How to Spear Phish the White House – Imperva Data Security Blog

Another notable security incident. Last week we had the large scale DDoS attacks on the banking industry and below is a report detailing a  spear phishing attack on the White House. Complete the short form below and we’ll send you a copy of the whitepaper – DDoS: A Guide to Trends, Techniques and Technologies. This comprehensive report catalogs the latest trends, techniques and technologies deployed by hackers and gives security professionals specific steps to mitigate the threat.

Apparently there has been a cyber attack on the White House’s network.  The reported attack vector?  Spear phishing.  At least it appears that no data theft took place, yet.

This incident reminds us how easy it is as an organization, even as secure and well funded like the White House, to get infected since antivirus is so porous.  Lucky for the White House, their team of security specialists were able to find the compromised entity, but it is not trivial and usually happens very late, if ever.

While “phishing” is a technique which by hackers mimic sites such as IRS , or your Bank etc, in order to lure you to submit your credentials.  “spear phishing” is the targeted technique of identifying an individual in an organization that the hacker wishes to compromise,and uses different techniques in order to lure that individual to activate malware on his/her computer. Effectively, creating the compromised insider.

As you can see below, finding an individual to target is fairly easy in today’s social networking world. All a hacker has to do is look for “White House” as the current position and select which is pertinent:


There are several known as infection methods, the three most common include:

  • Email attachment of either executable in an EXE form ( less common now ) or a PDF with malicious code in it
  • Link distribution of an infected site, that once you go into you get infected. Can come via email or any form.
  • A gift. Something as simple as a USB given at a convention that contains malware

We would encourage you to read our “The Quantum Mechanics of Spear Phishing” blog to get yourself more familiarized with how it works.

As we said before, here is what you can do to protect yourself as a company or an individual :

  1. Assume you’ve been compromised.  For more, read this.
  2. Treat Social Network messages like you do with your Emails. Check who is it from and understand context before you choose to reply.
  3. Make sure that in your social networks profiles, you are not sharing your contact information, unless you explicitly approve them.
  4. As an organization, have the tools to protect your employees from such scams, and a policy in place.
  5. Education:  train employees and raise the levels of awareness.

(NOTE:  An old Sunday School teacher taught, “repetition is the art of learning.”  Let’s hope that applies for spear phishing).

How to Spear Phish the White House – Imperva Data Security Blog.


  1. Great post thanks for sharing.How to Spear Phish the White House – Imperva Data Security Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: