Hackers have disrupted computer operations at the White House after breaking into its unclassified internal network.
The attack, blamed by US government sources on Russian hackers, has resulted in the disruption of some services while incident response teams work to contain the intrusion.
The White House network is under constant attack but the latest assault is more serious both because of its intensity and persistence. Reports suggest the attack has been going on for around three weeks.
Unnamed White House officials told the Washington Post that classified systems had not been breached.
“In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network,” said one White House official, speaking under condition of anonymity. “We took immediate measures to evaluate and mitigate the activity … Unfortunately, some of that resulted in the disruption of regular services to users."
US officials only became aware of the attack following notification by an ally. Third parties becoming aware of security breaches before the targeted organisation is all too common in the private sector and the same thing seems to have happened in the case of the White House network.
In response to the breach, workers were asked to change their passwords. Remote access via VPN was suspended but the email system was apparently slowed down – although it was not suspended outright, according to reports.
Delays in mail outs to White House correspondents on Tuesday seem to have led to news of the ongoing attack becoming public.
A White House staff memo obtained by the Huffington Post explains that disruptions in service are a defensive response to the ongoing attack.
"Our computers and systems have not been damaged, though some elements of the unclassified network have been affected. The temporary outages and loss of connectivity that users have been experiencing is solely the result of measures we have taken to defend our networks," the memo explains.
The FBI, Secret Service and National Security Agency have all been drafted into ongoing investigations into the breach, which bears the hallmarks of a state-sponsored attack. The extent of the breach and whether any data has been siphoned off is still being assessed.
Recent reports by security firms FireEye and Trend Micro have blamed hackers affiliated with the Kremlin with attacks against targets including NATO, the Ukrainian government and US defence contractors.
Attribution of attacks in cyberspace is difficult. Assessing potential motives, as well as the tactics and tools at play in a particular attack, can be used to point the finger of blame towards particular targets.
It's well known that Russian hackers are among the most capable on the intelligence scene and the Kremlin has form in launching this kind of assault, so the inference that Russia is to blame for the ongoing attacks against the White House is more than plausible – even though it remains unproven.
Russian intelligence was also blamed for a breach on the US military’s classified networks back in 2008. The subsequent clean-up operation, called Buckshot Yankee, took months to complete and spurred the creation of the US Cyber Command. ®