White House Hack Attack
BY: Bill Gertz September 30, 2012 8:33 pm
Hackers linked to China’s government broke into one of the U.S. government’s most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.
One official said the cyber breach was one of Beijing’s most brazen cyber attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber attacks.
Disclosure of the cyber attack also comes amid heightened tensions in Asia, as the Pentagon moved two U.S. aircraft carrier strike groups and Marine amphibious units near waters by Japan’s Senkaku islands.
China and Japan—the United States’ closest ally in Asia and a defense treaty partner—are locked in a heated maritime dispute over the Senkakus, which China claims as its territory.
U.S. officials familiar with reports of the White House hacking incident said it took place earlier this month and involved unidentified hackers, believed to have used computer servers in China, who accessed the computer network used by the White House Military Office (WHMO), the president’s military office in charge of some of the government’s most sensitive communications, including strategic nuclear commands. The office also arranges presidential communications and travel, and inter-government teleconferences involving senior policy and intelligence officials.
An Obama administration national security official said: “This was a spear phishing attack against an unclassified network.”
Spear phishing is a cyber attack that uses disguised emails that seek to convince recipients of a specific organization to provide confidential information. Spear phishing in the past has been linked to China and other states with sophisticated cyber warfare capabilities.
The official described the type of attack as “not infrequent” and said there were unspecified “mitigation measures in place.”
“In this instance the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place,” the official said.
The official said there was no impact or attempted breach of a classified system within the office.
“This is the most sensitive office in the U.S. government,” said a former senior U.S. intelligence official familiar with the work of the office. “A compromise there would cause grave strategic damage to the United States.”
Security officials are investigating the breach and have not yet determined the damage that may have been caused by the hacking incident, the officials said.
Despite the administration national security official’s assertion, one defense official said there is fairly solid intelligence linking the penetration of the WHMO network to China, and there are concerns that the attackers were able to breach the classified network.
Details of the cyber attack and the potential damage it may have caused remain closely held within the U.S. government.
However, because the military office handles strategic nuclear and presidential communications, officials said the attack was likely the work of Chinese military cyber warfare specialists under the direction of a unit called the 4th Department of General Staff of the People’s Liberation Army, or 4PLA.
It is not clear how such a high-security network could be penetrated. Such classified computer systems are protected by multiple levels of security and are among the most “hardened” systems against digital attack.
However, classified computer systems were compromised in the past using several methods. They include the insertion of malicious code through a contaminated compact flash drive; a breach by a trusted insider, as in the case of the thousands of classified documents leaked to the anti-secrecy web site Wikileaks; and through compromised security encryption used for remote access to secured networks, as occurred with the recent compromise involving the security firm RSA and several major defense contractors.
According to the former official, the secrets held within the WHMO include data on the so-called “nuclear football,” the nuclear command and control suitcase used by the president to be in constant communication with strategic nuclear forces commanders for launching nuclear missiles or bombers.
The office also is in charge of sensitive continuity-of-government operations in wartime or crises.
The former official said if China were to obtain details of this sensitive information, it could use it during a future conflict to intercept presidential communications, locate the president for targeting purposes, or disrupt strategic command and control by the president to U.S. forces in both the United States and abroad.
White House spokesmen had no immediate comment on the cyber attack, or on whether President Obama was notified of the incident.
Former McAffee cyber threat researcher Dmitri Alperovitch said he was unaware of the incident, but noted: “I can tell you that the Chinese have an aggressive goal to infiltrate all levels of U.S. government and private sector networks.”
“The White House network would be the crown jewel of that campaign so it is hardly surprising that they would try their hardest to compromise it,” said Alperovictch, now with the firm Crowdstrike.
Last week the senior intelligence officer for the U.S. Cyber Command said Chinese cyber attacks and cyber-espionage against Pentagon computers are a constant security problem.
“Their level of effort against the Department of Defense is constant” and efforts to steal economic secrets are increasing, Rear Adm. Samuel Cox, Cyber Command director of intelligence, told Reuters after a security conference.
“It’s continuing apace,” Cox said of Chinese cyber-espionage. “In fact, I’d say it’s still accelerating.”
Asked if classified networks were penetrated by the Chinese cyber warriors, Cox told the news agency: “I can’t really get into that.”
The WHMO arranges the president’s travel and also provides medical support and emergency medical services, according to the White House’s website.
“The office oversees policy related to WHMO functions and Department of Defense assets and ensures that White House requirements are met with the highest standards of quality,” the website states. “The WHMO director oversees all military operations aboard Air Force One on presidential missions worldwide. The deputy director of the White House Military Office focuses primarily on the day-to-day support of the WHMO.”
The office is also in charge of the White House Communications Agency, which handles all presidential telephone, radio, and digital communications, as well as airlift operations through both fixed-wing and helicopter aircraft.
It also operates the presidential retreat at Camp David and the White House Transportation Agency.
“To assure proper coordination and integration, the WHMO also includes support elements such as operations; policy, plans, and requirements; administration, information resource management; financial management and comptroller; WHMO counsel; and security,” the website states.
“Together, WHMO entities provide essential service to the president and help maintain the continuity of the presidency.”
Asked for comment on the White House military office cyber attack, a Cyber Command spokesman referred questions to the White House.
Regarding U.S. naval deployments near China, the carrier strike groups led by the USS George Washington and the USS Stennis, along with a Marine Corps air-ground task force, are now operating in the western Pacific near the Senkakus, according to Navy officials.
China recently moved maritime patrol boats into waters near the Senkakus, prompting calls by Japanese coast guard ships for the vessels to leave.
Chinese officials have issued threatening pronouncements to Japan that Tokyo must back down from the recent government purchase of three of the islands from private Japanese owners.
Tokyo officials have said Japan is adamant the islands are Japanese territory.
Officials said the Washington is deployed in the East China Sea and the Stennis is in the South China Sea.
About 2,200 Marines are deployed in the Philippine Sea on the USS Bonhomme Richard and two escorts.
The U.S. Pacific Command said the deployments are for training missions and carriers are not necessarily related to the Senkaku tensions.
“These operations are not tied to any specific event,” said Capt. Darryn James, a spokesman for the U.S. Pacific Command in Honolulu, according to Time magazine. “As part of the U.S. commitment to regional security, two of the Navy’s 11 global force carrier strike groups are operating in the Western Pacific to help safeguard stability and peace.”
As a measure of the tensions, Defense Secretary Leon Panetta told Chinese military leaders during his recent visit to China that the U.S. military will abide by its defense commitments to Japan despite remaining publicly neutral in the maritime dispute.
“It’s well known that the United States and Japan have a mutual defense treaty,” a defense official said of Panetta’s exchange in Beijing. “Panetta noted the treaty but strongly emphasized that the United States takes no position on this territorial dispute and encouraged the parties to resolve the dispute peacefully. This shouldn’t have to get to the point where people start invoking treaties.”
A report by the defense contractor Northrop Grumman made public by the congressional U.S.-China Economic and Security Review Commission in March stated that China’s military has made targeting of U.S. command and control networks in cyber warfare a priority.
“Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict,” the report said.
“PLA analysts consistently identify logistics and C4ISR infrastructure as U.S. strategic centers of gravity suggesting that PLA commanders will almost certainly attempt to target these system with both electronic countermeasures weapons and network attack and exploitation tools, likely in advance of actual combat to delay U.S. entry or degrade capabilities in a conflict,” the report said.
C4ISR is military jargon for command, control, communications, computers, intelligence, surveillance, and reconnaissance.
Little is known within the U.S. intelligence community about Chinese strategic cyber warfare programs.
However, recent military writings have disclosed some aspects of the program, which is believed to be one of Beijing’s most closely guarded military secrets, along with satellite weapons, laser arms, and other high-technology military capabilities, such as the DF-21 ballistic missile modified to attack aircraft carriers at sea.
A Chinese military paper from March stated that China is seeking “cyber dominance” as part of its efforts to build up revolutionary military capabilities.
“In peacetime, the cyber combat elements may remain in a ‘dormant’ state; in wartime, they may be activated to harass and attack the network command, management, communications, and intelligence systems of the other countries’ armed forces,” wrote Liu Wangxin in the official newspaper of the Chinese military on March 6.
“While great importance is attached continuously to wartime actions, it is also necessary to pay special attention to non-wartime actions,” he said. “For example, demonstrate the presence of the cyber military power through cyber reconnaissance, cyber deployment, and cyber protection activities.”
©2012 All Rights Reserved