How the U.S. thinks Russians hacked the White House
https://kabar22.blogspot.com/2015/04/how-us-thinks-russians-hacked-white.html
WASHINGTON, BLOKBERITA -- Russian hackers behind the damaging cyber intrusion of the State Department
in recent months used that perch to penetrate sensitive parts of the
White House computer system, according to U.S. officials briefed on the
investigation.
While the White
House has said the breach only affected an unclassified system, that
description belies the seriousness of the intrusion. The hackers had
access to sensitive information such as real-time non-public details of
the president's schedule. While such information is not classified, it
is still highly sensitive and prized by foreign intelligence agencies,
U.S. officials say.
The White House in
October said it noticed suspicious activity in the unclassified network
that serves the executive office of the president. The system has been
shut down periodically to allow for security upgrades.
The
FBI, Secret Service and U.S. intelligence agencies are all involved in
investigating the breach, which they consider among the most
sophisticated attacks ever launched against U.S. government systems.
The intrusion was routed through computers around the world, as hackers
often do to hide their tracks, but investigators found tell-tale codes
and other markers that they believe point to hackers working for the
Russian government.
National Security
Council spokesman Mark Stroh didn't confirm the Russian hack, but he did
say that " any such activity is something we take very seriously."
" In
this case, as we made clear at the time, we took immediate measures to
evaluate and mitigate the activity," he said. "As has been our position,
we are not going to comment on [this] article's attribution to specific
actors."
Neither the U.S. State Department nor the Russian Embassy immediately responded to a request for comment.
Ben
Rhodes, President Barack Obama's deputy national security adviser, said
the White House's use of a separate system for classified information
protected sensitive national security-related items from being obtained
by hackers.
" We do not believe that our classified systems were compromised," Rhodes told CNN's Wolf Blitzer on Tuesday.
" We're
constantly updating our security measures on our unclassified system,
but we're frankly told to act as if we need not put information that's
sensitive on that system," he said. "In other words, if you're going to
do something classified, you have to do it on one email system, one
phone system. Frankly, you have to act as if information could be
compromised if it's not on the classified system."
To get to the White House, the hackers first broke into the State Department, investigators believe.
The
State Department computer system has been bedeviled by signs that
despite efforts to lock them out, the Russian hackers have been able to
reenter the system. One official says the Russian hackers have "owned"
the State Department system for months and it is not clear the hackers
have been fully eradicated from the system.
As
in many hacks, investigators believe the White House intrusion began
with a phishing email that was launched using a State Department email
account that the hackers had taken over, according to the U.S.
officials.
Director of National
Intelligence James Clapper, in a speech at an FBI cyberconference in
January, warned government officials and private businesses to teach
employees what "spear phishing" looks like.
" So
many times, the Chinese and others get access to our systems just by
pretending to be someone else and then asking for access, and someone
gives it to them," Clapper said.
The
ferocity of the Russian intrusions in recent months caught U.S.
officials by surprise, leading to a reassessment of the cybersecurity
threat as the U.S. and Russia increasingly confront each other over
issues ranging from the Russian aggression in Ukraine to the U.S.
military operations in Syria.
The
attacks on the State and White House systems is one reason why Clapper
told a Senate hearing in February that the "Russian cyberthreat is more
severe than we have previously assessed."
The revelations about the State Department hacks also come amid controversy over former Secretary of State Hillary Clinton's use of a private email server
to conduct government business during her time in office. Critics say
her private server likely was even less safe than the State system. The
Russian breach is believed to have come after Clinton departed State.
But hackers have long made Clinton and her associates targets.
The
website The Smoking Gun first reported in 2013 that a hacker known as
Guccifer had broken into the AOL email of Sidney Blumenthal, a friend
and advisor to the Clintons, and published emails Blumenthal sent to
Hillary Clinton's private account. The emails included sensitive memos
on foreign policy issues and were the first public revelation of the
existence of Hillary Clinton's private email address now at the center
of controversy: hdr22@clintonemail.com. The address is no longer in use.
Obama: Sanction Againts Hackers
President Barack Obama announced an executive action Wednesday that allows the Treasury Department to impose financially punitive sanctions against cyber hackers who impose a significant threat to national security.
"This
Executive Order authorizes the Secretary of the Treasury, in
consultation with the Attorney General and the Secretary of State, to
impose sanctions on individuals or entities that engage in malicious
cyber-enabled activities that create a significant threat to the
national security, foreign policy, or economic health or financial
stability of the United States," Obama said In a statement announcing
Wednesday's executive order.
The action
comes after November's cyberattack on Sony Pictures that the FBI pinned
on North Korea. At the time Obama said that private companies bowing to
intimidation from cyberhackers would set a problematic precedent and he
questioned Sony's decision to pull its movie "The Interview."
In
January the White House leveled financial sanctions against officials
within the North Korean government as part of what Obama called a
"proportional response" to the Sony hacking.
In
a call with reporters White House Cybersecurity coordinator Michael
Daniel said the process of crafting these sanctions highlighted the need
for more direct authority to target individuals engaged in cyber
attacks.
"This
allows us to have an executive order that focuses directly on the
activities of concern whether they arise in North Korea or another
jurisdiction," Daniel said. "Obviously cyber incidents tend to flow very
easily across international boundaries, so trying to tie that to a
particular location just didn't make sense."
Instead
of seeking individual sanctions programs against specific countries,
this executive action allows the U.S. to target sanctions based on the
specific malicious activity itself and the individuals involved.
Obama
cited recent threats from a variety of sources that have targeted
government infrastructure, private companies and citizens in a statement
Wednesday.
However, Daniel told
reporters that the U.S. has no new sanctions to announce at this time.
The new framework will allow for a robust process in dealing with
emergent threats in the future.
"We
will use this tool in a targeted and coordinated way against the worst
of the worst, the most serious overseas malicious actors," Daniel said.
In a statement Treasury Secretary
Jacob Lew added that the order allows for the department "to expose and
financially isolate those who hide in the shadows of the Internet."
Lew
was also cognizant of privacy concerns that can arise when it comes to
cyber security, saying the Treasury Department will "use this authority
carefully and judiciously against the most serious cyber-threats to
protect our nation's critical infrastructure."
Along
with the ability to use sanctions, Obama said his administration will
also make use of existing authorities including diplomatic engagement,
trade policy tools, and law enforcement mechanisms in countering
threats.
Republicans have been critical
of the President's executive orders and Wednesday's announcement drew a
rebuke from House Speaker Boehner's office.
"These
executive actions can only do so much," Press Secretary Cory Fritz told
CNN. "The president needs to work with Republicans to enact the types
of common-sense measures that passed the House in recent years with
strong, bipartisan majorities but stalled in the Democratic-controlled
Senate."
White House officials told
reporters that the drafting of this order included consultations with
Congress and that the administration welcomes legislation that enhances
cyber security and information sharing.
[ cnn / bbcom / hill ]
