Share/E-mail This Story

Email This



White House Conveniently Confirms 'Cyberattack' Story Just As Its Pushing Cybersecurity Exec Order

from the coincidence... dept

A "conservative" website apparently reported that Chinese hackers broke into a White House military office computer system with a "spear-phishing attack (like regular phishing, but directly targeted at a victim)". The White House has confirmed the story while saying that nothing sensitive was accessed:
A White House official speaking on background late Sunday confirmed there was an attempted hack but said that it affected an unclassified network, was “isolated” and that there was no evidence that any data had been stolen.
I'm not a huge fan of any sort of conspiracy theories, but it does seem questionable that this comes out just as the White House is circulating an executive order dealing with "cybersecurity," and so soon after the administration's preferred Cybersecurity Act got rejected by the Senate. The Free Beacon website that first broke the story seems to use it to suggest that the administration is "soft" on security -- though it was conservatives in the Senate who blocked the Cybersecurity Act from passing in the first place.

Either way, it seems likely that people are trying to hack into key networks all the time. This doesn't sound like much of a big deal, but the fact that the White House is confirming the news just as it's pushing this exec order (while still hoping to get legislation through in the lame duck session), at least makes you wonder if the whole thing isn't being "leaked" on purpose to get cybersecurity stories back into the press to push for the exec order or for a revival of the bill.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    rw (profile), Oct 2nd, 2012 @ 5:45am

    Fake?

    I would find it very easy to believe that this was a "staged" attack.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Ninja (profile), Oct 2nd, 2012 @ 7:12am

    Re: Fake?

    That makes two of us. And possibly millions.

    Also, if it's true then first Govt personnel should be instructed into secure behaviors (ie: avoid opening those power point chains or unknown links) and second they should prevent connection to sensitive systems. Other than that the cybersecurity "exec orders" they want to implement are pretty much useless.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Oct 2nd, 2012 @ 7:20am

    surely its standard practise?

    a bit like when you get stories about popstars having handbags snatched - and then being found the next day. its all softening up for the new single at the end of the week.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Chuck Norris' Enemy (deceased) (profile), Oct 2nd, 2012 @ 7:23am

    Oh! The Humanity?

    Ah yes, a social engineering attack for which no cybersecurity law could ever prevent. No matter what you do you can't prevent stupid, gullible people from doing what they do.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Trails (profile), Oct 2nd, 2012 @ 7:29am

    As suspicious as...

    It's as suspicious as a traffic accident occurring while the gov't is pushing new traffic laws.

    The US Gov't has a huge amount of internet "real estate". The attack surface is massive, and the attempts are constant. In the weeks this executive order has been wending its way through the pipes, it's not surprising that this occurred. The fact that it's been reported so widely is a little ...smelly... but it's a pretty common occurrance.

    IMO, this:
    there was an attempted hack but said that it affected an unclassified network, was “isolated” and that there was no evidence that any data had been stolen


    means the attack was not some super-sophisticated attempt to get at classified networks, probably more a "USA teh suk, Chinaz #1!!!" kinda thing.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Josef Anvil (profile), Oct 2nd, 2012 @ 7:30am

    huh what?

    Chinese hackers sent emails in a spear phishing attempt.

    So we need a Cybersecurity Act to do what exactly? Make it illegal for the Chinese to hack? Stop phishing scams?

    Did we run out of lobbyists for other shit?

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    TasMot (profile), Oct 2nd, 2012 @ 7:32am

    What about the Computer Hacking Law

    We already have a computer hacking law (Just ask Lori Drew ) that can be used to go after computer criminals (Computer Fraud and Abuse Act). But, what the administration is saying that this Cyber Attack (well I guess that a Cyber Atack is not computer fraud or abuse, is that what I'm missing?) So now, a (maybe) cyber attack that was unsuccessful and nothing bad happened that is not computer fraud or abuse needs a new law (although what they probably want is a whole new huge expensive department to deal with this failed threat). OR, they could just take the sensitive information off the internet so it can't be reached. Wow, why didn't I think of that.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Michael, Oct 2nd, 2012 @ 7:39am

    A few things:

    --Highly convenient timing
    --*Critical* information and infrastructure shouldn't be accessible online in the first place; even ordinary people know better
    --The thing about this cyber-security bill is that it would effectively compromise the security and privacy of millions of people, under the guise of "protection"

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Oct 2nd, 2012 @ 7:57am

    There will be hundreds if not thousands of hack attempts in the few seconds I'm taking to write this...

    Definitely odd that this particular attempt just happened to be newsworthy.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Trails (profile), Oct 2nd, 2012 @ 7:59am

    Re: huh what?

    Stop Chinese people from emailing!!

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    John Doe, Oct 2nd, 2012 @ 8:00am

    Re:

    So quit typing, problem solved.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    NoahVail (profile), Oct 2nd, 2012 @ 8:06am

    Story Nailed It

    "if the whole thing isn't being "leaked" on purpose to get cybersecurity stories back into the press to push for the exec order or for a revival of the bill."

    Survey says: DING

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Paul L (profile), Oct 2nd, 2012 @ 8:09am

    @Mike;

    I love TechDirt and really enjoy the articles that you write with ONE exception: Cybersecurity. This is what I do for a living, and I do happen to work for an unnamed government that you focus on quite a lot in regards to these things....

    With that being said; Let me just say that the level of cyber attacks on national infrastructure is *NOT* being oversold. Most people simply couldn't comprehend the amount of attacks that are happening on a CONSTANT basis nor do most people understand the mitigation process and how it works within certain government organizations. In addition to that; there seems to be some serious misunderstanding in how data classification is approached at this level and why some controls (such as restricting government workers from accessing sites that are leaking classified data) exist.

    Let's assume that YOU are responsible for a team of people that tries to protect a network. Those networks contain different classifications of data and you need to make sure that people are NOT accidentally moving classified data to unclassified systems. How would you deal with vetting every piece of classified data on an unclassified system and determining if it's actually been leaked? That process would be a nightmare.

    Within government systems, the rule is that classified data is not allowed on unclassified networks. Period. That allows us to leverage data classification tools to help ensure that this data stays where it belongs. Having to make ad-hoc exceptions when something is "believed" to be leaked simply isn't practical.

    These rules are not about CONTROLLING users from accessing this data on the net that's been leaked, they are in place to prevent this data from ending up on unclassified systems no matter what it's source.

    There's a lot more to know about this process than simply what shows up in a news article somewhere....

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Oct 2nd, 2012 @ 8:11am

    not only convenient that it has supposedly happened at this time, but also convenient that they haven't released where the 'attack' came from. all in all, a bit too convenient, i think. mind you, all those in favour in congress will be jumping up and down that the bill needs to move forward as quick as possible before the whole USA is obliterated!

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    The eejit (profile), Oct 2nd, 2012 @ 8:13am

    Re:

    See, this makes sense. Thank you for that.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Oct 2nd, 2012 @ 8:26am

    They probably got an email with a batch file attached and they alerted the bomb squad to detonate the offending computer.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Jake, Oct 2nd, 2012 @ 8:30am

    Seems to be the M.O.

    That would be like suggesting the admin walked guns for tougher gun laws or published an anti-Mohammed video to restrict free speech.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Oct 2nd, 2012 @ 8:36am

    Re:

    The problem is related to how the laws have made the correct limitations to its extend. People are far more concerned about this than 5 years ago when the process was more gedulgt. The defensive options unfortunately suffers when the offensive possibilities are far too unresticted. It is the name of the game in politics, politicians just have to understand this new reality and same goes for the people responsible for structuring the law-packages.

    It is a known fact that the devil is in the detail.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Oct 2nd, 2012 @ 8:40am

    Re: Re:

    May I say, though that I agree about these cybersecurity conspiracy news being rather uninteresting. I do not think this particular event warrents a post.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Paul L (profile), Oct 2nd, 2012 @ 8:42am

    Re: Re: Re:

    Agreed....

    When I read articles like this that basically say the work I perform day in and day out is nothing more than a political conspiracy, it tends to irk me a bit.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Chuck Norris' Enemy (deceased) (profile), Oct 2nd, 2012 @ 8:43am

    Re:

    We don't question that there are attacks, we question the need for more broadly, poorly written legislation that adds no security to critical infrastructure, coughs up private information without question, and adds another inefficient bureaucratic nightmare of compliance and fines. Cybersecurity experts shouldn't need a law to figure out how to stop attacks.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    MrWilson, Oct 2nd, 2012 @ 8:50am

    Re: Fake?

    Hey, it could have really been a Chinese hacker...who the FBI, via an informant, pushed into doing the hack after the FBI developed a good profile of disenchanted Chinese individuals who might be susceptible to being patsies for their political point scoring schemes.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    John Fenderson (profile), Oct 2nd, 2012 @ 8:55am

    That's not hacking

    Phishing is not hacking. It's social engineering. This is "hacking" in the same sense that stealing someone keys to open a lock is "lockpicking".

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    John Fenderson (profile), Oct 2nd, 2012 @ 8:58am

    Re: Re:

    I am also a computer security professional, and I approve this message,

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    gorehound (profile), Oct 2nd, 2012 @ 9:07am

    Re: Fake?

    I would find it very easy to believe the same thing.Next it will be on the Big Content MAFIAA News and then they will Pass A Bill to take more of our Constitutional Rights away.
    Watch and see this happen.More spying and more breaking of the 4TH Amendment and more abuse by our Government.

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    Paul L (profile), Oct 2nd, 2012 @ 9:28am

    Re: Re:

    I agree with you 100% with your comments.

    Don't get me wrong.. I am NOT in favor of the Cybersecurity Act for a variety of reasons, most of which you already mentioned. I don't want to see the thing passed either.

    My concern was more the approach to many of the cyber security articles that show up here. Many of them DO seem to question if these attacks are real, or just fabricated to justify poorly written laws. At least that's how I've been reading many of them.

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    Jeremy2020 (profile), Oct 2nd, 2012 @ 9:34am

    Re: Fake?

    I don't think it was staged. I think they likely face issues every day. I think they are just letting this one get publicized.

    The glaring thing is...how would the bill have stopped this attack?

    It sounds like they need a better IT manager to do better filtering of their email and educating their users.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Oct 2nd, 2012 @ 10:25am

    Plus, wasn't the supposed attack just a DDOS attack? If so, then that's pretty lame of the White House to treat it as a serious "cyber-attack", that needs an executive order from the president to stop it.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Oct 2nd, 2012 @ 10:37am

    We are coming upon a collapse similar to what happened in the former USSR, Government planing is being put in place to control this collapse.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Oct 2nd, 2012 @ 10:44am

    Strangely, it also happened about a week after your "call from the White House". Was someone looking for help spinning the story?

    There seems to be a connection here, at least as tenable as the one you are trying to make.

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    John Fenderson (profile), Oct 2nd, 2012 @ 10:53am

    Re: Re: Re:

    I haven't seen any that I interpret as questioning if the attacks are real. I have seen several that question whether or not specific reports are exaggerated -- and they often are. This article highlights a pretty good example of that.

    There does appear to be an effort to transfer the paranoia of terrorists into the area of computer security, presumably in an attempt to get draconian laws passed.

    From a security perspective, this is just as counterproductive as pretending that there is no threat at all.

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    Chuck Norris' Enemy (deceased) (profile), Oct 2nd, 2012 @ 11:23am

    Re:

    Yeah, Mike! With this and your Google paycheck you should be getting along nicely. =]

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    New Mexico Mark, Oct 2nd, 2012 @ 11:36am

    Re: Re: huh what?

    Watch out where the huskies ran and don't you click that yellow spam!

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    New Mexico Mark, Oct 2nd, 2012 @ 11:45am

    Missed it by THAT much

    White House military office gets hacked. Response: "We mus do something to make everyone else fix their poor computer security."

    In related news, Washington DC found to be the murder capital of the world. Congress urged to pass more laws against murder.

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    Dan (profile), Oct 2nd, 2012 @ 12:22pm

    So what else is new?

    The Chinese have been spying on us since Nixon. What else is new?

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    Suzanne Lainson (profile), Oct 2nd, 2012 @ 2:59pm

    So what is being done about cybersecurity?

    Let's say government is totally removed from cybersecurity. Is private enterprise going to keep the Internet safe? Should we all be using cash transactions to avoid having any info transmitted or stored on servers? Seems like companies are being hacked all the time, and security isn't as good as it could be in most places. So how will protections be implemented?

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    That Anonymous Coward (profile), Oct 2nd, 2012 @ 3:48pm

    Re: Oh! The Humanity?

    I was going to say something similar.

    Now the other thing to mention is someone with access to the Nuclear Football and all kinds of secrets we have to protect, is one of those people who will answer an email from a deposed prince seeking help to move money out of his country.

    It was a spearfishing attack, makes it sound dangerous. Almost as dangerous as getting an email from a friend seeking money in a foriegn country because they were mugged and robbed.

    If you can't get your staff trained to avoid these attacks, what makes you think you can write a law and make it all better? Physician heal thy self.

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    Anonymous Coward, Oct 2nd, 2012 @ 6:39pm

    Re: Fake?

    Really, staged is such a naughty word... but let's go with some truthiness instead. let's revise the headline:

    Blogger Conveniently Confirms 'Cyberattack' Story Just As Its Pushing against Cybersecurity government plan

    There. Makes more sense. Don't forget to take those calls Mike!

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Anonymous Coward Named Eric, Oct 2nd, 2012 @ 8:34pm

    And what about the attack on the banks?

    With the recent breach on major banks throughout the world this is more reason for Obama to issue an executive order. I call bullshit. We condemn these acts, even though the whole world knows we are responsible for Stuxnet doing exactly this to Iran.

    You'd have to be an idiot to not think this is positioning by our "most trusted".

     

    reply to this | link to this | view in thread ]

  40.  
    icon
    Suzanne Lainson (profile), Oct 2nd, 2012 @ 9:37pm

    Re: And what about the attack on the banks?

    We condemn these acts, even though the whole world knows we are responsible for Stuxnet doing exactly this to Iran.

    Isn't that the point, though? Between governments and criminals, that which can be hacked will be hacked. What should we do? How do we, citizens of the world, protect ourselves? Or do we concede that we can't?

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Anonymous Coward, Oct 4th, 2012 @ 12:52am

    Re: What about the Computer Hacking Law

    Well they need this law to get access to all the telecom information they want. Essentially CISPA is like warrantless wiretapping for the internet... oh yeah wait no that's not good.

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Eric Blair, Oct 11th, 2012 @ 12:00am

    Re:

    Let me just say that the level of cyber attacks on national infrastructure is *NOT* being oversold.

    1) See the reporting that the DHS was pleased that the myth of the Russian attack on a water station was being propagated.
    2) There is a simple solution to the 'infrastructure attack' problem. Don't hook that stuff up to the internet.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This