Hackers breached an unclassified computer network used by the White House, but did not appear to have stolen any data, a White House official said Monday.
The hackers breached the network by using a technique known as spear phishing, in which they target victims who have access to sensitive computer networks by sending personalized emails that appear to come from trusted sources. Once the victims click on the bogus attachment or link, the hackers can install malicious software on the PCs to spy on users and steal data.
A White House official declined to comment on what data resided on the network, but emphasized it did not contain any classified information.
“These types of attacks are not infrequent and we have mitigation measures in place,” the White House official, who asked not to be identified, told The Huffington Post. “In this instance the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place. Moreover, there was never any impact or attempted breach of any classified system.”
The cyber attack on the White House network occurred last month and breached a network used by the White House Military Office, according to the Washington Free Beacon, which first reported the story. The office provides military support for White House functions, including food service, presidential transportation, medical support and hospitality services, according to the White House website.
It was not the first time that hackers have targeted the White House computer system or its employees. In 2008, Chinese hackers reportedly broke into a White House computer network and obtained emails between government officials. Last year, hackers based in China broke into Google Gmail accounts belonging to employees working in the White House, according to the Wall Street Journal.
Spear phishing isn’t new, but it is becoming increasingly sophisticated, according to the security firm McAfee.
“Simply look at any high-profile attack in the news and you will see that the initial vector of compromise is almost always a spearphishing email,” the firm said in a report last year.
Earlier this year, President Barack Obama pushed for legislation to make computer networks more secure from cyber attacks. But Congress failed to pass a cybersecurity bill this summer after Republicans opposed the bill, siding with business lobbyists who claimed that any security standards would unfairly saddle businesses with costly regulations.
In response, the Obama administration has been circulating an executive order that would bypass Congress to accomplish the president’s goals of securing the country from the risk of a computer-based attack.