CNAS used as patsy in e-mail phishing attacks
The Center for a New American Security (CNAS) was entangled in a computer hacking scam that targeted international affairs experts and showed evidence of originating from China. "On August 2, 2011 a small number of people received a phishing email referencing a recent CNAS report. The email came from an AOL email account that has no ...
The Center for a New American Security (CNAS) was entangled in a computer hacking scam that targeted international affairs experts and showed evidence of originating from China.
The Center for a New American Security (CNAS) was entangled in a computer hacking scam that targeted international affairs experts and showed evidence of originating from China.
"On August 2, 2011 a small number of people received a phishing email referencing a recent CNAS report. The email came from an AOL email account that has no association with any CNAS network," CNAS external relations director Shannon O’Reilly said in an e-mail Friday afternoon. "We wish to assure users that the phishing email did not come from CNAS nor would CNAS ever ask for password information."
CNAS is a Washington think tank founded by Assistant Secretary of State for East Asia Kurt Campbell and Undersecretary of Defense for Policy Michele Flournoy. After Campbell and Flournoy entered the Obama administration, they handed over the reins to current CEO Nate Fick and President John Nagl.
The e-mail was sent to people "associated with political and international affairs," according to Mila Parkour, an Internet security expert who analyzed the hacking attempt on the blog Contagio. The e-mail asked the target to log into Gmail via an embedded link. If the target did so, their passwords were stored and their Gmail accounts began to be monitored from an unknown location.
The style of the attack is called "phishing," an attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity.
Government officials and international experts have been the targets of phishing attacks for years and the threat comes from many countries, but Defense Department officials have admitted that the great majority of cyber espionage attempts against the U.S. government come from China. Some officials believe these attacks are carried out with either the explicit or implicit permission of the Chinese government.
There’s no way to be sure, but Paul Roberts at the Threat Post blog reported that there are some similarities between the CNAS-related attack and other Chinese cyber espionage attempts.
"Attackers accessed the account using TOR (The Onion Router), so it’s unclear where they accessed the account from," he said. "However, other aspects of the spear phishing attack bear the telltale signatures of a China-based operation, including the source IP of the phishing e-mail, which traces back to Taiwan, and the attackers use of Foxmail to create and send the phishing e-mail — a common trait of China-based spear phishing attacks."
Last January, several U.S. government officials received an e-mail from "dorsetttr1@state.gov," which turned out to be a fake State Department e-mail address. That email was crafted to look like an interagency communication over a U.S.-China joint statement ahead of Chinese President Hu Jintao‘s visit to Washington.
"This is the latest version of State’s joint statement. My understanding is that State put in placeholder econ language and am happy to have us fill in but in a rush to get a cleared version from the WH they sent the attached to Mike," the fake e-mail said.
If the recipient clicked on "the attached," his system would be compromised. One U.S. official told us that a similar gambit was attempted during the Shangri-La Dialogue in Singapore last June.
The latest attack had the subject line, "CNAS Report Calls Declining Satellite Capabilities National Security Concern." That refers to a recent CNAS report that is actually quite interesting and can be found here.
Meanwhile, think tankers and officials around Washington are surely changing their Gmail passwords today and CNAS is warning that this won’t be the last fishy phishing e-mail to hit the Washington foreign policy community.
"This incident is illustrative of a growing trend in which users are contacted by what appears to be trusted individuals or institutions in order to acquire sensitive information," O’Reilly said.
Josh Rogin covers national security and foreign policy and writes the daily Web column The Cable. His column appears bi-weekly in the print edition of The Washington Post. He can be reached for comments or tips at josh.rogin@foreignpolicy.com.
Previously, Josh covered defense and foreign policy as a staff writer for Congressional Quarterly, writing extensively on Iraq, Afghanistan, Guantánamo Bay, U.S.-Asia relations, defense budgeting and appropriations, and the defense lobbying and contracting industries. Prior to that, he covered military modernization, cyber warfare, space, and missile defense for Federal Computer Week Magazine. He has also served as Pentagon Staff Reporter for the Asahi Shimbun, Japan's leading daily newspaper, in its Washington, D.C., bureau, where he reported on U.S.-Japan relations, Chinese military modernization, the North Korean nuclear crisis, and more.
A graduate of George Washington University's Elliott School of International Affairs, Josh lived in Yokohama, Japan, and studied at Tokyo's Sophia University. He speaks conversational Japanese and has reported from the region. He has also worked at the House International Relations Committee, the Embassy of Japan, and the Brookings Institution.
Josh's reporting has been featured on CNN, MSNBC, C-Span, CBS, ABC, NPR, WTOP, and several other outlets. He was a 2008-2009 National Press Foundation's Paul Miller Washington Reporting Fellow, 2009 military reporting fellow with the Knight Center for Specialized Journalism and the 2011 recipient of the InterAction Award for Excellence in International Reporting. He hails from Philadelphia and lives in Washington, D.C. Twitter: @joshrogin
More from Foreign Policy
Can Russia Get Used to Being China’s Little Brother?
The power dynamic between Beijing and Moscow has switched dramatically.
Xi and Putin Have the Most Consequential Undeclared Alliance in the World
It’s become more important than Washington’s official alliances today.
It’s a New Great Game. Again.
Across Central Asia, Russia’s brand is tainted by Ukraine, China’s got challenges, and Washington senses another opening.
Iraqi Kurdistan’s House of Cards Is Collapsing
The region once seemed a bright spot in the disorder unleashed by U.S. regime change. Today, things look bleak.
Sign up for World Brief
FP’s flagship evening newsletter guiding you through the most important world stories of the day. Delivered weekdays.
By submitting your email, you agree to the Privacy Policy and Terms of Use and to receive email correspondence from us. You may opt out at any time.
