The White House in the US has been under constant threat of physical and cyber adversaries. Although stringent security measures are followed and everything that goes in or out is under surveillance, there can always be exceptions and mistakes, which may be disastrous. We already know of various email scams of hackers impersonating White House officials and stealing personal sensitive information and data from unsuspecting email users. However, your own web hosting account, if left unsecured can become a tool in the hands of various anti-social elements, to create havoc. This article tries to highlight how your web hosting account may become a tool for causing chaos in the White House or any government organization and why it is important to secure your website and account.
A botnet basically means a network of robots or computers. Hacked websites or hacked email accounts are often used to participate in a botnet, which launches a DDoS or simultaneous attack on the target. As the hackers compromise your website or email account, they join it to be used as a tool, with other similarly hacked victims on the internet. All these victims are used to pound at the services and resources of these important targets like the White House. No matter how strong the security measures of these large installations may be, they do have a breaking point and will succumb to these attacks at some point of time.
Your compromised email address could also be used to scam White House officialls and extract sensitive information from employees. Just the way previously, hackers impersonated White House staff and scammed people, the same way they may scam real White House staff and get critical information stolen or leaked into the public domain. If you are already associated or doing any transactions with the White House, like a contractor or official or ex-official, your email address is exceptionally important and poses a high security risk. If you are impersonated, there maybe leak of confidential information into the wrong hands.
Just the way you get fooled by bank phishing websites and credit card phishing scams, the same way your hacked website could also be used to host a phishing page to collect information from White House staff by fooling them into believing that they are logging on to the White House website or internal network.
If you thought that these are hypothetical situations and they will never materialize – think again. These things have already been successfully done. Last year, CNN reported that “Russian hackers were able to break into the White House system through their foothold within networks at the State Department. The intrusion began when hackers sent what is known as a “phishing” email from a State Department account, infecting a White House computer with malware, the investigators said. The State Department has been battling its own highly sophisticated cyber intrusion for months, though exactly which portions of its network remain breached is unclear. Private security experts had suspected there was a link between the State Department and White House break-ins.”
Prior to this, in 2011, Lockheed Martin, one of the US’s military suppliers was also hit by a massive cyber attack, which was thwarted when Lockheed Martin discovered an intruder in its network using legitimate credentials. The legitimate credentials were probably stolen or phished. As it is famously said, “the chain is as strong as it’s weakest link…”