CybersecurityRussian hackers gained access to unclassified White House e-mails

Published 28 April 2015

Reports that Russian hackers gained access to unclassified e-mails to and from President Barack Obama during last October’s White House e-mail breach, are adding to concerns regarding the security of government communications systems. “This attack is a red flag that they really need to improve their security procedures. It’s quite serious,” said Kevin Mitnick, a former hacker. “The cyber threat against U.S. interests is increasing in severity and sophistication,”Defense Secretary Ashton Carter said last Thursday.

Reports that Russian hackers gained access to unclassified e-mails to and from President Barack Obama during last October’s White House e-mail breach, are adding to concerns regarding the security of government communications systems.

According to the New York Times, Russian hackers broke into the email archives of people working in the White House who regularly exchanged correspondence with the president. The hackers were then able to read e-mails that Obama had sent and received.

“This attack is a red flag that they really need to improve their security procedures. It’s quite serious,” said Kevin Mitnick, a former hacker who is now a computer security consultant. “It’s not surprising — the government has a huge attack surface where someone can exploit the computer data through a security flaw in the unclassified system,” Mitnick added.

Cybersecurity professionals are trying to figure out how exactly hackers breached White House e-mail systems. According to the Guardian, one theory is that the attackers could have infected government staffers’ computer systems when the staffers were working off-site using external wireless networks in places such as coffee shops or their homes.

“You can compromise the system in their house, then use that to jump on to the system issued from the government,” said cybersecurity researcher John Bumgarner. “Perhaps you would springboard from the State Department email into the White House e-mail.”

Obama carries a secured BlackBerry device for classified communications, and so far that appears to be safe from security breaches. The Obama administration has admitted earlier this year that Russian hackers attacked unclassified systems at the Pentagon, the White House, and the State Department. “Earlier this year, the sensors that guard DoD’s unclassified networks detected Russian hackers accessing one of our networks. They’d discovered an old vulnerability in one of our legacy networks that hadn’t been patched,” Defense Secretary Ashton Carter said Thursday during an address at Stanford University. “The cyber threat against U.S. interests is increasing in severity and sophistication.”

Obama administration officials have not made clear whether hackers in this latest hacking incident were connected to the Russian government.

The White House, State Department, Pentagon, and intelligence agencies store their most classified material on a system called JWICS, or Joint Worldwide Intelligence Communications System. There is no evidence that this system was breached in the October hack.

“This breach related to the lowest-level unclassified e-mail,” said Jonathan Mayer, a graduate fellow in computer science at Stanford University. “But that said, that can still include very sensitive information, maybe not state secrets, but information that would be of great interest to a foreign nation. It’s unfortunate.”