
Russian Hackers Read Obama’s Unclassified Emails, Officials Say - tysone
http://www.nytimes.com/2015/04/26/us/russian-hackers-read-obamas-unclassified-emails-officials-say.html
======
kkl
I am under the impression that attribution is a very difficult and often
impossible process. If that is true, what is the point of including "Russian"
in this headline? I would guess the most probable response would be something
involving "fulfilling a narrative." Even if that is true, what makes "Russian"
hackers more exciting then just "Hackers?"

I am not trying to pose some profound question. I am genuinely confused by
this.

~~~
PhantomGremlin
> what makes "Russian" hackers more exciting then just "Hackers?"

It's all about what ultimately happens to the information harvested. If it's
some kids in mom's basement doing it for lulz, that's not very concerning.

But, presumably, Russian hackers, even if not actual Russian government
employees, would pass on useful information to their government. Even if non-
classified, that could be very damaging to national security.

From the article, the attacks were relatively sophisticated. Which makes it
more likely that "state actors" were involved. The article also claims that
the two most common state actors are Chinese and Russian, and the fingerprints
of this operation pointed more to Russia than China.

YMMV. As you say, "attribution is a very difficult and often impossible
process".

~~~
bear_hug_bro
In the US (and a few other places in the world), the NSA has capabitilites
that private hackers don't, because they get to place their equipment on the
backbone. The Russian version of the NSA has no special access in the US, so
what Russian government hackers can do, any private hacker can do. Any private
hacker can damage national security just as much (or more) by selling the data
to the highest bidder(s) or releasing it publicly.

Because of this, there is no difference for national security whether Russian
government hackers did it, or anyone else. The only piece of useful info is
that the systems were hacked and how they were hacked. The attribution is just
for show (and as always in these cases, not very reliable either).

------
yzmtf2008
Just quoting some of the comments on NYTimes:

> Am I the ONLY one who has a hard time believing that these hackers ONLY got
> "unclassified" stuff? Riiiiiiiiight. They just don't want us to know how
> deeply in these folks got. Why would they just get "unclassified" stuff?

> Only unclassified emails. Right.

Do people even read articles these days?

~~~
austenallred
>Do people even read articles these days?

I know what you said is a little bit tongue-in-cheek, but as someone running a
news startup there are two types of news consumers:

1\. People looking to understand what's happening 2\. People looking for
ammunition to reinforce their already-unstoppable notion as to how the world
works.

------
derefr
Sounds perfectly alright to me. Remember that there are levels of
classification. Unclassified (the lowest level) could be running through Gmail
in plain text for all anyone at the White House cares. Anything of even
_minute_ importance will get a classification status.

(Also, Re: the NSA—they do the government's _COMSEC_ , securing the classified
data. OPSEC, the risk/reward policies regarding what data should be classified
and so on, is a more distributed policy-making task, though they might have a
hand in it. Requirements on a document's classification levels given its
content are set by top-down Executive Orders.)

~~~
vinhboy
In today's political climate, it doesn't really have to be "classified" for it
to damaging. All they need is an email of the president making some sort of
offbeat joke about conservatives or something, and that would be a major
crisis for him once the media gets their hand on it.

It's stupid, but that's just how it is.

~~~
dmix
Thats inescapable today, especially for public figures, so everyone must be
very very careful what they email on semi-private channels. Especially to 3rd
parties they don't 100% trust.

The president is no doubt instructed on the level of security he should expect
from non-secure channels. I would hardly feel bad for politicians vs maybe
some young teenager in highschool who doesn't yet know any better.

------
justcommenting
In terms of root causes, this incident should cast a spotlight on NSA/IC
strategy and the balance between "Information Assurance" goals and SIGINT
goals: is the NSA going to deliberately leave everyone vulnerable (including,
apparently, POTUS) to enable offensive operations of questionable value, or
should NSA and its partners re-emphasize their IA mission and work toward
securing the systems _everyone_ uses? I can only hope Obama is leaning toward
the latter after being personally affected.

------
dataker
I hope legislators, if anything, become more careful with foreign
intelligence, not innocent citizens.

This unfortunate announcement is one of those things lawmakers love to use to
justify exploitative and unethical policies.

Let's hope that's not the case

------
OliverJones
The NYT article doesn't have many tech details. It would be interesting to
know whether it was ineptly configured and managed. Was this a dusty old
server in the cellar running unpatched Windows 2008 and an old version of
Exchange, or was it a hardened and well-managed system?

Somebody on Computerworld said that the State Dept was spearphished, and that
POTUS's system was breached from there.

------
cxseven
If only the government could create a honeypot network full of simulated
traffic and meticulously faked communications designed to mislead the would-be
snoopers... Then this article could be another step in the ruse.

That would probably too much money and effort, though.

------
CamperBob2
Hello, National Security Agency: Preventing this sort of thing is _your_ job.
Once you're done snarfing up _my_ personal data, perhaps you could attend to
it.

~~~
mikecb
These networks would be under the white house communications agency, a subset
of the defense information systems agency which is not affiliated with NSA.
Supposedly his blackberry is run through NSA (See, e.g., the fishbowl
project), and was not implicated in this breach.

~~~
dredmorbius
Point missed.

It's not that it's the President's email that's vulnerable. It's that _all_
people's email is vulnerable.

Some of those people are key to national security, many aren't. But they all
deserve privacy and protection.

And yes, one of NSA's mandates is to secure U.S. communications:

"The Information Assurance mission confronts the formidable challenge of
preventing foreign adversaries from gaining access to sensitive or classified
national security information. "

[https://www.nsa.gov/about/mission/index.shtml](https://www.nsa.gov/about/mission/index.shtml)

It's not just the President the NSA are failing.

~~~
mikecb
You read my comment wrong. It wasn't making a point, it was stating a fact
that there isn't just one agency responsible for network security in the
Federal Government.

Your point is the more important one. The danger here is not the breach, since
it was an unclassified system, but rather the universal surprise that it was
possible. That demonstrates a dangerous level of ignorance in our society.

~~~
dredmorbius
Fair enough, thanks.

------
vinhboy
I always wonder how these hackers know which IP range to attack. Is it just
like a hit and miss kinda thing? Or do they have insiders who leak those info
to them.

~~~
iancarroll
% dig mx whitehouse.gov

; <<>> DiG 9.8.3-P1 <<>> mx whitehouse.gov ;; global options: +cmd ;; Got
answer: ;; ->>HEADER<<\- opcode: QUERY, status: NOERROR, id: 26690 ;; flags:
qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ;whitehouse.gov. IN MX

;; ANSWER SECTION: whitehouse.gov. 9982 IN MX 110 mail6.eop.gov.
whitehouse.gov. 9982 IN MX 105 mail2.eop.gov. whitehouse.gov. 9982 IN MX 110
mail5.eop.gov. whitehouse.gov. 9982 IN MX 105 mail1.eop.gov. whitehouse.gov.
9982 IN MX 105 mail4.eop.gov. whitehouse.gov. 9982 IN MX 105 mail3.eop.gov.

------
mrjj
Woderful way to claim that russians did something very bad without any proof
provided.

------
logicallee
I'm sure he doesn't have anything to hide.

------
NN88
Its only going to get worse.

------
razbo
The world's hero Snowden is under russian protection, so take it easy...

