Since the cyber intrusion into the White House was first discovered in October, the US government has said that ongoing cyber breaches into the president’s executive office network – suspected to come via the US State Department’s system – have only affected an unclassified system.
But it turns out that that’s been enough for the attackers to intercept sensitive information including the president’s whereabouts, in real-time, throughout the day – information that’s not public.
Officials told CNN that in spite of the information being unclassified, it’s still highly sensitive data that’s prized by foreign intelligence agencies.
The intrusion was first discovered in October, when suspicious activity was detected in the unclassified network that serves the executive office of the president.
Staffers were forced to deal with temporarily disrupted services, having to change passwords, and periodic ongoing shutdowns to allow for security upgrades.
Fingers have pointed at Russia from the get-go, given circumstantial evidence such as reports of cyber-espionage campaigns launched by Russian operatives thought to be working for the government.
One such was Sandworm: a zero-day exploit that was transmitted via Powerpoint files and that took advantage of a previously unpatched Windows vulnerability.
Sources told the Washington Post back in October that the nature of the target – i.e., a government network – is consistent with a state-sponsored campaign.
Investigators – including agents from the FBI, Secret Service and other intelligence agencies – reportedly consider the attack to be among the most sophisticated ever to be launched against US government systems.
As is common, the attack has been routed through computers around the world, making it difficult to pinpoint its origin.
National Security Council spokesman Mark Stroh did say that the government takes this – or any incident like it – “very seriously” but wouldn’t confirm or deny that the government thinks that Russia’s behind it.
CNN quotes him:
In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity. As has been our position, we are not going to comment on [the CNN article's attribution] to specific actors.
Written by: Lisa Vaas
Source:
nakedsecurity.com
nakedsecurity.com
No comments:
Post a Comment