Blog Archive

Tuesday, December 21, 2010

Brad Johnson: WikiLeaks: Hackers Tried To Infiltrate U.S. Climate Negotiators

WikiLeaks: Hackers Tried To Infiltrate U.S. Climate Negotiators

by Brad Johnson, Wonk Room, Think Progress, December 20, 2010

A diplomatic cable published by WikiLeaks reveals that hackers launched a sophisticated attack against United States climate negotiators about the same time the Climategate hacking of scientists happened last year. The attack, a “spear phishing” attempt to gain control of Department of State (DoS) computers, took place in the months before the Copenhagen climate talks of December 2009. The June 19, 2009, cable warned that these kinds of “socially engineered” attacks, trying to trick people into running malicious software, were likely to be repeated:
DoS personnel have been targeted with socially engineered climate change-related e-mail. It is probable that receipt of climate change-themed socially engineered messages will persist as negotiations continue.
Five officials within the State Department’s Special Envoy for Climate Change Todd Stern’s office received an email about “China and Climate Change” designed to look like it came from a National Journal columnist, with a PDF attachment that harbored malicious code. If the attack had been successful, the hackers could have gotten “nearly complete control” over the computer systems. However, State’s Cyber Threat Analysis Division detected the attack and the users’ software was kept up to date, preventing harm:
CTAD’s Technical Analysis/Special Operations monitoring detected a malicious e-mail massage targeting five DoS individuals employed within the Division of Ocean Affairs, Office of the Special Envoy for Climate Change. The socially engineered message had the subject line “China and Climate Change” and was spoofed to appear as if it were from a legitimate international economics columnist at the National Journal. In addition, the body of the e-mail contained comments designed to appeal to the recipients as it was specifically aligned with their job function, and a signature block with contact information for the spoofed sender was present. Attached to the message was a PDF file, also titled “China and Climate Change,” which harbored malicious code designed to exploit the Adobe Collab getIcon(), JavaScript vulnerability (CVE-2009-0927). This vulnerability, if executed successfully, would have allowed malicious actors to remotely execute arbitrary code on a victim computer. The PDF document also contained the Poison Ivy Remote Administration Tool — a malicious software program that provides a remote user with nearly complete control over a comprised system. However, since the DoS users targeted in this intrusion attempt were operating with currently patched versions of Adobe software, there was neither compromise nor data lost as a result of this incident (for technical information about the incident, see CTAD Report TR-09-034).
China and the U.S. had just ended three days of negotiations in Beijing in early June. The cable gave no indication of who initiated the attack:
Though the incident has not been attributed to any known hostile actor, the event appears to be a targeted spear-phishing attempt and may be indicative of efforts to gather intelligence on the U.S.’s position on climate change issues.
Five months later, hackers uploaded an archive of thousands of emails stolen from England’s University of East Anglia’s servers of correspondence between climate scientists, as part of a campaign to derail the Copenhagen climate talks and cripple political action on global warming in the United States. Hackers and burglars also targeted climate scientists [Dr. Andrew Weaver, among others] at the University of Victoria in Canada. No one has yet been charged in these crimes.

No comments: