There are two versions of this story: official and unofficial. The unofficial version, quoting unnamed officials, was broken by FreeBeacon on Sunday: “Hackers linked to China’s government broke into one of the U.S. government’s most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.”
The official version comes from White House spokesman Jay Carney speaking to reporters on Monday. According to this version the attack was recognized, mitigated and stopped. There is no indication that any data was exfiltrated, and the White House would not say whether the attack was linked to China. "There are distinctions between those networks that contain classified information and those that don't, and the attack was against an unclassified network”, Carney said.
Somewhere between these two versions lies the truth: somewhere between the White House being targeted by spear-phishing and China has stolen America’s nuclear secrets. One thing is clear – the White House is a constant target for criminals, nation states and hacktivists (as is every other military command in the world); and spear-phishing is the most promising form of entry. Note, for example, that Iran’s Brigadier General Fadavi said at the launch of the Islamic Revolution Guards Corps’ new information technology systems this weekend, “Today our cyber forces have easily found access to the enemy’s most secret information, and cyber war has effectively raised its capability.” (Mehr News Agency)
The question is not whether the White House was attacked, but what defenses does it have to prevent and forestall such attacks. “We would like to think the White House Military Office has the most up-to-date hardware and anti-virus software available to protect the nation’s most critical information,” comments Aaron Higbee, CTO and co-founder of anti-phishing specialists PhishMe. The problem is that phishing specifically uses finely targeted social engineering to trick its victims into by-passing security systems. “We have seen time and time again,” he continued, “these attacks use the social engineering tactics of fear, curiosity, and urgency to lure users to open attachments, click URLs or provide sensitive data to criminals – truly, they are geared to help criminals establish an undetected presence within the White House network.”
So, was the White House attacked? Of course it was. By China? Yes, along with myriad other nation-states, criminals and hacktivists. Was it breached? Quite possibly. How deeply was it breached? We’ll probably never know.