The Financial Times has been told by a “senior US official” that the White House computer network has been penetrated by hackers on multiple occasions. The article itself provides some basic information, but you’ll have to read between the lines to get the most interesting stuff:
Chinese hackers have penetrated the White House computer network on multiple occasions, and obtained e-mails between government officials
The National Cyber Investigative Joint Task Force, a new unit established in 2007 to tackle cyber security, detected the attacks on the White House. But the official stressed that the hackers had only accessed the unclassified computer network, not the more secure classified network.
Maybe these hackers have the estimated 5 million e-mails missing from the official archives? But seriously, e-mail between government officials is apparently not sent over the secure, classified network. I don’t know what the “secure, classified network” is, but I’m willing to bet that there is also a lot of classified information sent by e-mail. If you give your employees two methods to communicate, a system that they know and is easy to use (e-mail) and another option that requires more effort to use (the secure system), there are always people that make the wrong (easy) choice. The article then continues with:
US government cyber intelligence experts suspect the attacks were sponsored by the Chinese government because of their targeted nature.
The official said the Chinese cyber attacks had the hallmarks of the “grain of sands” approach taken by Chinese intelligence, which involves obtaining and pouring through lots of – often low-level – information to find a few nuggets.
This doesn’t sound like a “targeted attack”; it sounds like a script kiddie that just happened to get into the White House network and got caught because he downloaded so much data that it was easily noticed. The article’s souce admits that the government is not sure that the attacks are really coming from the Chines government:
But they concede that it is extremely difficult to trace the exact source of an attack beyond a server in a particular country.
If the Chinese government was sponsoring attacks on the US government, wouldn’t they at least do it from computers outside of China? And wouldn’t they be far more careful and try to hide their access, instead of downloading huge amounts of data? The US government still has a long way to go in the security department…