Pin it on the Chinese -- why not?
Chinese Hackers Suspected in Cyber Attack on Council on Foreign Relations
Advanced cyberespionage attack employed ‘drive-by’ method on CFR website
BY: Bill Gertz
December 27, 2012 10:11 pm
Computer hackers traced to China carried out an advanced cyberespionage attack against one of America’s most elite foreign policy web groups – the website of the Council on Foreign Relations (CFR).
According to private computer-security forensic specialists, the hacking incident involved a relatively new type of ploy called a “drive-by” website cyber attack that was detected around 2:00 p.m. on Wednesday.
The specialists, who spoke on condition of anonymity, said the attack involved penetrating the computer server that operates the New York City- based CFR’s website and then using the pirated computer system to attack CFR members and others who visited or “drove by” the site.
The activity ended on Thursday and the specialists believe the attackers
either removed their malicious software to prevent further details of the
attack from being discovered, or CFR was able to isolate the software and
remove it.The FBI was notified of the attack and is said to be investigating.
FBI spokeswoman Jennifer Shearer declined to comment when asked about the
attack. But she told the Washington Free Beacon: “The FBI routinely receives
information about threats and takes appropriate steps to investigate those
threats.” However, David Mikhail, a Council on Foreign Relations spokesman,
confirmed the attack. “The Council on Foreign Relations’ website security
team is aware of the issue and is currently investigating the situation,”
Mikhail said in an email. “We are also working to mitigate the possibility
for future events of this sort.” He provided no details.
According to the computer security specialists, the cyber espionage attack
represents a new level of sophistication by foreign hackers seeking government
and other secrets by computer.
The method used in a “drive-by” attack requires hackers to covertly plant
malicious software in the CFR computer system. Then, they used the software
and the web site to attack visitors to the site by infecting their computers
in a hunt for secrets and other valuable information. One of the specialists
said the attack also involved using the CFR site for what is called a
“watering hole” attack, when people who visit the website are infected.
One of the victims who visited the CFR’s website, cfr.org, discovered the
attack and alerted computer security specialists on Wednesday. In response,
a small group of private security specialists launched an investigation into
the activity and found that that it only targeted computer users using the
web browser Windows Internet Explorer 8 and higher versions. The attackers
were able to exploit a security flaw in the browser software called a
“zero-day” vulnerability – a previously unknown flaw that allows computer
hackers to gain access to a targeted computer.
A similar Internet Explorer vulnerability was behind the major Aurora
cyber attack on Google and other U.S. corporations that began in 2009 and
was traced to China’s government.
Investigators said the computer attackers that targeted CFR were able to
set up a covert network capable of identifying, encrypting and sending stolen
information found in targeted and infected computers back to a secret command
and control computer.
In the case of the CFR hack, the malicious software involved software
that included Mandarin Chinese language, the specialists said. Also, the
attackers limited their targeting to CFR members and website visitors who
used browsers configured for Chinese language characters – an indication
the attackers were looking for people and intelligence related to China.
“This was a very sophisticated attack,” said one of the specialists.
“They were looking for very specific information from specific people.”
The extent of the damage is not known but CFR members who visited the
website between Wednesday and Thursday could have been infected and their
data compromised, the specialists said.
The CFR is one of the most elite foreign policy organizations in the
United States with a membership of some 4,700 officials, former officials,
journalists and others. Its members include NBC anchor Brian Williams,
Hollywood actress Angelina Jolie, and former Sen. Chuck Hagel, President
Obama’s embattled but as yet un-nominated choice for secretary of defense. More>>