Hackers suspected of working for the Russian government have breached the White House's unclassified computer networks—and in recent weeks. The incident demonstrates what one researcher calls the “Christmas Turkey Fallacy.”
Details are still thin, but according to sources, the attacks resulted in temporary disruptions to some services, did not damage any of the systems, and were quickly contained. “In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network,” said one White House official, speaking to the Washington Post. “We took immediate measures to evaluate and mitigate the activity…Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it.”
But therein lies a potential issue: many attacks are very often not destructive at all—modern malware is frequently designed to do as little as possible, so as to avoid detection. And herein lies the insidiousness of it all.
“Adversaries understand the value of good information—of maps, and the relationship of assets,” said Mike Lloyd, CTO at RedSeal, in an email. “Such information can be extracted with a minimum of fuss, unless the person being scanned is very diligent and observant. It seems in this instance the White House did well—they were paying enough attention to detect someone just trying to gather information without immediately doing any harm. Think of it, perhaps, as ‘casing the joint.’”
Chris Boyd, malware intelligence analyst at Malwarebytes Labs, said that the upcoming US midterm elections likely provided a convenient cover for cyber-criminals.
“When political tensions are often played out in public, it seems that highly specialized cyber-incursions have become a popular and lower profile offensive tactic,” he explained to Infosecurity. “Even though this particular breach doesn’t seem to have compromised any sensitive information, it is still a sign of how geopolitical tensions are expressed in the modern world.”
Lloyd noted that the White House should have assumed that it was being targeted, given its high profile—and that the inevitable will come sooner or later.
“The reconnaissance attack on the White House is a dramatic reminder of a general truth: whenever we look for any kind of attack, we find that yes, indeed, it is happening,” he explained. “Anyone assuming they are not under attack because nothing has gone wrong so far is suffering the ‘Christmas Turkey Fallacy’—all the days the turkey spends seem to be pretty good, except for that last one.”