Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/7/2008
11:13 AM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Chinese Hackers Repeatedly Hack White House Network

The Financial Times is reporting that Chinese hackers have repeatedly nabbed e-mails between government officials.

The Financial Times is reporting that Chinese hackers have repeatedly nabbed e-mails between government officials.Earlier this year, Chinese officials rebuked claims that any attacks aimed at federal systems were launched by government-backed Chinese hackers. However, an unnamed U.S. government official has this to say to the Financial Times:

"We are getting very targeted Chinese attacks so it stretches credulity that these are not directed by government-related organisations," said the official.

The National Cyber Investigative Joint Task Force, a unit established in 2007 to tackle security, detected the attacks. The official stressed the hackers had accessed only the unclassified computer network, and not the more secure classified network.

"For a short period of time, they successfully breach a wall, and then you rebuild the wall . . . it is not as if they have continued access," said the official. "It is constant cat and mouse on this stuff."

Government, and corporate-sponsored, hackers are a growing concern. What makes them potentially more dangerous is that governments and corporations have deep pockets, can hire teams of specialists, and can afford to keep knocking away at a network, dumpster dive for documents, social engineer, maybe even work an employee or contractor to hand over data -- eventually they'll get in.

Last week, a U.K. IT security defense leader warned that U.K. interests were under steady attack. While last month, a Government Accountability Office's report found the federal government's IT security to be wanting.

When you have a motivated attacker targeting a disjointed, unfocused defender, it doesn't take a genius to deduce the outcome.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.