U.S. government networks are consistently probed for vulnerabilities by hackers and foreign intelligence agencies. The difficulty of attribution combined with the ease of access and decreased physical risk makes cyber espionage a favorite tool of more advanced intelligence services.
Foreign governments seek information for U.S.-based networks for a variety of reasons, including intelligence gathering and economic espionage, enabling domestic industries to copy U.S. products. This pursuit of intellectual property alongside intelligence information on U.S. government intentions and capabilities significantly undermines U.S. interests on the world stage.
The federal government is not the only target of cyber espionage. Government contractors are a prime target for foreign intelligence services. Earlier this year, The New New Internet reported government contractors were recently victims of an inventive cyber attack.
In this instance, an email invitation to an event was sent out to a variety of government contractors. The email contained a PDF file that appeared to come from the Department of Defense. The document discussed an invitation to an actual event that will take place in March in Las Vegas.
Researcher Mikko Hypponen, of F-Secure, wrote, “While the Aurora attacks against Google and others happened in December 2009, this happened just last week.”
The attack exploits a vulnerability in Adobe Acrobat Reader which was recently patched by Adobe. The exploit was a backdoor, which connected to an IP address in Taiwan.
“Anybody who controls that IP will gain access to the infected computer and the company network,” Hypponen wrote.
This is also not a one-off event. F-Secure, a security provider who found the exploit, also found a more recent one for a different conference, which targeted the Intelligence Community. The email with the corrupted attachment exploits the same vulnerability as the false DoD communication.
The dates of the conference align with a US European Command Intelligence Summit and Technology Expo that will be held in Germany. When compared, the agenda sent in the PDF file matches the actual agenda of the conference.
These attacks appear to be quite similar to those experienced by a number of Indian government agencies which took place in December. The attacks involved a corrupted PDF file that was designed to look like official correspondence. The Indian government claimed that the attacks came from China.
With each of these attacks, it is unclear how many organizations or individuals received the files or opened the attachments. These attacks point to the increasingly sophisticated nature of attacks using social engineering.
Skilled social engineering attacks are generally not defeated by technology, particularly software. Good anti-virus programs can pick up the threat once it has infected the computer. However, for the attack to work successfully, an individual sitting at a computer within an organization needs to open the email and download the attachment.
Proper education that provides consistent reinforcement with clear examples can help to defend a company with much less investment in IT infrastructure