(originally published 10/29/2014)
According to reports released today, The Executive Office of the White House was breached by unknown perpetrators, although suspicion seems to be centering on Russian hackers.
The attacks apparently occurred a couple of week ago, although CNN is reporting that there were personnel at the White House who were claiming that the White House network was down as recently as this weekend, due to the security events they experienced.
The network in question is unclassified though, and it’s unlikely the hackers could access any classified networks from that one. Classified networks are typically maintained with what is called ‘air-gap separation’ from any unclassified networks, meaning that they don’t share any common network gear, fiber or copper, anywhere along the chain, so to speak. That said, especially when it comes to security, one should never say never.
According to a source who spoke to the BBC, the attack was ‘consistent with a state-sponsored effort’, and that certain users were made to change their login passwords, and some or all of the network was shut down for some period of time. Without trying to speculate too much, it could be that malware was found in the network that was similar in style to the malware downloaded into NASDAQ systems a few years ago.
In that breach, malware was detected in certain critical systems of the NASDAQ stock exchange, placed there through the use of several previously undiscovered zero-day vulnerabilities. That malware, after analysis, was found to be similar in design to malware previously written by the Russian Federal Security Service (formerly KGB). That software, while containing the ability to monitor and record data, was primarily designed to disrupt and destroy the systems it had infected.
Whether the software on the White House servers is similar, or was designed for another purpose, remains to be seen. This story is still in the early stages of development, and more data will almost certainly be revealed over time.
