Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.
While the White
House has said the breach only affected an unclassified system, that
description belies the seriousness of the intrusion. The hackers had
access to sensitive information such as real-time non-public details of
the president's schedule. While such information is not classified, it
is still highly sensitive and prized by foreign intelligence agencies,
U.S. officials say.
The White House in
October said it noticed suspicious activity in the unclassified network
that serves the executive office of the president. The system has been
shut down periodically to allow for security upgrades.
The
FBI, Secret Service and U.S. intelligence agencies are all involved in
investigating the breach, which they consider among the most
sophisticated attacks ever launched against U.S. government systems.
The intrusion was routed through computers around the world, as hackers
often do to hide their tracks, but investigators found tell-tale codes
and other markers that they believe point to hackers working for the
Russian government.
National Security
Council spokesman Mark Stroh didn't confirm the Russian hack, but he did
say that "any such activity is something we take very seriously."
"In
this case, as we made clear at the time, we took immediate measures to
evaluate and mitigate the activity," he said. "As has been our position,
we are not going to comment on [this] article's attribution to specific
actors."
Neither the U.S. State Department nor the Russian Embassy immediately responded to a request for comment.
Ben
Rhodes, President Barack Obama's deputy national security adviser, said
the White House's use of a separate system for classified information
protected sensitive national security-related items from being obtained
by hackers.
"We do not believe that our classified systems were compromised," Rhodes told CNN's Wolf Blitzer on Tuesday.
"We're
constantly updating our security measures on our unclassified system,
but we're frankly told to act as if we need not put information that's
sensitive on that system," he said. "In other words, if you're going to
do something classified, you have to do it on one email system, one
phone system. Frankly, you have to act as if information could be
compromised if it's not on the classified system."
To get to the White House, the hackers first broke into the State Department, investigators believe.
The
State Department computer system has been bedeviled by signs that
despite efforts to lock them out, the Russian hackers have been able to
reenter the system. One official says the Russian hackers have "owned"
the State Department system for months and it is not clear the hackers
have been fully eradicated from the system.
As in many hacks, investigators believe
the White House intrusion began with a phishing email that was launched
using a State Department email account that the hackers had taken over,
according to the U.S. officials.
Director
of National Intelligence James Clapper, in a speech at an FBI
cyberconference in January, warned government officials and private
businesses to teach employees what "spear phishing" looks like.
"So
many times, the Chinese and others get access to our systems just by
pretending to be someone else and then asking for access, and someone
gives it to them," Clapper said.
The
ferocity of the Russian intrusions in recent months caught U.S.
officials by surprise, leading to a reassessment of the cybersecurity
threat as the U.S. and Russia increasingly confront each other over
issues ranging from the Russian aggression in Ukraine to the U.S.
military operations in Syria.
The
attacks on the State and White House systems is one reason why Clapper
told a Senate hearing in February that the "Russian cyberthreat is more
severe than we have previously assessed."
The revelations about the State Department hacks also come amid controversy over former Secretary of State Hillary Clinton's use of a private email server
to conduct government business during her time in office. Critics say
her private server likely was even less safe than the State system. The
Russian breach is believed to have come after Clinton departed State.
But hackers have long made Clinton and her associates targets.
The
website The Smoking Gun first reported in 2013 that a hacker known as
Guccifer had broken into the AOL email of Sidney Blumenthal, a friend
and advisor to the Clintons, and published emails Blumenthal sent to
Hillary Clinton's private account. The emails included sensitive memos
on foreign policy issues and were the first public revelation of the
existence of Hillary Clinton's private email address now at the center
of controversy: hdr22@clintonemail.com. The address is no longer in use.
No comments:
Post a Comment