Some of President Obama's email correspondence was swept up by Russian hackers last year in a breach of the White House's unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation.
The hackers, who also got deeply into the State Department's unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama's BlackBerry, which he or an aide carries constantly.
But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr. Obama regularly communicated. From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation.
Read more from The New York Times:
Pentagon announces new strategy for cyberwarfare
House Passes Cybersecurity Bill After Companies Fall Victim to Data Breaches
Obama expands options for retaliating against foreign hackers
White House officials said that no classified networks had been compromised, and that the hackers had collected no classified information. Many senior officials have two computers in their offices, one operating on a highly secure classified network and another connected to the outside world for unclassified communications.
But officials have conceded that the unclassified system routinely contains much information that is considered highly sensitive: schedules, email exchanges with ambassadors and diplomats, discussions of pending personnel moves and legislation, and, inevitably, some debate about policy.
Officials did not disclose the number of Mr. Obama's emails that were harvested by hackers, nor the sensitivity of their content. The president's email account itself does not appear to have been hacked. Aides say that most of Mr. Obama's classified briefings — such as the morning Presidential Daily Brief — are delivered orally or on paper (sometimes supplemented by an iPad system connected to classified networks) and that they are usually confined to the Oval Office or the Situation Room.
Still, the fact that Mr. Obama's communications were among those hit by the hackers — who are presumed to be linked to the Russian government, if not working for it — has been one of the most closely held findings of the inquiry. Senior White House officials have known for months about the depth of the intrusion.
"This has been one of the most sophisticated actors we've seen," said one senior American official briefed on the investigation.
Others confirmed that the White House intrusion was viewed as so serious that officials met on a nearly daily basis for several weeks after it was discovered. "It's the Russian angle to this that's particularly worrisome," another senior official said.
While Chinese hacking groups are known for sweeping up vast amounts of commercial and design information, the best Russian hackers tend to hide their tracks better and focus on specific, often political targets. And the hacking happened at a moment of renewed tension with Russia — over its annexation of Crimea, the presence of its forces in Ukraine and its renewed military patrols in Europe, reminiscent of the Cold War.
Inside the White House, the intrusion has raised a new debate about whether it is possible to protect a president's electronic presence, especially when it reaches out from behind the presumably secure firewalls of the executive branch.
Mr. Obama is no stranger to computer-network attacks: His 2008 campaign was hit by Chinese hackers. Nonetheless, he has long been a frequent user of email, and publicly fought the Secret Service in 2009 to retain his BlackBerry, a topic he has joked about in public. He was issued a special smartphone, and the list of those he can exchange emails with is highly restricted.
When asked about the investigation's findings, the spokeswoman for the National Security Council, Bernadette Meehan, said, "We'll decline to comment." The White House has also declined to provide any explanations about how the breach was handled, though the State Department has been more candid about what kind of systems were hit and what it has done since to improve security. A spokesman for the F.B.I. declined to comment.
Officials who discussed the investigation spoke on the condition of anonymity because of the delicate nature of the hacking. While the White House has refused to identify the nationality of the hackers, others familiar with the investigation said that in both the White House and State Department cases, all signs pointed to Russians.
On Thursday, Secretary of Defense Ashton B. Carter revealed for the first time that Russian hackers had attacked the Pentagon's unclassified systems, but said they had been identified and "kicked off." Defense Department officials declined to say if the signatures of the attacks on the Pentagon appeared related to the White House and State Department attacks.
The discovery of the hacking in October led to a partial shutdown of the White House email system. The hackers appear to have been evicted from the White House systems by the end of October. But they continued to plague the State Department, whose system is much more far-flung. The disruptions were so severe that during the Iranian nuclear negotiations in Vienna in November, officials needed to distribute personal email accounts, to one another and to some reporters, to maintain contact.
Earlier this month, officials at the White House said that the hacking had not damaged its systems and that, while elements had been shut down to mitigate the effects of the attack, everything had been restored.
One of the curiosities of the White House and State Department attacks is that the administration, which recently has been looking to name and punish state and nonstate hackers in an effort to deter attacks, has refused to reveal its conclusions about who was responsible for this complex and artful intrusion into the government. That is in sharp contrast to Mr. Obama's decision, after considerable internal debate in December, to name North Korea for ordering the attack on Sony Pictures Entertainment, and to the director of national intelligence's decision to name Iranian hackers as the source of a destructive attack on the Sands Casino.
This month, after CNN reported that hackers had gained access to sensitive areas of the White House computer network, including sections that contained the president's schedule, the White House spokesman, Josh Earnest, said the administration had not publicly named who was behind the hack because federal investigators had concluded that "it's not in our best interests."
By contrast, in the North Korea case, he said, investigators concluded that "we're more likely to be successful in terms of holding them accountable by naming them publicly."
But the breach of the president's emails appeared to be a major factor in the government secrecy. "All of this is very tightly held," one senior American official said, adding that the content of what had been breached was being kept secret to avoid tipping off the Russians about what had been learned from the investigation.
Mr. Obama's friends and associates say that he is a committed user of his BlackBerry, but that he is careful when emailing outside the White House system.
"The frequency has dropped off in the last six months or so," one of his close associates said, though this person added that he did not know if the drop was related to the hacking.
Mr. Obama is known to send emails to aides late at night from his residence, providing them with his feedback on speeches or, at times, entirely new drafts. Others say he has emailed on topics as diverse as his golf game and the struggle with Congress over the Iranian nuclear negotiations.
George W. Bush gave up emailing for the course of his presidency and did not carry a smartphone. But after Mr. Bush left office, his sister's email account was hacked, and several photos — including some of his paintings — were made public.
The White House is bombarded with cyberattacks daily, not only from Russia and China. Most are easily deflected.
The White House, the State Department, the Pentagon and intelligence agencies put their most classified material into a system called Jwics, for Joint Worldwide Intelligence Communications System. That is where top-secret and "secret compartmentalized information" traverses within the government, to officials cleared for it — and it includes imagery, data and graphics. There is no evidence, senior officials said, that this hacking pierced it.
But as data has gone mobile, the challenge has been to balance the desire for speed and connectivity with security. The State Department, for example, has 285 posts around the world, with tens of thousands of people who need access to data — and often connections to more heavily protected databases.
Officials say that while the State Department's email system was compromised, the databases were not. The attackers on the State Department did not attempt to slow the system down, or to destroy computer systems — which is what happened to Sony. Instead, the goal was exfiltration of data. The same appears to be the case at the White House.
The "Internet protocol" addresses that the attacks appeared to come from were false, designed to mislead investigators. And the code was new and extremely sophisticated, clearly designed to evade even advanced security systems.