A tech executive “exploited” his access to computer data at the White House to find “derogatory information” about President Donald Trump, a special counsel appointed during the Trump administration has said in a court filing.
According to a report on NBC News, the employee used his access to domain name system, or DNS, data to compile information about which computers and servers the White House servers were communicating with.
Industry thought leaders speak to Cyber magazine about the breach.
Joseph Carson, Chief Security Scientist at Delinea says: “The recent news that a tech executive abused their access freedom to identify which internet servers Trump’s White House computers had been communicating with is an extreme abuse of authorised access that raises the importance of insider risks.
"Governments must ensure appropriate security controls are in place to reduce the risks of insider threats, as well as ensure that employees understand that when access is abused, they will not be able to hide their tracks.
"A way of reducing insider risks is to ensure that employees are fully aware privileged access auditing is in place. This would act as a deterrent, so that employees will not even attempt to risk their career or legal actions.
"The critical importance of privileged access to such data such as DNS records should be protected, and all access should be audited so that non-repudiation is maintained. This is kind of ironic, as the government know very well that metadata is extremely powerful: having a map of which internet servers and websites are being accessed can reveal sensitive information about what could be discussed, what is being planned and top government priorities, even without knowing the content of the communication itself.”
Efficient iP comment
Ronan David, Chief of Strategy at EfficientIP says: "The announcement by the special counsel that a tech executive was using DNS data to compile information about which computers and servers were communicating with the White House servers, highlights an increasing problem we are seeing within organisations when it comes to DNS security.
"From its design, DNS is an open service, with virtually all internal network traffic travelling through it. The DNS is the phonebook of the enterprise network, translating the name of an application to an IP address, enabling a user to reach it. Therefore, the DNS is a goldmine of information for cybercriminals to learn about a certain network and application in order to develop their attacks.
"Threat actors know the critical role DNS can play in the cybersecurity kill chain, and it therefore becomes a priority target. For example, IDC’s survey in 2021 unveiled that 87% of organisations experienced one or more DNS attacks and more than 26% of them had sensitive information stolen.
"Unfortunately, this discovery by the special counsel could potentially lead to further attacks on the White House’s DNS. Once cyber criminals know an aspect of an organisation’s network is vulnerable, they are more likely to target it. Organisations must therefore be realistic and pragmatic if they want to properly protect users, data and applications. DNS security is a must-have in any modern arsenal of defence against cybersecurity threats.
"Organisations should deploy purpose-built DNS security systems. Standard solutions such as next-gen firewalls have been proven to not be sufficient enough to protect an organisation’s systems. The technology and solutions chosen by organisations need to enable application access control at the user level in order to reduce the attack surface and block the lateral movement of the malware.
"Real-time analytics of DNS traffic is another fundamental aspect of security in order to overcome the limitation of signature-based systems and offer behavioural threat detection. Organisations, including the White House, that fail to take the threat of DNS security seriously will see it become the route of all their cybersecurity problems.”