Russian hackers that breached a non-classified email system at the State Department, then dallied around in the agency's network for months, used that vantage point to gain entry into some areas of the White House computer system, CNN reported Tuesday.
Just last month State took out parts of its online systems in a “short, planned outage” while it attempted to vanquish the intruders.
The CNN report said Russia was behind the attack and that hackers had been in the White House system for months. The White House noticed suspicious activity in its systems in October. At the time, it was suspected that the two breaches could be related.
But a White House statement downplayed the report, saying it was “not referring to a new incident — it is speculating on the attribution of the activity of concern on the unclassified EOP network that the White House disclosed last year.''
Noting that the administration would not comment on the report's “attribution to specific actors,” the statement said it took the intrusive activity “very seriously” and had taken “immediate measures to evaluate and mitigate the activity” at the time.
The nature of the attacks highlights an issue that many organizations grapple with.
“Once an attacker gets into your systems it can be notoriously difficult to get them out, particularly when your network and internal security controls allow the attacker to move around on your network without being noticed,” Dwayne Melancon, CTO at Tripwire, said in a statement sent to SCMagazine.com. “That appears to be the case here, which could be the result of an outwardly-focused security approach. If you assume the enemy is ‘out there' you stop noticing their activities when they get ‘in here.'”
Melancon said savvy hackers can cover their tracks as well as “mislead you into believing someone else is behind the attacks,” adding that he hopes “the White House has strong evidence to claim Russian responsibility.”
But John Gunn, vice president at VASCO Data Security, in a statement sent to SCMagazine.com wasn't surprised “that Russia has been identified as being the perpetrator,” noting “the superpowers are going at each other all of the time - the surprising part is that that they got caught this time.”
Indeed, tensions have risen between the U.S. and Russia recently as the two country clash on the international stage.
Tim Erlin, security and IT risk strategist at Tripwire, in a statement sent to SCMagazine.com, noted that “we live in a world where commerce is interconnected globally, and the increasing visibility of cyber-attacks, along with nation-state attribution, will have a negative effect on business.”
He said that “if the U.S., Russia and China are facing off in cyberspace, it will be increasingly difficult for organizations to negotiate the political situation to get business done.”
Erlin posited that “the recent Executive Order was, in part, born from events like the White House and State Department compromises” but it was “unclear whether the news that these attacks have been attributed to Russia will result in an specific action as outlined in that Executive Order.”
The security pros questioned the government's security posture. Many organizations, said Melancon, “lack a baseline understanding of what is ‘normal' on their internal network and systems, making it difficult to tell which systems you can trust, which systems you can't and - more importantly - how to stop the attack and prevent future compromises.”
And, in a statement sent to SCMagazine.com, Richard Blech, CEO of Secure Channels chided Director of National Intelligence James Clapper for advising government and the private businesses to teach employees how to identify spear phishing. “Hackers are always going to get in, the data has to be encrypted when it is stolen, when removed the data will be useless,” said Blech. “Or we can continue to treat real cybersecurity as an afterthought. The choice is ours….”