Report: Breach Exposed Obama RecordsDetails Emerge about Last Year's Hack of White House IT
A breach of the White House IT system last October, believed to be by Russian hackers, exposed sensitive details about White House operations, such as the president's schedule, CNN reports.
Investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, CNN reports, citing several U.S. officials briefed on the investigation into the breach.
The State Department revealed in October that the breach of its system and that of the White House were linked (see State Department, White House Hacks Linked).
The White House downplayed the report. "This report is not referring to a new incident - it is speculating on the attribution of the activity of concern on the unclassified EOP (Executive Office of the President) network that the White House disclosed last year," Mark Stroh, National Security Council spokesman said April 7. "Any such activity is something we take very seriously. In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity. As has been our position, we are not going to comment on the referenced article's attribution to specific actors."
Alternative to Email
Jerry Irvine - a member of the National Cybersecurity Task Force, a joint operation between the Department of Homeland Security and the U.S. Chamber of Commerce - says phishing and spear phishing attacks are increasingly plaguing governments and businesses, and suggests that if they persist, organizations might need to limit email communications.
"It can happen to anyone, and it did," Irvine says, referring to the White House breach. "This is the way of the world. Organizations now are starting to look at the value of email and are questioning whether it's worth the risk. Are there other methods to share information other than email?"
Irvine, partner and chief information officer at IT outsourcer Prescient Solutions, says governments and businesses should look to email alternatives, such as instant messaging, which he contends poses fewer risks.