As the latest news of a hack of an unidentified computer on the White House Military Office network spreads, the threat of a national security computer breach becomes more real.  The attack is being attributed to China by anonymous officials.  The WHMO contains some of the nation’s most sensitive information, including what many call “the nuclear football” – the information that is required in order to launch a nuclear strike and other information that is reserved for the highest intelligence and policy officials.  Thus far the White House has confirmed it had “thwarted” the attack, but has not taken a step to name a source.

The method of the attack came through what is known as spearfishing – delivered by a malicious link in email or file that acts as though it comes from a specific source and requests confidential information.  Officials are describing a very minor impact.  One unnamed official was quoted at The Hill:

“In this instance the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place”

“Moreover, there was never any impact or attempted breach of any classified system.”

These highly sensitive networks are typically quite hardened and protected by a number of security measures.  This makes this breach all the more troubling.  China has been linked to a number of cyber attacks on military contractors and government agencies alike.  A specific unit in the Chinese military known as the 4th Department of General Staff of the People’s Liberation Army is a group that is dedicated to cyber warfare and is commonly cited when targets of this level are involved.   The global pace of cyber attacks is accelerating and this compromise perhaps marks the pinnacle compromised target.  While the attack may not have officially resulted in any loss of information, it is certainly quite concerning.  We have seen attacks in the past go unnoticed for some time and we have seen time and time again that despite many layers of security, attackers can gain access through social engineering, as was used in this case.   What good does 50 locks on the front door do if people keep getting up and opening the back door to let someone in?  It’s an age-old issue that seems to have emerged again and appears to be the hack of choice around the world.