White House Confirms Spear Phishing Attack

Anthony Freed
By | October 02, 2012

Posted in: Network Security Trends

White House officials have confirmed reports that U.S. government systems were targeted last month in a spear phishing attack allegedly originating from servers located in China.

While details of the attack have not been released, it appears that unclassified systems operated by the White House Military Office were exposed by way of a spoofed email which may have contained a malicious URL or a tainted document.

“[The attack] was what’s known as a spear-phishing attack against an unclassified network.  Let’s be clear -- this is an unclassified network.  These types of attacks are not infrequent, and we have mitigation measures in place,” White House Press Secretary Jay Carney said in a press conference.

Spear phishing is a common form of social engineering which capitalizes on a victims inherent inclination to trust inbound communications assumed to be from valid sources, resulting in the circumvention of network security defenses, unauthorized system access, and data loss.

The attack was originally reported by The Washington Free Beacon, which alleged that Chinese-based hackers had breached sensitive government networks, though officials stated that no critical systems were actually compromised in the attack.

“In this instance, the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place.  Moreover, there was never any impact or attempted breach of any classified system,”Carney said.

Spear phishing campaigns emanating from China and other nations which target U.S. government officials are quite frequent, and staff members are instructed to be wary of unsolicited communications.

The event is the latest in what is assumed to be a concerted effort by the Chinese to infiltrate both government and private networks in an effort to gain access to highly sensitive military and corporate data.

In May, the Department of Defense released a report titled Military and Security Developments Involving the People’s Republic of China 2012, which examined the increase cyber espionage activities. The report was produced in accordance with provisions outlined in the National Defense Authorization Act.

"In 2011, computer networks and systems around the world continued to be targets of intrusions and data theft, many of which originated within China. Although some of the targeted systems were U.S. government-owned, others were commercial networks owned by private companies whose stolen data represents valuable intellectual property," the report noted.

Attribution remains a significant challenge in the forensic examination of cyber attacks, and even the presence of IP addresses of a known origin offers little in the way of confirmation of an attacker's identity or location.

A report produced earlier this year by defense contractor Northrop Grumman, titled Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage, suggested that successful attribution for an attack depends on understanding the specific networks and data which are being targeted. Such analysis, though not conclusive, can point investigations in the right direction.

"Activities attributed to state sponsored operators often appear to target data that is not easily monetized in underground criminal online auctions or markets but highly valuable to foreign governments. Highly technical defense engineering information, operational military data, or government policy analysis documents rarely if ever appear to be a priority for cybercriminal groups," the report concluded.

Targeted attacks employing spear phishing and other methods of gaining access to sensitive information will continue to be a preferred technique to compromise networks, and those in both the government and private sectors should exercise diligence when accessing correspondence on protected systems, especially when the communications contain URL links and attachments such as Word documents and PDFs.

You May Also Be Interested In: