Amid all the noise the Sony hack generated over the holidays, a far more troubling cyber attack was largely lost in the chaos. Unless you follow security news closely, you likely missed it.
I’m referring to the revelation, in a German report released just before Christmas (.pdf), that hackers had struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive”—though unspecified—damage. Continue reading
Tag Archives: spear phishing attack
White House Hack Attack
What good is a nuclear deterrent when it’s compromised? The “MAD” concept has been effectively thrown out the window. What’s more is the American public is 99.9% unaware of the grave danger this puts them in, let alone it happened at all. Sadly, the only “football” most are concerned about is the one that gets tossed around on Monday nights.
Hackers linked to China’s government broke into one of the U.S. government’s most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.
One official said the cyber breach was one of Beijing’s most brazen cyber attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks.
U.S. officials familiar with reports of the White House hacking incident said it took place earlier this month and involved unidentified hackers, believed to have used computer servers in China, who accessed the computer network used by the White House Military Office (WHMO), the president’s military office in charge of some of the government’s most sensitive communications, including strategic nuclear commands. The office also arranges presidential communications and travel, and inter-government teleconferences involving senior policy and intelligence officials.
“This is the most sensitive office in the U.S. government,” said a former senior U.S. intelligence official familiar with the work of the office. “A compromise there would cause grave strategic damage to the United States.”
Security officials are investigating the breach and have not yet determined the damage that may have been caused by the hacking incident, the officials said.
Despite the administration national security official’s assertion, one defense official said there is fairly solid intelligence linking the penetration of the WHMO network to China, and there are concerns that the attackers were able to breach the classified network.
Details of the cyber attack and the potential damage it may have caused remain closely held within the U.S. government.
However, because the military office handles strategic nuclear and presidential communications, officials said the attack was likely the work of Chinese military cyber warfare specialists under the direction of a unit called the 4th Department of General Staff of the People’s Liberation Army, or 4PLA.
It is not clear how such a high-security network could be penetrated. Such classified computer systems are protected by multiple levels of security and are among the most “hardened” systems against digital attack.
However, classified computer systems were compromised in the past using several methods. They include the insertion of malicious code through a contaminated compact flash drive; a breach by a trusted insider, as in the case of the thousands of classified documents leaked to the anti-secrecy web site Wikileaks; and through compromised security encryption used for remote access to secured networks, as occurred with the recent compromise involving the security firm RSA and several major defense contractors.
According to the former official, the secrets held within the WHMO include data on the so-called “nuclear football,” the nuclear command and control suitcase used by the president to be in constant communication with strategic nuclear forces commanders for launching nuclear missiles or bombers.
The office also is in charge of sensitive continuity-of-government operations in wartime or crises.
The former official said if China were to obtain details of this sensitive information, it could use it during a future conflict to intercept presidential communications, locate the president for targeting purposes, or disrupt strategic command and control by the president to U.S. forces in both the United States and abroad.
Former McAffee cyber threat researcher Dmitri Alperovitch said he was unaware of the incident, but noted: “I can tell you that the Chinese have an aggressive goal to infiltrate all levels of U.S. government and private sector networks.”
“The White House network would be the crown jewel of that campaign so it is hardly surprising that they would try their hardest to compromise it,” said Alperovictch, now with the firm Crowdstrike.
Last week the senior intelligence officer for the U.S. Cyber Command said Chinese cyber attacks and cyber-espionage against Pentagon computers are a constant security problem.
“Their level of effort against the Department of Defense is constant” and efforts to steal economic secrets are increasing, Rear Adm. Samuel Cox, Cyber Command director of intelligence, told Reuters after a security conference.
“It’s continuing apace,” Cox said of Chinese cyber-espionage. “In fact, I’d say it’s still accelerating.”
The office is also in charge of the White House Communications Agency, which handles all presidential telephone, radio, and digital communications, as well as airlift operations through both fixed-wing and helicopter aircraft.
It also operates the presidential retreat at Camp David and the White House Transportation Agency.
“To assure proper coordination and integration, the WHMO also includes support elements such as operations; policy, plans, and requirements; administration, information resource management; financial management and comptroller; WHMO counsel; and security,” the website states.
“Together, WHMO entities provide essential service to the president and help maintain the continuity of the presidency.”
A report by the defense contractor Northrop Grumman made public by the congressional U.S.-China Economic and Security Review Commission in March stated that China’s military has made targeting of U.S. command and control networks in cyber warfare a priority.
“Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict,” the report said.
“PLA analysts consistently identify logistics and C4ISR infrastructure as U.S. strategic centers of gravity suggesting that PLA commanders will almost certainly attempt to target these system with both electronic countermeasures weapons and network attack and exploitation tools, likely in advance of actual combat to delay U.S. entry or degrade capabilities in a conflict,” the report said.
C4ISR is military jargon for command, control, communications, computers, intelligence, surveillance, and reconnaissance.
Little is known within the U.S. intelligence community about Chinese strategic cyber warfare programs.
However, recent military writings have disclosed some aspects of the program, which is believed to be one of Beijing’s most closely guarded military secrets, along with satellite weapons, laser arms, and other high-technology military capabilities, such as the DF-21 ballistic missile modified to attack aircraft carriers at sea.
A Chinese military paper from March stated that China is seeking “cyber dominance” as part of its efforts to build up revolutionary military capabilities.
“In peacetime, the cyber combat elements may remain in a ‘dormant’ state; in wartime, they may be activated to harass and attack the network command, management, communications, and intelligence systems of the other countries’ armed forces,” wrote Liu Wangxin in the official newspaper of the Chinese military on March 6.
“While great importance is attached continuously to wartime actions, it is also necessary to pay special attention to non-wartime actions,” he said. “For example, demonstrate the presence of the cyber military power through cyber reconnaissance, cyber deployment, and cyber protection activities.”
Full article: White House Hack Attack (Washington Free Beacon)