Hackers were able to access confidential emails of US president Barack Obama when they breached White House computer networks in late 2014, according to officials.
On 28 October 2014, the White House announced it had detected suspicious activity on computer networks, but said only the unclassified Executive Office of the President network was affected.
But a report in the New York Times quotes unnamed US officials as saying some of Obama’s archived email correspondence was accessed and that the breach was “far more intrusive and worrisome than has been publicly acknowledged”.
They said there was no evidence, however, that the Joint Worldwide Intelligence Communication System (Jwics) used for the most classified material had been compromised in the attack.
While White House officials have emphasised that only the unclassified network was affected, some have also conceded that the network is used to exchange sensitive information about White House activities.
In April 2015, CNN quoted an unnamed US official as saying the hackers had been able to access unclassified but prized sensitive information, such as real-time non-public details of the president’s schedule, and, according to the New York Times, the unclassified system also routinely contains email exchanges with ambassadors and diplomats, discussions of pending legislation and debate about policy.
Although the White House denied the CNN report that Russian hackers were behind the breach, the New York Times report quotes a US official as saying that the “Russian angle” is “particularly worrisome”.
The report comes just days after US secretary of defence Ashton Carter revealed that Russian hackers had attacked the Pentagon’s unclassified systems.
Defense Department officials declined to say if the attacks on the Pentagon appeared to be related to the White House attack.
Security commentators said the White House breach highlights the need for those responsible for information security to adopt a more proactive approach.
Dwayne Melancon, chief technology officer at security firm Tripwire, noted that once an attacker gets into an organisation’s IT systems, it can be notoriously difficult to get them out.
“This is particularly true when your network and internal security controls allow the attacker to move around on your network without being noticed,” he said.
According to Melancon, it is important for organisations to have a baseline understanding of what is normal on their internal network and systems.
“Without that understanding, it is difficult to tell which systems you can trust, which systems you can’t and, more importantly, how to stop the attack and prevent future compromises,” he said.
Secure Channels chief executive Richard Blech said strong encryption would have prevented the breach from even being a news story.
“Hackers are always going to get in. The data has to be encrypted when it is stolen, so when removed the data will be useless. Or we can continue to treat real cyber security as an afterthought. The choice is ours – I will go with the encryption,” he said.
Although there has been no indication that the US is considering sanctions against Russia in retaliation for the breach, Tripwire security and risk strategist Tim Erlin speculated that it may have been one of the motivating factors behind US president Barack Obama’s recent executive order setting up a framework for imposing sanctions on foreign hackers.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK