Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.
While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion.
The hackers had access to sensitive information such as real-time non-public details of the president's schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say. The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades. The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems.
The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government. National Security Council spokesman Mark Stroh didn't confirm the Russian hack, but he did say that "any such activity is something we take very seriously." "In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity," he said. "As has been our position, we are not going to comment on [this] article's attribution to specific actors."
Neither the U.S. State Department nor the Russian Embassy immediately responded to a request for comment. Ben Rhodes, President Barack Obama's deputy national security adviser, said the White House's use of a separate system for classified information protected sensitive national security-related items from being obtained by hackers. "We do not believe that our classified systems were compromised," Rhodes told CNN's Wolf Blitzer on Tuesday.
"We're constantly updating our security measures on our unclassified system, but we're frankly told to act as if we need not put information that's sensitive on that system," he said. "In other words, if you're going to do something classified, you have to do it on one email system, one phone system. Frankly, you have to act as if information could be compromised if it's not on the classified system."
To get to the White House, the hackers first broke into the State Department, investigators believe. The State Department computer system has been bedeviled by signs that despite efforts to lock them out, the Russian hackers have been able to reenter the system. One official says the Russian hackers have "owned" the State Department system for months and it is not clear the hackers have been fully eradicated from the system.
As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, according to the U.S. officials. Director of National Intelligence James Clapper, in a speech at an FBI cyberconference in January, warned government officials and private businesses to teach employees what "spear phishing" looks like. "So many times, the Chinese and others get access to our systems just by pretending to be someone else and then asking for access, and someone gives it to them," Clapper said.
The ferocity of the Russian intrusions in recent months caught U.S. officials by surprise, leading to a reassessment of the cybersecurity threat as the U.S. and Russia increasingly confront each other over issues ranging from the Russian aggression in Ukraine to the U.S. military operations in Syria. The attacks on the State and White House systems is one reason why Clapper told a Senate hearing in February that the "Russian cyberthreat is more severe than we have previously assessed."
The revelations about the State Department hacks also come amid controversy over former Secretary of State Hillary Clinton's use of a private email server to conduct government business during her time in office. Critics say her private server likely was even less safe than the State system. The Russian breach is believed to have come after Clinton departed State. A high-level Chinese military organization has for the first time formally acknowledged that the country’s military and its intelligence community have specialized units and hackers for waging war on computer networks.