As China’s Communist cadres eagerly await the next season of House of Cards — a US political drama that paints a dark and corrupt picture of American politics — it looks like they’re entertaining themselves by reading the private emails of top officials in Barack Obama’s administration.
Citing a 2014 National Security Agency briefing that codenamed the attack on email providers “Dancing Panda” and then “Legion Amethyst”, NBC News revealed Monday that an intrusion into the emails was discovered in April 2010 and cited a senior intelligence officer as saying it is still happening.
To China, I say: “Knock yourselves out.”
If Secretary of State John Kerry’s personal Gmail inbox looks like mine, they’ll get an eyeful of nothing: newsletters I never read, offers from Amazon, paperless bill reminders, appeals for alumni donations and promotions from frequent flyer/hotel rewards programs I don’t even remember joining.
Sure, there might be an occasional shopping list from my wife and sporadic notes from my college-aged kids to say hi (and ask for money).
But the other 27,000 emails, conveniently located inside my spam folder, are not much more than annoying offers for fake Viagra, computer virus protection, diet pills, bogus investment advice, phony diplomas, bootleg printer cartridges and passes to “thousands of XXX sites”.
I also assume there are malicious phishing emails in that mess.
It’s unclear how many officials were successfully targeted by the ongoing intrusions and how senior those officials were, but according to the intelligence officer, “many” top officials were successfully compromised.
The names and ranks of the officials whose emails were grabbed were not disclosed in the NSA briefing.
While details of the hack were not published, a typical phishing email baits a recipient into clicking an infected link in a seemingly innocuous email.
From there, a hacker can acquire the employee’s username, passwords and other sensitive information — which can lead a hacker into the larger system.
The Chinese also harvested the email address books of targeted officials, the top secret NSA document said, reconstructing and then “exploiting the[ir] social networks” by sending malware to their friends and colleagues, NBC reported.
How can US officials be so easily duped by Chinese hackers?
You’d think they’d be more cybersavvy, but then, they’re just elected officials and government employees.
Even if an individual has been trained by his or her agency to identify and avoid phishing scams, one cybersecurity course will not be enough to make that person change his or her behavior in the long run, especially if it’s personal email and the person’s guard is down, cybersecurity expert Joe Loomis of Cybersponse told Business Insider.
“Statistically, if employees are not retrained to avoid phishing scams within 90 days, they start to click [on the malicious links] again,” Loomis said, citing data provided by the cybersecurity company Phishbite.
Unlike similar efforts against the State Department or the Office of Personnel Management, this attack didn’t target official IT infrastructure but focused on personally maintained accounts on Gmail or other services.
A Gizmodo op-ed notes that this has got to be bad for presidential candidate Hillary Clinton, whose use of personal email address as secretary of state is now being investigated by the FBI.
NBC hasn’t confirmed that Clinton is among the hacked officials, but if she is, she’ll be in a distinctly vulnerable position, said the piece.
Clinton rigged up a home-brewed email system and used it to conduct official business while she was in office, which means the contents of her emails likely contain more officially compromising information.
Meanwhile, the NSA, evidently, can’t do anything to stop China from reading compromised email accounts belonging to US officials.
– Contact us at [email protected]