Cybercriminals hacked into computers of the White House Military Office, the White House told Politico today. The breach is said to come from attackers in China.
The White House confirmed the hack on Sunday after conservative publication The Washington Free Beacon posted rumors of the incident.
According to Politico, a web site that covers politics and based in Washington, D.C., a White House spokesperson said the systems attacked were unclassified and that the White House does not believe any data was stolen from the machines. The spokesperson went on to say that the hackers did not attempt to breach any classified systems and that the original attack was “isolated.”
So, how do you get inside the White House’s computer systems? The same way many high-profile attacks happen: human error. The hackers used a phishing technique to dupe a White House employee into believing an e-mail or some other form of communication was legitimate. From there, phishers lure unsuspecting people through malicious links or to download attachments, which then open the door for hackers to install malware, steal personal information, or otherwise gain access to the system.
“The recently reported spear-phishing attack on the White House underscores the vulnerability factor of employees, even at the highest level of the U.S. government, to fall for these types of targeted attacks,” said Aaron Higbee, cofounder of spear-phishing avoidance training program PhishMe, in an e-mail to VentureBeat. “But as we have seen time and time again, these attacks use the social engineering tactics of fear, curiosity, and urgency to lure users to open attachments, click URL’s or provide sensitive data to criminals – truly, they are geared to help criminals establish an undetected presence within the White House network.”
Whether the attackers set up backdoors or other ways to reenter the system is unknown.