by Constantine von Hoffman

White House Spam Attack is No Reason to Blast Obama Cybersecurity Policy

Opinion
Oct 02, 20123 mins
CybercrimeMalwarePhishing

A Washington, D.C.-based news outlet exaggerated the significance of a recent spam attack that targeted the White House.

cyber_security%20month.jpg
It seems someone in the government has decided to underscore the importance of National Cyber Security Awareness Month by leaking news of an attack against the White House. Or maybe the leak had something to do with the long-promised and/or threatened Executive Order on protecting our vital bodily networks from online attack. Either way, the leaked attack isn’t all that impressive when you get right down to it.

The Washington Free Beacon* was first with the news (which may be something of a first for it):

“Hackers linked to China’s government broke into one of the U.S. government’s most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.”

It then went on to say:

“One official said the cyber breach was one of Beijing’s most brazen cyber attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks.”

I’ll have an order of brazen cyber attacks with a side of partisan silliness, please.

The White House was quick to downplay the significance of the attack. Yes, the attack was aimed at the White House Military Office (WHMO), the folks in charge of sensitive communications, including systems that can send and authenticate nuclear strike commands. Several unidentified sources assured several very identified news outlets that the spear phishing attack was unsuccessful, and it was aimed at an “unclassified system.”

Oh, and BTW, the attack took place a month ago and the Beacon and Fox News are the only ones claiming it was of Chinese origin. (Not that anyone would be surprised if it was.)

Apparently the White House fell victim to the powerful, cutting-edge email-with-a-malicious-attachment attack. Someone forgot to update their anti-malware program, probably.

“Targeted email scams are not new,” says Jason Lewis, chief scientist at Lookingglass. “The timing is interesting considering the cybersecurity executive order that is circulating.”

Why is this attack unlike any of the others that target the WH every day? I’ll let Sophos’s Paul Ducklin answer that:

“Fox dedicated over 660 words to the Chinese hacking story, but after careful reading it seems pretty clear that the incident, and the story, can be simplified quite significantly.

Here it is in 40 words, for a compression ratio of over 94%:

* A malicious spam from a computer in China reached a single unclassified computer in the White House Communications Agency.

* The computer may or may not have become infected as a result.

* Protection against malware and hackers is a good idea.

You may stand down from any coloured, or even lightly tinted, type of alert.”

And now the weather, with Shep Smith.

*Joking aside, I give massive kudos to the Beacon for covering an issue that actually matters and that no one else except maybe the Army and/or Navy Times is paying attention to:  The astonishing and insulting increase in health care costs for Armed service retirees and their families. That is truly obscene.