at an unknown number of White House staff officials and set off the FBI
inquiry that began this week, according to several administration officials.
It is unclear how many White House staff members - or those of other
departments in the executive branch - might have been targeted, according to
two officials with knowledge of the investigation. But the intended victims
ranged across different functions in the White House, and were not limited
to those working on national security, economic policy or trade areas that
would be of particular interest to the Chinese government.
Administration officials said they had no evidence any confidential
information was breached, or even that many people fell for the attack by
providing information that would allow a breach of their Gmail accounts.
White House classified systems run on dedicated lines and information on
those systems, the officials said, cannot be forwarded to Gmail accounts.
But investigators are trying to determine if the attackers believed that
some staff members or other officials used their personal email accounts for
sensitive government communications.
"Right now," said one senior official, "that's a theory, not a fact."
Google disclosed the attack this week and said it targeted not only U.S.
government officials, but also human right activists, journalists and South
Korea's government. Google tracked the attack to Jinin, China, which is the
home to a Chinese military school.
But that does not necessarily mean the attackers were Chinese or related to
the government. The Chinese government denied any involvement.
The attack used emails that appeared to be tailored to their targets to
better fool their victims, a technique known as spear phishing. Recipients
were asked to click on a link to a phony Gmail login page that gave the
hackers access to their personal accounts.
The attacks come as the U.S. government considers expanding its use of
Web-based software for email, along with word processing, spreadsheets and
other kinds of documents. Google is one of the many companies vying for the
business with its Apps product, as is Microsoft . Web based email would be
vulnerable to hackers who steal login information through phishing attacks.
But Web-based systems are not necessarily any easier to hack than
traditional email, which a government agency would usually manage using its
own servers, said Larry Ponemon, chairman of the Ponemon Institute, a
computer security company in Traverse City, Mich.
Jay Carney, the White House press secretary, said Thursday that all White
House-related electronic mail was supposed to be conducted on work email
accounts to comply with the Presidential Records Act, which governs how
those communications are protected and archived. Carney said there was no
evidence that any White House accounts were compromised.
White House employees are permitted to have private email accounts, he said,
but cannot use them for work purposes.
Officials at the White House and other agencies often keep two computers in
their offices, one for unclassified work and another for classified. Very
senior officials sometimes have a "secure facility" in their homes, in which
computers and telephones are on dedicated lines and communications are
encrypted.
Given its size, Google and its Gmail system will always make an attractive
target.
Other personal email services, including Yahoo and Microsoft's Hotmail, have
faced similar attacks, according to Trend Micro , a computer security
company in Cupertino, Calif. "The types of attacks that are happening
against Web mail users aren't confined to Gmail alone and extend to other
email platforms," said Nart Villeneuve, a senior threat researcher for Trend
Micro.
0 件のコメント:
コメントを投稿