White House breached: Russian hackers access Obama’s emails

The hackers that attacked the White House late last year read US President Barack Obama's confidential emails, a report from Kaspersky says.

If president Obama had done like Hillary Clinton, and used a public email service, this would have never happened to him, but hey, who could have known, right?

On 22 April, security company Kaspersky Lab revealed details of the group behind the attack - a group of hackers known as CozyDuke - revealing the social engineering methods used to breach the White House systems.

They didn’t specifically say Russia was behind the attack, but the media say there’s a lot of corroborating evidence which strongly suggested that the Russian government was involved in the attack.

The initial reports said the hackers got only unclassified content, but as it turns out, the breach was "far more intrusive and worrisome than has been publicly acknowledged".

The hackers didn’t get emails President Obama sends from his BlackBerry, but they did access accounts which contained email correspondence of people with whom Obama communicated regularly.

"From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation," the New York Times report says.

It’s not so much that the email was a target of cyberattacks, as much as it was Russia behind it, that’s worrisome, a senior White House official says.

The US has no problem in publicly saying who’s behind a certain attack, if they find any evidence. When Sony Pictures Entertainment got hacked, the US laid the blame on North Korea, saying the hackers had the government’s support.

Industry analysis

Itsik Mantin, security researcher at Imperva commented: “If we look at security incidents over the past few years we can see that while many of them rely on vulnerable systems (e.g. breaking into an application using SQL injection) an equal (at least) proportion rely on the simple fact that end stations are operated by human beings.

“In that sense, people who work for the White House are no different than any others. They receive and open emails from people they don’t know (which is probably part of their job), they visit web sites who might be infected with drive-by-downloads and they may even download productivity software that may not have been approved by their IT systems.

“Furthermore, this is true not only from a victim perspective, but also from the attacker perspective, where insiders like Snowden abuse access privileges for various reasons, ideological or material.

“While there is no indication that this was indeed the source of the breach, this threat is always there, and its realisation depends on motivation and opportunity. There is no good reason to believe that White House network is immune to the threat of user misbehaviour, regardless of whether it is intent or negligence.

“It is yet again a lesson for all of us that while attempting to avoid infection and penetration we must also have our plans in place to detect and contain an infection or a breach once it happens.”

Mark James, ESET security specialist, also offered his thoughts: “The systems of the White House are under attack almost constantly on a daily basis and I am sure that most of these are unsuccessful seeing as only a few of the more sophisticated attacks are anywhere close to succeeding and even less of those actually harvest data that could be used.

"This particular one gained access to unclassified emails but even the White House has stated that it may contain some information that could be useful as even the president will find it almost impossible to be 100 per cent successful in not sending any information that could be deemed useful to someone.

"They have already stated that their secure systems were unaffected but any information from the president should be treated with the utmost of security.

“It would make sense for this to be played down and no surprise that some of the information is released later after any particular sensitive information is useless or out of date.

"Ensuring all of the presidents’ communications are secure should be of high priority and taking extra care that internal “unclassified” info is also treated with extra security seems to make perfect sense with the president of the USA being such a large cyber target from many cybercriminal individuals as well as organised parties or nation states.”

Martin Sugden, MD of Boldon James, said: “The recent news that Russian hackers had accessed the White House IT network and President Obama’s unclassified emails highlights that if you don’t classify emails and have the correct tools in place to protect information, such breaches can and do occur.

"Users operate at different levels, either on restricted and unrestricted platforms; without classification labels, they can be confused as to how they should be handling such data.

"In the UK, under the Government Security Classification (GSC) scheme, all government and public sector organisations must classify all of their information assets. It is their duty to put strategies, policies and technology safeguards in place to minimise the risk of a data breach.

"Properly applied, data classification and data loss prevention tools can prevent malicious misuse of data. We hope to see more organisations take note and follow suit, as without data classification organisations are flying blind when they allow employees to create and move data, as they can lose insight into the value of the data they hold.”