Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:51 PM
John H. Sawyer
John H. Sawyer

Security Lessons From Couple's White House Hijinks

Even the most stringent security procedures have failures. That fact was evident when the U.S. Secret Service learned a Virginia couple slipped into last week's state dinner at the White House.

Even the most stringent security procedures have failures. That fact was evident when the U.S. Secret Service learned a Virginia couple slipped into last week's state dinner at the White House.The couple was still subjected to all of the normal security screening procedures that guests go through, but they were not on the guest list; an investigation is under way to find out how they were admitted.

When I read the article about the incident, it was hard not to laugh a little. I know it's a very serious situation because they could have been there for malicious purposes, but this is a perfect example of the inevitable failures your security program will suffer no matter what steps you take. Here you have heads of state attending a dinner where physical security is of the utmost importance, and two uninvited individuals make it in without being on the guest list. Incredible!

The Secret Service had multiple layers of defense in place that made sure that even if someone got through, they wouldn't be carrying weapons; however, that doesn't mean the threat was neutralized. The same goes for network security. Just because a laptop has antivirus software and the latest software updates, it can still be a threat to your network as soon as it is plugged in.

A more analogous scenario (had the couple possessed insidious intent) is a malicious insider who brings in a laptop, passes a network access control (NAC) endpoint inspection, and then uses it to access sensitive information. Sure, the device underwent security screening, but that doesn't mean the attacker couldn't use native tools to get to his target.

In the network, this could be through network file shares or a Web browser accessing intranet sites. In the White House example, the tools (or weapons) could have been steak knives from the dinner table.

The other security-related point I wanted to cover is the use of social engineering to gain access. The couple's attack wasn't elaborate. They showed up wearing the proper attire, they knew where to go, and they acted like they belonged. It's no different than a penetration tester dressing up in a delivery person's or alarm technician's uniform to make his way into the target's offices.

While it could prove to be a costly stunt should the White House decide to pursue trespassing charges, the couple helped show a weakness existed that didn't require much effort to exploit besides the clothes and cost of transportation to the event. Just like with pen testing, the White House now has the opportunity to fix a vulnerability that has been documented through (unauthorized) testing.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS Build 20210202 and later Q...
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...