Analysis

Was Russia really behind White House hack?

Security experts examine CNN's claim that Russia is attacking President Obama's home

The Capitol Building

Security experts have aired doubts over claims Russia was behind dangerous hacks on the White House's computer systems.

Hackers got their hands on sensitive White House data including President Barack Obama's schedule last October, and todayCNN blamed Russia for the attacks, citing anonymous US officials as sources.

The site claims the hackers routed their attacks through computers across the globe, and while classified systems were untouched, the White House admitted its unclassified network was breached - subsequently pulling it offline numerous times for security upgrades.

Agencies including the FBI and the Secret Service are now investigating the breach, and are pointing the finger at Russia, according to CNN.

However, the National Security Council declined to confirm the claims, and security analysts have voiced reservations over accusing Russia without clear proof.

Graham Cluley, an independent computer security analyst, said that CNNis likely connecting the Russian hackers to a cybercrime operation called Operation Pawn Storm, undertaken last October.

Pawn Storm hit government, military and media targets in the US, Europe and Pakistan with spearphishing and malware attacks.

As they also targeted anti-Russian dissidents, he said it would be no surprise to see Russia as a likely suspect.

However, Cluley added in a blog post: "Even if fingers of suspicion are pointing towards Russia, that's very different from having convincing proof that Moscow is behind the hack.

"Attribution of internet attacks is notoriously difficult and much harder than the average man in the street (and possibly politician) imagines, which is certainly a frustration for news reporters who wish to tie up a story with a simple bow."

He warned against casting Russia as the villain so quickly, following sceptics condemning the US for blaming North Korea for last year's huge hack into Sony Pictures.

The FBI publicly blamed North Korea, but experts pointed out plenty of holes in the agency's reasoning.

"We shouldn't jump too easily behind headlines claiming that the Russian government is behind this latest hack of the White House either," said Cluley.

Dwayne Melancon, CTO at IT security firm Tripwire, agreed. "Attribution is difficult. A savvy attacker can not only cover their tracks, they can often mislead you into believing someone else is behind the attacks," he said."I hope the White House has strong evidence to claim Russian responsibility."

What happens next?

CNN's report appeared after President Obama announced his intention to use tougher measures to deter foreign hackers at the start of the month.

"The increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by, persons located, in whole or in substantial part, outside the US constitute an unusual and extraordinary threat to the national security, foreign policy and economy of the US. I hereby declare a national emergency to deal with this threat," Obama announced.

The sanctions include limiting foreign countries' access to American financial systems and technology.

However, the US hasn't publicly labelled Russia as the culprit behind the White House attacks, and presumably would have to do so to justify any sanctions.

With relations tense between the two countries, the US may choose to deal privately with the matter, without resorting to sanctions.

In that case, WhiteHat Security founder Jeremiah Grossman said the US must concentrate on improving its security as well as legislating against hackers.

"Whatever new legislation the White House or Congress isplanning, does it have any chance of preventing this kind of incidentfrom happening again?" he said.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Cisco to acquire threat intelligence provider Kenna Security
Acquisition

Cisco to acquire threat intelligence provider Kenna Security

14 May 2021
What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

14 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021