President Obama’s Email Read by Russian Hackers
Several news reports in recent days discussed an intrusion into the White House unclassified email system by Russian hackers. This follows reports of lingering problems with unclassified email at the State Department. Both would be legitimate targets for foreign espionage activity. This follows the announcement by the Secretary of Defense of a new cybersecurity strategy for the U.S. military and revelations that Pentagon unclassified networks had been breached as well.
In the DoD case it appears that a known vulnerability had been left unpatched and was exploited. The State and White House details are still pending. Once again it is important to note essential action of promptly installing patches for known defects is a key cybersecurity best practice.
While the public reports indicate that classified networks and information was not compromised, it is fair to assume that at least some sensitive information such as schedules and policy viewpoints was obtained. Even unclassified information can be useful to an opponent.
The takeaway here is that even important government networks operated by experts are subject to hacking. Failure to patch known vulnerabilities is as risky as the zero-day exploit. Malware to leverage know defects can be generated in a matter of hours. When coupled with skilled social engineering attacks, governments and businesses are at risk. As other advanced persistent threat findings indicate, once the bad guys are inside, they can stay for months.
If you like our daily blogs, please join us on Facebook!