In
early April, the White House announced that Russian hackers had penetrated the
White House through a seemingly innocuous email account. Their target was the "Executive Office
of the President" network; an unclassified yet highly sensitive system
that processes among other things, President Obama’s emails, schedule and
policy notes. The attack bears the same
hallmarks of a similar intrusion last year at the State Department. Based on the level of sophistication, U.S.
officials believe the Russian government is the culprit (Sales, 2015). If this incident wasn’t serious enough, a
couple weeks after the White House disclosure, officials were forced to admit
that Russian hackers had also accessed an unclassified Pentagon network in
early 2015. The breach which was only
recently declassified illustrated another sophisticated cyberattack against the
U.S. government most likely perpetrated by Moscow (Crawford, 2015). These attacks targeted the same weak link in the
cybersecurity chain: Us.
Much
like the Sony Pictures attack, officials believe the White House incident was perpetrated
through a successful spear-phishing campaign.
For the uninitiated, this type of attack entails the detailed targeting
of a high-level official with a malware laden email. Often times, the official mistakenly opens an
infected attachment and the rest is history.
This type of attack is so successfully employed that Wired believes 91% of hacking attacks
begin with a phishing email (Sales, 2015).
The Pentagon attack on the other hand appears to be a little less
straight-forward. Understanding that the
Department of Defense has only recently declassified portions of the incident,
it is unclear how exactly hackers gained access to a highly-guarded yet
unclassified Pentagon network. Initial
reports point to an unpatched vulnerability, which indirectly leads us back to
inadequate human involvement in the security chain. Given the fact that the Office of the
National Counterintelligence Executive has labeled Russia “a national long-term strategic threat to the United States,”
it would seem to be a foregone conclusion that we as security professionals
need to increase our training and awareness (Cilluffo & Cardash, 2015).
References
Cilluffo,
F. J. & Cardash, S. L. (2015). How to stop Putin hacking the White House. Newsweek. Retrieved from http://www.newsweek.com/how-stop-putin-hacking-white-house-321857
Crawford,
J. (2015). Russians hacked Pentagon network, Carter says. CNN. Retrieved from http://www.cnn.com/2015/04/23/politics/russian-hackers-pentagon-network/
Sales,
F. (2015). White House hack: By way of Russia with help from spear fishing. Tech Target. Retrieved from
http://searchcio.techtarget.com/news/4500244197/White-House-hack-By-way-of-Russia-with-help-from-spear-phishing
