White House Hack: A Lesson Learned Breach Detection Just as Important as Perimeter Defense
White House Hack: A Lesson Learned
SANS Technology Institute's Johannes Ullrich

An important lesson from the breach of a White House unclassified network is that organizations should invest in intrusion detection tools, not just perimeter defenses, says Johannes Ullrich, dean of research at the SANS Technology Institute, an IT security graduate school.

"Essentially everyone is vulnerable," including the White House, Ullrich says in an interview with Information Security Media Group.

U.S. officials first learned of the White House network intrusion from an ally, rather than their own detection efforts, according to the Washington Post.

Ullrich speculates that the ally might have been hit by the same malware that targeted the White House. When the ally's IT security staff investigated, he says, they might have tracked the malware to a server used by the hackers and discovered addresses of other targeted systems, including one for the White House, he says.

Ullrich says it's common for systems administrators at all types of organizations to be unaware of a breach. "What it usually means is that they didn't look close enough," he says. Early detection of a breach, he says, means security personnel can act more quickly to mitigate the intrusion.

In the interview, Ullrich:

  • Offers his theories about the method an ally might have used to inform the White House about the breach;
  • Discusses steps the White House likely is taking in the wake of the breach, including eradicating malware, fixing any damage to the system and working with vendors if the breach was caused by a software vulnerability;
  • Explains how the compromise of an unclassified network could potentially jeopardize classified IT systems; and
  • Defines a "watering hole" attack, and why such a compromise might have been used to collect information about White House staff.

As dean of research for the SANS Technology Institute, Johannes oversees the SANS Internet Storm Center, a global cooperative cyberthreat and Internet security monitoring and alert system he founded in 2000. He received a Ph.D. in physics from the State University of New York at Albany.




Around the Network