Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Breach White House Network

Posted by Soulskill on from the dozens-of-solitaire-games-compromised dept.

wiredmikey writes: The White House's unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the "Sandworm Team" and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems.

60 of 98 comments (clear)

  1. The unclassified network? by StevenMaurer · · Score: 5, Funny

    This XKCD comic comes to mind...

    1. Re:The unclassified network? by i+kan+reed · · Score: 1

      Well, naturally, but when industry standards have cheap ways to put your "posters" in "locked bulletproof glass cases", it's still kind of troubling.

    2. Re:The unclassified network? by Vellmont · · Score: 1

      I'd say breaking into the whitehouse network is a bit more worrisome than breaking into the whitehouse website. The website is indeed a poster. The network (even unclassified) is still terribly worrisome. You think all secrets we don't want other governments to know are classified?

      --
      AccountKiller
    3. Re:The unclassified network? by CaptainDork · · Score: 1

      There's no classified information on the "Welcome to The White House" site.

      Visiting hours are in the public domain.

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:The unclassified network? by NatasRevol · · Score: 2

      No, what you should be worried about is that the classified is the same set of systems as the unclassified, just with a layer of security. And it's the same everywhere, including the national nuclear labs.

      Find a way around the security (like $10M in someone's swiss acct), and these same measures will work on the classified side.

      --
      There are two types of people in the world: Those who crave closure
    5. Re:The unclassified network? by MachineShedFred · · Score: 1

      It's still an insecure-by-design network. This is like hacking past a NAT router on $famousPerson's house.

      No one, including the White House, gives a shit.

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
    6. Re:The unclassified network? by NatasRevol · · Score: 1

      That's the way it is now. I've talked to people at Los Alamos, Army, and fed govt.

      --
      There are two types of people in the world: Those who crave closure
    7. Re:The unclassified network? by lgw · · Score: 2

      "Classified" is too nebulous for useful discussion - what is the data classified as? Anything classified Secret or above is on an entirely different network - another of Bush's "internets". Confidential information, the same sort of thing any company keeps confidential, is on normal networks, just with a layer of security, just like anywhere else. The military also has a separate network for operational security.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    8. Re:The unclassified network? by harrkev · · Score: 2

      Worrisome? Stop with the fear talk...

      If somebody of a different nationality can make is past the border of the White House security, he deserves a path to have a legal account there. He needs the opportunity to prove that he can become a productive member of the White House network.

      --
      "-1 Troll" is the apparently the same as "-1 I disagree with you."
    9. Re:The unclassified network? by f3rret · · Score: 1

      I'd say breaking into the whitehouse network is a bit more worrisome than breaking into the whitehouse website. The website is indeed a poster. The network (even unclassified) is still terribly worrisome. You think all secrets we don't want other governments to know are classified?

      Strictly speaking 'unclassified' is still a classification, meaning that information on an unclassified network is still classified data.

      INFOSEC is weird like that.

      --
      Admit nothing. Deny Everything. Make Counter-accusations.
  2. Re:Thanks Obama! by Bonzoli · · Score: 3, Funny

    Weaponized powerpoint. Someone should copyright that.

  3. Russians as bogeymen? by gstoddart · · Score: 5, Interesting

    Yup, every time someone does this .. it's the Russians or the Chinese.

    I think Western spy agencies have jumped the shark so much in terms of what they do, that you could plausibly say it's really them doing all of this and doing it as a false-flag operation.

    I mean, come on, these clowns have been proven to be spying on the people who are meant to oversee them. They don't give a shit about the law, just their own powers.

    You can't come up with a conspiracy theory which is paranoid enough these days -- because long-thinkers with massive resources really are doing all of this shit these days.

    Hell, breaking into the Whitehouse systems lets you say you need more money for spying to prevent this kind of shit. And then you get the keys to the kingdom.

    --
    Lost at C:>. Found at C.
    1. Re:Russians as bogeymen? by MitchDev · · Score: 1

      America does this to their own citizens AND to foreigners in their own homelands, why shouldn't we expect them to do it right back to the US?

    2. Re:Russians as bogeymen? by gstoddart · · Score: 1

      I'm not sure how you couldn't expect it.

      If you've decided it's legal for you to do it, you're kind of fair game, are you not?

      Unless, of course, someone has the delusion that they're special because they say so. In which case you'll just act like a petulant child and throw a tantrum.

      --
      Lost at C:>. Found at C.
    3. Re:Russians as bogeymen? by CaptainDork · · Score: 1

      Also, government IT forensics people aren't sharp enough to tell where the shit is coming from. The easiest way for IT to bullshit the boss is to fake it and blame Russia or China.

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:Russians as bogeymen? by Charliemopps · · Score: 1

      The NSA does not need money.
      Federal money comes with oversight.
      Like so: http://www.nationaljournal.com...

      They patent the tools they've designed, and then resell them to businesses. Claiming the profits for themselves to fund their activities outside of federal oversight:
      http://www.dailydot.com/politi...

      What they can do is basically limitless. They believe they can lie to congress, the whitehouse and the courts and likely don't even need federal funding at this point. I suspect their primary target is the whitehouse as the president is the only person that could really do anything about them at all.

    5. Re:Russians as bogeymen? by Vokkyt · · Score: 2

      The evidence from the actual report that it's of Russian origins is a little specious for my taste, though part of the reasoning isn't exactly unfounded.

      Their evidence that it's of Russian origin is that a large number of the malware samples (APT28 as categorized by FireEye) included Russian Language settings along with English and "neutral" (which defaults to the environment defaults). That certainly is an eye-brow raiser in my mind, but I wouldn't say we got anyone with their hand in the cookie jar.

      The other reasoning is just specious and/or speculation. The compile times for the malware seem to correspond to the Timezone for Moscow/St. Petersburg working days, which just seems like an odd assessment to make. Even if the government were to be paying hackers in Russia to make and operate malware, are these hackers actually punching in and out for 8 hour work days? Not to suggest that this isn't exactly what is happening, but it just seems like coincidence is an equally plausible scenario with this.

      The other evidence is FireEye's own speculation on the targets could apply to other actors as well.

      Their analysis of the malware otherwise is pretty good, but I think there just isn't enough to really peg it down. There are plausible explanations for the evidence that FireEye brings up which is no more of a stretch than it being of Russian origin.The language setting is good evidence, but there are some fairly valid reasons why that might be the case.

    6. Re:Russians as bogeymen? by sumdumass · · Score: 1

      Damn straight. But being that it is the USA and the government, the security should have been guarded by Jack Bower and this never should have happened.

  4. Stop using Microsoft products? by Anonymous Coward · · Score: 2, Interesting

    If the news was "bad guys leveraged a vulnerability in the White House's cardboard gate to break through", would people acknowledge the breach without questioning the cardboard gate?

    1. Re:Stop using Microsoft products? by Minwee · · Score: 3, Interesting

      If the news was "bad guys leveraged a vulnerability in the White House's cardboard gate to break through", would people acknowledge the breach without questioning the cardboard gate?

      Or would the media refuse to report on the Gate? It's about ethics, I tell ya'.

    2. Re:Stop using Microsoft products? by sootman · · Score: 1

      Regardless of the result, the ensuing brouhaha would be called "Gategate".

      --
      Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
    3. Re:Stop using Microsoft products? by sumdumass · · Score: 1

      Outside of locking down the internet to protect the citizens, the only other real recourse would be to counter attack China or Russia or whomever they decided to blame. Red lines fade away but I doubt this administration wants to escalate anything or make a scene large enough that others will demand it escalate the situation.

      The only reasons it would be different if the Koch brothers did it would be in your mind or because it could be used politically to their benefit with no chance of escalation turning into war.

  5. Re:If Its Online by bioteq · · Score: 1

    Iran's SCADA system was attacked and it had a huge air gap.

    Basically, the -ONLY- way to keep a computer safe is to...not have a computer. If someone wants in a system bad enough, there is always an attack vector. Be it online or via the best malware carrier of all time -- humans.

    I am willing to bet some joe-blow intern infected the network with someone doing some amazingly easy social engineering to him/her.

    TL;DR - Internet or not; if someone wants in, they'll get in if two situations are met: 1) The computer is on, 2) People are allowed around the computer.

  6. There's no such thing as an unclassified White Hou by ssw · · Score: 1

    Like saying an intruder braking in did gain access to anything sensitive. its the freaking White House.

  7. Failed objective by 228e2 · · Score: 4, Funny

    They were looking to get into whitehouse.com, not whitehouse.gov
    ;-)

    --
    Since when does being a Socialist mean 'someone who has a different opinion than me'?
    1. Re:Failed objective by bioteq · · Score: 5, Funny

      I remember back in high-school (long, long ago,) one of my teachers was attempting to show off the school's new-fangled-lightning-fast T1 line. So he brought up whitehouse.com, not realizing that he had made a horrid mistake.

      Unfortunately, that was the first exposure to porn some of my classmates had encountered. It was a sad day for them, realizing there is porn on the internet.

      Ironically, I missed school for the next four days.

    2. Re:Failed objective by DoofusOfDeath · · Score: 1

      Unfortunately, that was the first exposure to porn some of my classmates had encountered. It was a sad day for them, realizing there is porn on the internet.

      Sadder than seeing online porn, and then realizing that your home computer only does 28.8 kbps?

    3. Re:Failed objective by Jason+Levine · · Score: 2

      I made a similar mistake once trying to load Barnes And Noble's website where I typed in barnesNnoble.com. The woman in the photo definitely WASN'T reading a book! This wasn't at a presentation, luckily, but unfortunately I was new at my job and obviously didn't want my boss to walk in and see this on my screen. Also, unfortunately, these were the days before pop-up blockers so every window I closed opened another window with another woman-not-reading. Finally, I managed to close one of the windows before it got the JavaScript onunload code processed.

      (BTW, you can't replicate this now as, some years back, Barnes and Noble got a hold of the BarnesnNoble.com domain name.)

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    4. Re:Failed objective by Tablizer · · Score: 1

      The teacher had to sell it to the principle that it was merely an "instant human biology lesson".

      --
      Table-ized A.I.
    5. Re:Failed objective by qpqp · · Score: 1

      back in high-school (long, long ago,) [...] show off the school's new-fangled-lightning-fast T1

      Uhm, how to put this...
      That's not long ago you insensitive clod. Now get off my lawn!

  8. Re:Hire better IT security staff by CaptainDork · · Score: 1

    Mod +1

    The IT team is not doing its job, or IT is begging for changes and no one's listening.

    --
    It little behooves the best of us to comment on the rest of us.
  9. Re:There's no such thing as an unclassified White by CaptainDork · · Score: 1

    Nah ...

    It's like saying someone broke in to Capital One's Internet-facing web page but didn't touch the secret guy stuff.

    --
    It little behooves the best of us to comment on the rest of us.
  10. Re:Thanks Obama! by NatasRevol · · Score: 1

    The Sandworm Team already did.

    --
    There are two types of people in the world: Those who crave closure
  11. Re:Thanks Obama! by CaptainDork · · Score: 3, Funny

    © Sarah Palin

    FTFY

    --
    It little behooves the best of us to comment on the rest of us.
  12. Weaponized PowerPoint by Jason+Levine · · Score: 2

    Weaponized PowerPoint?

    "The slide came in so fast that half the people in the room were laying on the floor bleeding before we could react. And then the embedded video started.... Oh, god!!! The video!!!!!" *collapses sobbing*

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    1. Re:Weaponized PowerPoint by peragrin · · Score: 1

      If you look there is a video of the goats ex guy singing Rick Astley song "Never Gonna Give You Up". Out of his arse.

      I refuse to link to it for obvious reasons.

      --
      i thought once I was found, but it was only a dream.
  13. Re:Thanks Obama! by TheTerseOne · · Score: 3, Funny

    Weaponized PowerPoint is redundant. Powerpoint has been a weapon against clear thinking, preparing for a meeting, and keeping people interested in what you're saying for a long time.

    And, of course, PowerPoint has already caused the space shuttle to crash. http://www.washingtonpost.com/...

    --
    "Newspapers: A tiny little part of the internet, printed out yesterday, and delivered to your house"
  14. Long over due. by fahrbot-bot · · Score: 1

    ...has been using weaponized PowerPoint files in its recent attacks.

    For PowerPoint to be classified as a WMD.

    --
    It must have been something you assimilated. . . .
    1. Re:Long over due. by Tablizer · · Score: 1

      Time to invade Microsoft!

      --
      Table-ized A.I.
  15. Re:Thanks Obama! by Thud457 · · Score: 2

    The Powerpoint Ranger creed

    Discussion of the US Military's love of PPT on Edward Tuft's site. "Mustaches for everyone!" -- actual quote

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  16. Obama's Propaganda? by Anonymous Coward · · Score: 1

    This is starting to feel like a new era of McCarthyism. All this fear mongering about Russian hackers and no one provided any evidence of their involvement?

    Obama needs get over the fact that Russia isn't going to hand him over Snowden and stop his petty propaganda already.

  17. Success! by NetNed · · Score: 3, Interesting

    Step one: get person to "hack" the white house network
    Step two: Claim "It's Russia!"
    Step Three: Stir up media reports about "How safe is the internet really" and "Do we need the government to police the internet?"
    Step four: Put in place controls that cripple the internet, spies on all Americans, and causes more laws to be written that stomp of the rights of Americans.


    Yeah they can track down who is illegally downloading the latest Bastille album but they have these loose "links" to Russia that they claim if "fact!" it is them.


    Couldn't be THIS could it?????

  18. I have to think of everything. by CaptainDork · · Score: 1

    "It’s important to note the variable %CIMPATH% is used for the drop location of default.txt," the researchers noted. "This is a standard variable that Cimplicity uses for its installs,

    Crap. Mix up all that default shit every now and then.

    Every fucking computer on the planet has stuff located in predictable areas.

    The least we could do is make it a little harder. Let's randomize and encrypt the defaults.

    Sure, it's more difficult to deal with, but that's the fucking problem: No one wants shit to be hard and stuff.

    --
    It little behooves the best of us to comment on the rest of us.
  19. Re:Thanks Balmer! by pla · · Score: 3, Insightful

    Powerpoint has been a weapon against clear thinking, preparing for a meeting, and keeping people interested in what you're saying for a long time.

    No one has ever cared about what the presenter had to say at meetings.

    It just took more effort before Powerpoint - Both by the presenter, who had to actually prepare instead of cutting and pasting Wikipedia into a slideshow; and by the audience, who had to actually look at the presenter (thereby risking eye-contact) rather than glazing over while staring blankly at a projector screen.

    Really, we should thank Microsoft for Powerpoint. Instead of meetings dragging on and on and on as the presenter rambles and people ask stupid questions in a futile effort to remain awake, now the meeting only lasts as long as the slideshow, no one asks any stupid questions, and everyone can go back to doing actual work that much sooner.

  20. Re:N-o E-v-i-d-e-n-c-e ( Score: +5, Crapola ) by CaptainDork · · Score: 1

    Citation needed.

    --
    It little behooves the best of us to comment on the rest of us.
  21. This reminds me by kurkosdr · · Score: 1

    Anyone else thought of the "Software is sh!t" scene from IronMan 2 (it's said by a Russian-speaking character).

  22. Toldja! by Tablizer · · Score: 1

    has been using weaponized PowerPoint files

    I've been telling the suits that PowerPoint will put an eye out, and now I have proof

    --
    Table-ized A.I.
  23. Re:If Its Online by pla · · Score: 2

    I am willing to bet some joe-blow intern infected the network with someone doing some amazingly easy social engineering to him/her.

    Who needs social engineering? Just drop an infected flash drive somewhere near the front door, and sooner or later (usually sooner) someone will pick it up and plug it in.

    "Nuh-uh", you say? "They certainly have stupid things like autoruns turned off on the Whitehouse network!"

    "Hmm, what do we have on here... Random spreadsheet crap, OSHA regulations Powerpoint crap, launch code crap, more random crap, okay some mostly-geezer music I'll check out later, RNC 2016 strategy crap, even more random crap... Hmm, Fappening.Jennifer.Lawrence.Complete.zip.exe? Oooh, awesome, I never did get that on last leaked pic of her!" *click*

  24. Re:Thanks Obama! by umghhh · · Score: 1

    if TEH bomb is big enough, then it does not matter whether the order is in an understandable form or not.

  25. Way ahead of his time. by Minwee · · Score: 5, Funny

    If only they had listened to Scott McNealy back in 1997...

    We had 12.9 gigabytes of PowerPoint slides on our network. And I thought, "What a huge waste of corporate productivity." So we banned it. And we've had three unbelievable record-breaking fiscal quarters since we banned PowerPoint. Now, I would argue that every company in the world, if it would just ban PowerPoint, would see their earnings skyrocket. Employees would stand around going, "What do I do? Guess I've got to go to work."

    1. Re:Way ahead of his time. by jfengel · · Score: 1

      What a difference 17 years make. Now there are a great many individual 12.9 gigabyte PowerPoint slide decks running around.

  26. I am outraged by Dishwasha · · Score: 1

    Why didn't the Secret Service tackle the hackers BEFORE they even GOT NEAR the White House network?

  27. Re:Russian education puts heavy emphasis on MATH by qpqp · · Score: 1

    Math > programming

  28. I have to think of everything. by Anonymous Coward · · Score: 1

    Boy, you are on the wrong website. Folks here are quite capable of programming automatic indexers which run over the entire harddisk and look at every single file. Like, say, Google Desktop Search.

    Then the Controlling Meatsacks will download the compressed index and have a look at the index. Based on that, the "interesting" files will be downloaded. Certain subjects will be prioritized in case the firewall folks detect the exfiltration at some point and lock things down. As they did.

    All of this activity can be nicely concealed by means of simple strategies like "dont read more than 10 files per minute" or "run indexer only when user has not pressed keys for some time".

    All of this is much easier than finding the exploit opportunity and developing the exploit.

  29. Re:Thanks Obama! by cavreader · · Score: 1

    They just got the passwords from Snowden.

  30. meetings? by mu51c10rd · · Score: 1

    Weaponized Powerpoint files? Sounds like the average management meeting around here...

  31. Re:N-o E-v-i-d-e-n-c-e ( Score: +5, Crapola ) by alvinrod · · Score: 1

    Further, why is this post a response to one of your posts when it is clearly aimed at someone else?

    I get that /. has the occasional rant or angry screed or just some crappy copy-paste mad lib crap, but this isn't even in the correct location.

    Even the shit-posting around here is getting pretty substandard.

  32. Stadtdaten macht Frei by radarskiy · · Score: 1

    If you can maintain access for a year and a day, you get to be vice-president.

    1. Re:Stadtdaten macht Frei by harrkev · · Score: 1

      That would be an improvement over the current one.

      --
      "-1 Troll" is the apparently the same as "-1 I disagree with you."
  33. Slashdot, what has become of you? by Plugh · · Score: 1

    There was a time when I could expect to come to Slashdot and see either a description of the actual details of the attack mechanism, or at least a *really* insightful, plausible set of theories. Now... not so much

    --
    Part of the Second American Revolution!