White House: Russian Hackers May Still Be on the Network

More details have emerged about the cyber-attack on White House networks that occurred last year: Russian hackers likely made use of a corresponding breach at the State Department. The news puts the vulnerability of sophisticated network security platforms to human error into the spotlight—again.

While the powers that be are still determining exactly what data was compromised and how, initial reports say that the initial infection point came from a phishing email related to the State Department incident, which captured privileged credentials.

“When you see a security sensitive organization like the White House being hacked, you can either take it as a sign that there’s no hope to protect yourself in today’s world, or that everyone is having the same challenges and you simply need to focus on the details,” said Jonathan Sander, strategy and research officer with STEALTHbits, via email. “Apparently, a user was tricked into granting access to White House systems, and good money says that trick came in the form of spear-phishing emails or similar electronic confidence scams.”

The White House, which confirmed the breach of its non-classified networks back in October, also said that it believes that the Russian attackers may still be on the network. As such, Udi Mokady, CEO of CyberArk, said that he believes that the hack was more than a breach – rather, it’s a demonstration of how hackers are able to hijack and gain absolute control.

“This is very similar to the attack on Sony (and many others),” he said. “Attackers target, steal and exploit administrative of privileged credentials – these are the keys to controlling a company’s IT infrastructure. By stealing these keys – attackers are able to completely hijack a network and basically do whatever they want – often without detection. As the White House is finding out – this often means that removing them from the network requires a complete or partial re-build of their infrastructure (like Sony).”

Human error—like falling for phishing scams—is behind most breaches, according to a recent survey from CompTIA.

In any event, the compromise once again points out the ubiquity of the cyber-threat: Every organization is struggling with arming users with the latest tools to communicate and collaborate on the internet while simultaneously providing safety for users and sensitive information. For instance, Google this week also said that it failed to renew a certificate and potentially compromised their own Gmail platform’s security.

“What this tells us is that regardless of having the most sensitive information in the world like the White House or the best technology resources in the world like Google, good security is always about attention to every little detail,” Sander said.

What’s Hot on Infosecurity Magazine?