The FBI, Secret Service and National Security Agency are now investigating a recent breach into unclassified White House networks, the Washington Post reported.
A third party alerted the White House of the breach two or three weeks ago, noting that the breach led to some temporary disruptions of service, but no networks were taken down, and no classified networks were breached.
Few details have been released by the White House, and the party responsible for the breach is unknown. Some analysts guessed that Russian hackers are responsible, either rogue or state-sponsored, though the White House has not commented on that claim.
After the White House was alerted of the breach, some staffers were asked to change their passwords, and intranet access was temporarily disabled.
A White House official anonymously told the Washington Post that these kinds of attacks are to be expected, and that the government is in a constant struggle to defend its networks.
Tim Erlin, director of product management at cyberthreat detection firm Tripwire, said this breach could serve as a learning experience.
“Even though the affected systems are unclassified, it’s unlikely that we’ll receive a full account of the activity,” he said. “The White House could take an important step forward in threat intelligence sharing by being more forthcoming with details of the attack in order to help others defend themselves as effectively as possible.”
And this incident underlines the growing success of advanced attacks, said Chris Boyd, malware intelligence analyst at Malwarebytes Labs, a security software firm.
“Traditional security solutions are continually being left wanting as advanced exploits, social engineering and other complex attacks develop too fast,” he said. “Large organizations, particularly those in sensitive areas, need to combine advanced countermeasures with frequent staff training to ensure the best possible defense against this relentless progression in attacks.”
This breach also is a prime example of the importance of building defense in depth, said Michele Borovac, vice president at HyTrust, a virtualization security and compliance solution provider.
"Perimeter security is no longer adequate, as hackers are clearly able to get inside networks almost at will. Once inside, hackers will ‘land and expand,’ ideally finding privileged administrator accounts that would grant them unfettered access to more important systems," she said. "The process hackers follow to infiltrate an organization has been called a Kill Chain, and security teams must find a way to detect and break this sequence of events.”