According to The Washington Free Beacon, the attack occurred in the same area where the nuclear football is stored. The nuclear football is a briefcase containing what is needed for the President to authorize a nuclear attack. The Free Beacon also stated the attack came from "Chinese military cyber warfare specialists under the direction of a unit called the 4th Department of General Staff of the People's Liberation Army."
The incident is not something that should concern IT professionals in midsize companies. This form of attack is a regular sighting in any midsize business. The attackers did not hack into any server or access computers via a USB device. Very simply, an email was sent to an employee and the employee opened it. This is how all of these phishing attacks work. However, it may be a reminder to IT managers to reeducate employees about the risks of opening emails when they are not sure who the sender is.
Anup Ghosh, CEO of Invincea, said "The White House, every Fortune 1,000 and Global 2,000 organization--medium-sized business, small business, consumers--ALL are at risk from spear phishing attacks."
The Chinese connection is not verified. It is known that the attack came from servers based in China. It does not mean that the Chinese were the attackers. The hackers who have been attacking U.S. banks in the past couple of months are routing their attacks through servers in Brazil, but it is well known that Brazil is not responsible. It is uncommon for hackers to bounce off servers near the area where they are located.
Some of the more security-conscious IT professionals may want to look into virtualization. Keeping employees in a virtual bubble as they perform their daily duties can safeguard the rest of the network. That way if an attack like this occurs, then it only affects the virtual environment and not the user's system.
Midsize Insider: Chinese Use Spear Phishing Attack to Infiltrate White House
