U.S. Investigating White House Cyber Attack

Officials: President Obama was not informed at the time the White House Military Office hack was discovered

AP Images
October 2, 2012

Law enforcement and national security agencies are investigating the hacking of a White House computer last month that penetrated a network inside the White House Military Office that handles top-secret data, U.S. officials said.

On Capitol Hill, House Republicans this week asked the White House to provide details of the attack on the White House Communications Agency, which runs the Situation Room and classified communications and teleconferences.

Meanwhile, officials said President Barack Obama was not notified about the cyber attack—which was traced to China when it was first discovered—but was informed about the incident later.

The FBI is conducting the investigation with support from the U.S. Secret Service, which is in charge of White House security, said officials familiar with the probe. The National Security Agency is also involved in the investigation.

White House National Security Council spokesman Tommy Vietor declined to comment when asked about the probe into the hacking. An FBI spokesman also declined comment.

White House Press Secretary Jay Carney on Monday officially confirmed the cyber attack, which he described as "spear phishing"—the use of fraudulent email that often results in an attacker gaining unauthorized access to a computer network.

Carney told reporters in Las Vegas, "The attack … was what’s known as a spear-phishing attack against an unclassified network."

He sought to play down the significance of the incident and declined to provide specifics when asked if the attacked computer network was located within the White House Military Office. That office is in charge of presidential communications, travel, and the nuclear command and control suitcase known as the "football."

"Let’s be clear: this is an unclassified network," Carney said. "These types of attacks are not infrequent, and we have mitigation measures in place."

"In this instance, the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place," he said, adding that the attack "never [had] any impact or attempted breach of any classified system."

The cyber attack was first reported Sunday by the Free Beacon.

Rep. Dana Rohrabacher (R., Calif.), chairman of the House Committee on Foreign Affairs’ Oversight and Investigations Subcommittee, called on the president to take steps to punish China for the cyber attack.

"How can this president continue to smile and gloss over significant differences with Chinese Communist leaders as they are hacking into the White House’s most sensitive systems? It is totally unacceptable," Rohrabacher told the Free Beacon.

Carney declined to discuss the specifics of "classified and unclassified networks, except that there are distinctions between those networks that contain classified information and those that don’t, and the attack was against an unclassified network."

Defense and intelligence officials said the cyber attack was traced to a server in China, although the precise identity of the attackers is not known.

One official called the digital strike one of the most brazen cyber attacks by the Chinese, who have both civilian and military hacker forces. These forces are known to conduct large-scale cyber espionage and preparation for sabotage against both government and private sector computers.

The spear phishing in the latest case allowed the hacker to gain access to a computer within the White House Communications Agency, the agency in charge of presidential communications, according to a law enforcement official discussing the case with Fox News.

Regarding presidential notification, the cyber attack was not considered serious enough to interrupt the president’s schedule. In recent weeks Obama has been traveling throughout the country while campaigning for reelection.

The cyber attack was mentioned during one of the president’s intelligence briefings several days after it was discovered and halted, said officials who spoke on condition of anonymity.

Asked if the president was informed of the cyber attack when it was discovered, Vietor, the White House spokesman, said: "The president is constantly apprised of potential cyber security threats."

"As a general matter, we don’t get into specifics about what is briefed to him or not, but as you know with this incident there was never any impact on or attempted breach of any classified system."

The White House cyber attack took place in late September and coincided with Chinese cyber attacks against Japanese government and private sector computers amid heightened tensions between Beijing and Tokyo over the Senkaku islands. The islands have been under Japanese control for decades and China, which refers to them as the "Diaoyu islands," is now claiming them as its territory.

The Pentagon has moved two U.S. aircraft carrier strike groups to waters near the islands that are located south of Okinawa and north of Taiwan. A Marine Corps amphibious group is also in the region near the Philippines.

China’s military conducted live-fire naval drills in the East China Sea recently in what state television called practice for improving capabilities against "island targets."

Richard Fisher, a specialist on the Chinese military, said China’s military would seek to penetrate the White House Military Office for several intelligence and operational reasons.

"Spear phishing attacks can potentially spread within a system very rapidly yielding data, new targets, and placing ‘doors’ for future access," Fisher said.

Fisher said a key strategic goal for the Chinese in seeking to gain access to the office is "to affect the president's ability to exercise military command" as well as to learn about continuity of government operations.

"China may calculate that a president less able to command may also be less likely to respond to a Chinese attack," Fisher said.

China’s government was linked to a sophisticated spear phishing attack on the online giant Google and other U.S. companies that was discovered in late 2009.

The attack, code-named Operation Aurora, combined human-intelligence gathering techniques with technical elements to gain access to valuable corporate secrets.

The attack led Google to move its search-engine and other online operations from the mainland to Hong Kong amid concerns about Chinese government hacking.

U.S. government officials were able to confirm with moderate confidence that the attack was linked to China’s military.

That attack used email that targeted corporate engineers, quality assurance developers, and people with high levels of access to information within the company, according to security specialists who investigated Aurora.

The Chinese used social media such as Facebook to find targets for emails, which were then sent disguised as coming from a trusted associate urging the recipient to click on a link.

The recipient’s computer was then directed to a server in Taiwan that was under control of Chinese hackers, who then planted malicious code "payload" within the computer that allowed repeated covert access to the infected system.

The Google attack was based on research that identified a security flaw in the web browser Internet Explorer.

U.S. intelligence agencies believe China has a force of about 2,000 people engaged in cyber warfare efforts, including digital espionage designed to obtain secrets and clandestine efforts to plant "sleep agent" software inside systems that can be used to attack or sabotage computer networks in a crisis or wartime.