a series of questions.

  • How is it possible to hack “hardened” systems of a government such as U.S.?
  • Which information have been really exposed?
  • Why differently from previous and known attacks, the press have proposed the news emphasizing the possibility of a data breach in a so critical office?
  • If a critical Office of one of the most advanced country in cyber warfare has been hacked what could be the real level of security of other government networks?

It must be considered that Chinese military conducts one of the most aggressive cyber strategy, it is recognized one of the most dangerous country for its continuous cyber espionage operations targeting foreign governments and private businesses.  In the past state-sponsored hackers have attacked several U.S. Defense contractors such as Lockheed Martin and Northrop Grumman.

According principal intelligence source U.S. are losing the cyber espionage war against China, and not only. Countries such as Russia but also North Korea and Iran represent a serious menace for the government of Washington. Gen. Keith Alexander, chief the NSA and Cyber Command, declared the China is conducting successfully a cyber espionage campaign on large scale that caused a $1 trillion of loss.

Returning to attack against the White House sincerely I don't understand the way to manage the news from government side. Why give public information on an offensive against a so critical Office?

I have some response fruit of my imagination that could explain approach followed by White House:

  • With a so sensational news the Government desire to increase the sensibleness between the population that a cyber attacks could create serious damages, that the country is involved in a new "model" of war dangerous at least such as a conventional conflict.
  • It's possible that the attack has successfully leaked sensible information and White House made outing before the news could create media problem in a so delicate moment for the country.
  • Last consideration ... we live in misinformation era, the news of similar attacks could attract many other group of hackers on fake targets, the information spread could deceive them and it is also possible that the U.S. defense could desire address the attacks against honeypots that manage artifact information.

Which is your opinion?

Pierluigi Paganini

References

http://securityaffairs.co/wordpress/9092/hacking/chinese-cyber-attack-against-white-house-office.html

 

Possibly Related Articles:
10690
Infosec Island
China Attacks Espionage White House spear-phishing
Post Rating I Like this!
35d93e1eda881f6e3dde4e87428a975e
Michael Johnson Was there even a security incident to begin with? Some dude, who may or may not actually be in China, alledgedly emailed malware to an unclassified part of the network, and it got reported. Even if the malware was run, I'm sure its impact would be very limited. There's a huge difference between sending a dodgy attachment to someone like the NSA and actually compromising its network.

It would be interesting to see the email itself, to determine how much groundwork the attacker did beforehand, and whether the malware was just typical off-the-shelf stuff.
1349273796
03b2ceb73723f8b53cd533e4fba898ee
Pierluigi Paganini I agree Michael ... actually there are no sure news regarding the incident and its impact ..
1349295343
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.