Hackers Breach White House Network

wiredmikey writes: The White House's unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the "Sandworm Team" and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems.

Re:

[Bonzoli]

Weaponized powerpoint. Someone should copyright that.

Re:

[NatasRevol]

The Sandworm Team already did.

Re:Thanks Obama!

[CaptainDork]

© Sarah Palin

FTFY

Re:

[Thud457]

The Powerpoint Ranger creed [pptclasses.com]

Discussion of the US Military's love of PPT [edwardtufte.com] on Edward Tuft's site. "Mustaches for everyone!" -- actual quote

Re:

[umghhh]

if TEH bomb is big enough, then it does not matter whether the order is in an understandable form or not.

Re:

[cavreader]

They just got the passwords from Snowden.

Re:

[TheTerseOne]

Weaponized PowerPoint is redundant. Powerpoint has been a weapon against clear thinking, preparing for a meeting, and keeping people interested in what you're saying for a long time.

And, of course, PowerPoint has already caused the space shuttle to crash. http://www.washingtonpost.com/... [washingtonpost.com]

Re:Thanks Balmer!

[pla]

Powerpoint has been a weapon against clear thinking, preparing for a meeting, and keeping people interested in what you're saying for a long time.

No one has ever cared about what the presenter had to say at meetings.

It just took more effort before Powerpoint - Both by the presenter, who had to actually prepare instead of cutting and pasting Wikipedia into a slideshow; and by the audience, who had to actually look at the presenter (thereby risking eye-contact) rather than glazing over while staring blankly at a projector screen.

Really, we should thank Microsoft for Powerpoint. Instead of meetings dragging on and on and on as the presenter rambles and people ask stupid questions in a futile effort to remain awake, now the meeting only lasts as long as the slideshow, no one asks any stupid questions, and everyone can go back to doing actual work that much sooner.

The unclassified network?

[StevenMaurer]

This XKCD comic [xkcd.com] comes to mind...

Re:

[i kan reed]

Well, naturally, but when industry standards have cheap ways to put your "posters" in "locked bulletproof glass cases", it's still kind of troubling.

Re:

[Vellmont]

I'd say breaking into the whitehouse network is a bit more worrisome than breaking into the whitehouse website. The website is indeed a poster. The network (even unclassified) is still terribly worrisome. You think all secrets we don't want other governments to know are classified?

Re:

[CaptainDork]

There's no classified information on the "Welcome to The White House" site.

Visiting hours are in the public domain.

Re:

[NatasRevol]

No, what you should be worried about is that the classified is the same set of systems as the unclassified, just with a layer of security. And it's the same everywhere, including the national nuclear labs.

Find a way around the security (like $10M in someone's swiss acct), and these same measures will work on the classified side.

Re:

[NatasRevol]

That's the way it is now. I've talked to people at Los Alamos, Army, and fed govt.

Re:

[lgw]

"Classified" is too nebulous for useful discussion - what is the data classified as? Anything classified Secret or above is on an entirely different network - another of Bush's "internets". Confidential information, the same sort of thing any company keeps confidential, is on normal networks, just with a layer of security, just like anywhere else. The military also has a separate network for operational security.

Re:

[MachineShedFred]

It's still an insecure-by-design network. This is like hacking past a NAT router on $famousPerson's house.

No one, including the White House, gives a shit.

Re:

[harrkev]

Worrisome? Stop with the fear talk...

If somebody of a different nationality can make is past the border of the White House security, he deserves a path to have a legal account there. He needs the opportunity to prove that he can become a productive member of the White House network.

Stadtdaten macht Frei

[radarskiy]

If you can maintain access for a year and a day, you get to be vice-president.

Re:

[harrkev]

That would be an improvement over the current one.

Re:

[f3rret]

I'd say breaking into the whitehouse network is a bit more worrisome than breaking into the whitehouse website. The website is indeed a poster. The network (even unclassified) is still terribly worrisome. You think all secrets we don't want other governments to know are classified?

Strictly speaking 'unclassified' is still a classification, meaning that information on an unclassified network is still classified data.

INFOSEC is weird like that.

Russians as bogeymen?

[gstoddart]

Yup, every time someone does this .. it's the Russians or the Chinese.

I think Western spy agencies have jumped the shark so much in terms of what they do, that you could plausibly say it's really them doing all of this and doing it as a false-flag operation.

I mean, come on, these clowns have been proven to be spying on the people who are meant to oversee them. They don't give a shit about the law, just their own powers.

You can't come up with a conspiracy theory which is paranoid enough these days -- because long-thinkers with massive resources really are doing all of this shit these days.

Hell, breaking into the Whitehouse systems lets you say you need more money for spying to prevent this kind of shit. And then you get the keys to the kingdom.

Re:

[MitchDev]

America does this to their own citizens AND to foreigners in their own homelands, why shouldn't we expect them to do it right back to the US?

Re:

[gstoddart]

I'm not sure how you couldn't expect it.

If you've decided it's legal for you to do it, you're kind of fair game, are you not?

Unless, of course, someone has the delusion that they're special because they say so. In which case you'll just act like a petulant child and throw a tantrum.

Re:

[sumdumass]

Damn straight. But being that it is the USA and the government, the security should have been guarded by Jack Bower and this never should have happened.

Re:

[CaptainDork]

Also, government IT forensics people aren't sharp enough to tell where the shit is coming from. The easiest way for IT to bullshit the boss is to fake it and blame Russia or China.

Re:

[CaptainDork]

Citation needed.

Re:

[alvinrod]

Further, why is this post a response to one of your posts when it is clearly aimed at someone else?

I get that /. has the occasional rant or angry screed or just some crappy copy-paste mad lib crap, but this isn't even in the correct location.

Even the shit-posting around here is getting pretty substandard.

Re:

[Charliemopps]

The NSA does not need money.
Federal money comes with oversight.
Like so: http://www.nationaljournal.com... [nationaljournal.com]

They patent the tools they've designed, and then resell them to businesses. Claiming the profits for themselves to fund their activities outside of federal oversight:
http://www.dailydot.com/politi... [dailydot.com]

What they can do is basically limitless. They believe they can lie to congress, the whitehouse and the courts and likely don't even need federal funding at this point. I suspect their primary target is the wh

Re:

[Vokkyt]

The evidence from the actual report [fireeye.com] that it's of Russian origins is a little specious for my taste, though part of the reasoning isn't exactly unfounded.

Their evidence that it's of Russian origin is that a large number of the malware samples (APT28 as categorized by FireEye) included Russian Language settings along with English and "neutral" (which defaults to the environment defaults). That certainly is an eye-brow raiser in my mind, but I wouldn't say we got anyone with their hand in the cookie jar.

The ot

Re:

[bioteq]

Iran's SCADA system was attacked and it had a huge air gap.

Basically, the -ONLY- way to keep a computer safe is to...not have a computer. If someone wants in a system bad enough, there is always an attack vector. Be it online or via the best malware carrier of all time -- humans.

I am willing to bet some joe-blow intern infected the network with someone doing some amazingly easy social engineering to him/her.

TL;DR - Internet or not; if someone wants in, they'll get in if two situations are met: 1) The comput

Re:

[pla]

I am willing to bet some joe-blow intern infected the network with someone doing some amazingly easy social engineering to him/her.

Who needs social engineering? Just drop an infected flash drive somewhere near the front door, and sooner or later (usually sooner) someone will pick it up and plug it in.

"Nuh-uh", you say? "They certainly have stupid things like autoruns turned off on the Whitehouse network!"

"Hmm, what do we have on here... Random spreadsheet crap, OSHA regulations Powerpoint crap, lau

Stop using Microsoft products?

[Anonymous Coward]

If the news was "bad guys leveraged a vulnerability in the White House's cardboard gate to break through", would people acknowledge the breach without questioning the cardboard gate?

Re:Stop using Microsoft products?

[Minwee]

If the news was "bad guys leveraged a vulnerability in the White House's cardboard gate to break through", would people acknowledge the breach without questioning the cardboard gate?

Or would the media refuse to report on the Gate? It's about ethics, I tell ya'.

Re:

[sootman]

Regardless of the result, the ensuing brouhaha would be called "Gategate".

Re:

[sumdumass]

Outside of locking down the internet to protect the citizens, the only other real recourse would be to counter attack China or Russia or whomever they decided to blame. Red lines fade away but I doubt this administration wants to escalate anything or make a scene large enough that others will demand it escalate the situation.

The only reasons it would be different if the Koch brothers did it would be in your mind or because it could be used politically to their benefit with no chance of escalation turning in

There's no such thing as an unclassified White Hou

[ssw]

Like saying an intruder braking in did gain access to anything sensitive. its the freaking White House.

Re:

[CaptainDork]

Nah ...

It's like saying someone broke in to Capital One's Internet-facing web page but didn't touch the secret guy stuff.

Failed objective

[228e2]

They were looking to get into whitehouse.com, not whitehouse.gov
;-)

Re:Failed objective

[bioteq]

I remember back in high-school (long, long ago,) one of my teachers was attempting to show off the school's new-fangled-lightning-fast T1 line. So he brought up whitehouse.com, not realizing that he had made a horrid mistake.

Unfortunately, that was the first exposure to porn some of my classmates had encountered. It was a sad day for them, realizing there is porn on the internet.

Ironically, I missed school for the next four days.

Re:

[DoofusOfDeath]

Unfortunately, that was the first exposure to porn some of my classmates had encountered. It was a sad day for them, realizing there is porn on the internet.

Sadder than seeing online porn, and then realizing that your home computer only does 28.8 kbps?

Re:

[Jason Levine]

I made a similar mistake once trying to load Barnes And Noble's website where I typed in barnesNnoble.com. The woman in the photo definitely WASN'T reading a book! This wasn't at a presentation, luckily, but unfortunately I was new at my job and obviously didn't want my boss to walk in and see this on my screen. Also, unfortunately, these were the days before pop-up blockers so every window I closed opened another window with another woman-not-reading. Finally, I managed to close one of the windows befo

Re:

[Tablizer]

The teacher had to sell it to the principle that it was merely an "instant human biology lesson".

Re:

[qpqp]

back in high-school (long, long ago,) [...] show off the school's new-fangled-lightning-fast T1

Uhm, how to put this...
That's not long ago you insensitive clod. Now get off my lawn!

Re:

[CaptainDork]

Mod +1

The IT team is not doing its job, or IT is begging for changes and no one's listening.

Weaponized PowerPoint

[Jason Levine]

Weaponized PowerPoint?

"The slide came in so fast that half the people in the room were laying on the floor bleeding before we could react. And then the embedded video started.... Oh, god!!! The video!!!!!" *collapses sobbing*

Re:

[peragrin]

If you look there is a video of the goats ex guy singing Rick Astley song "Never Gonna Give You Up". Out of his arse.

I refuse to link to it for obvious reasons.

Long over due.

[fahrbot-bot]

...has been using weaponized PowerPoint files in its recent attacks.

For PowerPoint to be classified as a WMD.

Re:

[Tablizer]

Time to invade Microsoft!

Obama's Propaganda?

[Anonymous Coward]

This is starting to feel like a new era of McCarthyism. All this fear mongering about Russian hackers and no one provided any evidence of their involvement?

Obama needs get over the fact that Russia isn't going to hand him over Snowden and stop his petty propaganda already.

Success!

[NetNed]

Step one: get person to "hack" the white house network
Step two: Claim "It's Russia!"
Step Three: Stir up media reports about "How safe is the internet really" and "Do we need the government to police the internet?"
Step four: Put in place controls that cripple the internet, spies on all Americans, and causes more laws to be written that stomp of the rights of Americans.


Yeah they can track down who is illegally downloading the latest Bastille album but they have these loose "links" to Russia that they claim if "fact!" it is them.


Couldn't be THIS [rt.com] could it?????

Re:

[qpqp]

Math > programming [xkcd.com]

I have to think of everything.

[CaptainDork]

"It’s important to note the variable %CIMPATH% is used for the drop location of default.txt," the researchers noted. "This is a standard variable that Cimplicity uses for its installs,

Crap. Mix up all that default shit every now and then.

Every fucking computer on the planet has stuff located in predictable areas.

The least we could do is make it a little harder. Let's randomize and encrypt the defaults.

Sure, it's more difficult to deal with, but that's the fucking problem: No one wants shit to be hard and stuff.

I have to think of everything.

[Anonymous Coward]

Boy, you are on the wrong website. Folks here are quite capable of programming automatic indexers which run over the entire harddisk and look at every single file. Like, say, Google Desktop Search.

Then the Controlling Meatsacks will download the compressed index and have a look at the index. Based on that, the "interesting" files will be downloaded. Certain subjects will be prioritized in case the firewall folks detect the exfiltration at some point and lock things down. As they did.

All of this activity can

This reminds me

[kurkosdr]

Anyone else thought of the "Software is sh!t" scene from IronMan 2 (it's said by a Russian-speaking character).

Toldja!

[Tablizer]

has been using weaponized PowerPoint files

I've been telling the suits that PowerPoint will put an eye out, and now I have proof

Weaponized powerpoint?

[damn_registrars]

I thought regular powerpoint was brutal. What happens when weaponized powerpoint crashes (and is that good or bad)?

Way ahead of his time.

[Minwee]

If only they had listened to Scott McNealy [gbuwizards.com] back in 1997...

We had 12.9 gigabytes of PowerPoint slides on our network. And I thought, "What a huge waste of corporate productivity." So we banned it. And we've had three unbelievable record-breaking fiscal quarters since we banned PowerPoint. Now, I would argue that every company in the world, if it would just ban PowerPoint, would see their earnings skyrocket. Employees would stand around going, "What do I do? Guess I've got to go to work."

Re:

[jfengel]

What a difference 17 years make. Now there are a great many individual 12.9 gigabyte PowerPoint slide decks running around.

I am outraged

[Dishwasha]

Why didn't the Secret Service tackle the hackers BEFORE they even GOT NEAR the White House network?

meetings?

[mu51c10rd]

Weaponized Powerpoint files? Sounds like the average management meeting around here...

Slashdot, what has become of you?

[Plugh]

There was a time when I could expect to come to Slashdot and see either a description of the actual details of the attack mechanism, or at least a *really* insightful, plausible set of theories. Now... not so much