Fox News on October 1, 2012, reported on White House sources partly confirming an alarming report that U.S. government computers — reportedly including systems used by the military for nuclear commands — were breached by Chinese hackers. Excerpts below:

“This was a spear phishing attack against an unclassified network,” a White House official told FoxNews.com. “These types of attacks are not infrequent and we have mitigation measures in place.”

A law enforcement official who works with members of the White House Military Office confirmed the Chinese attack to FoxNews.com, but it remains unclear what information, if any, was taken or left behind.

“This [White House Communications Agency] guy opened an email he wasn’t supposed to open,” the source said.

That email contained a spear phishing attack from a computer server in China, the law enforcement source told FoxNews.com. ..Spear phishing involves the use of messages disguised to appear as valid; in fact, they contain targeted, malicious attempts to access sensitive or confidential information.

By opening the email, which likely contained a link to a malicious site or some form of attachment, the agency member allowed the Chinese hacker to access a system, explained Anup Ghosh, founder and CEO of security company Invincea.

“The attack originated in the form of a spear phish, which involves a spoofed inbound email with either a link to a malicious website or a weaponized document attachment such as a .pdf, Microsoft Excel file or Word document,” he told FoxNews.com.

“One official said the cyberbreach was one of Beijing’s most brazen cyberattacks against the United States,” the report said.

The law enforcement source told FoxNews.com he was notified of the successful phishing incident but did not know what information was actually accessed. A White House official downplayed that report, saying that the system involved was not a sensitive nuclear system, and no evidence indicated that information was actually taken.

The attempted hacking of U.S. military networks used by the White House is a common occurrence, but success is rare.

Due to the volume of these attempts on secure computers, law enforcement, military, and members of other agencies with access to those systems and other White House secure networks have strict rules about email and Internet usage, the law enforcement official explained to FoxNews.com.

Chinese hackers are often cited as the cause of such incidents, Ghosh said.

“Over the past 24 months, China has been aggressively targeting America’s corporations for their intellectual property and our government agencies and departments for critical national security information,” he told FoxNews.com.

“The cybersecurity industry is woefully behind the curve in terms of protecting the network from spear-phishing attacks against employees,” Ghosh said. “Today, training is the primary solution to this problem … and training simply does not work.”

“The White House, every Fortune 1,000 and Global 2,000 organization — medium-sized business, small businesses, consumers — ALL are at risk from spear-phishing attacks.”

Technologies need to be developed to protect against such attacks it was said…

America is on the losing end of an aggressive cyberconflict waged by nation states, organized cybercriminals and hacktivists, he said.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: