Hackers spied on employees at the Aspen Institute for two months, snooping on their email correspondence before the FBI discovered the breach and traced its origin to China, executives at the think tank told The Huffington Post.
It was the second time the Washington-based Aspen Institute has been hacked in the past two years, according to Trent Nichols, its director of IT services. Nichols said in an interview Thursday that hackers stole the user names and passwords of three employees -- including president and chief executive Walter Isaacson -- and used the information to repeatedly log in to the institute's Web mail service.
Nichols said he learned about the cyber-espionage campaign in a Jan. 6 email from the Department of Homeland Security that revealed one email account had been hacked. The next day, he received a phone call from the FBI, saying that two additional employees' emails had been hacked.
"We were shocked," Nichols said. The hackers "would just go in, read their emails and get out. They were basically snooping around to see what they could find."
Isaacson said the FBI told him "the Chinese had hacked the Aspen Institute."
"I said that was fine, and maybe they will read all of our reports and that will be good," Isaacson said in an email to HuffPost. "But then the agent called back a couple of weeks later and said, 'OK here are all your passwords that they got.' And I realized it was both scary and felt like I had been violated. It made me angry."
Founded in 1950, the Aspen Institute hosts seminars, programs and conferences on public policy issues. Board members include former U.S. Secretary of State Madeleine Albright, former Walt Disney chief executive Michael Eisner and billionaire conservative David Koch.
The hackers' identities and motive remain unclear. Aspen Institute employees regularly exchange emails with contacts around the world, including China, India and the Middle East, Nichols said.
"The hackers seem to think we knew something they wanted to know," Nichols said.
Nichols said he cleaned malware from the employees' computers and told them to change their passwords. But he said the nonprofit organization lacked the resources to prevent future attacks.
"We don't have the money to pay for a forensic team to find this sort of thing," Nichols said. "We don’t have the manpower. I've got one network administrator and he's juggling email and firewalls. He's very busy."
Nichols said the Aspen Institute installs antivirus products from Symantec on its employees' computers. But the software didn't catch the hackers, Nichols said, because the malware was custom-written to evade detection.
"With the software we've got, we're finding the obvious stuff, but we're not finding the stuff that's really well-crafted," Nichols said.
Nichols said he encourages employees to be more careful when checking email.
"The best thing you can do is teach staff to think, 'Does this email look legit?'" Nichols said. "People have gotten more cautious about clicking on links. But people are in a rush and assume some messages are from friends and don't think before clicking. And sometimes it's too late."
Nichols said the cyberspies most likely hacked Aspen Institute employees through what is known as a "spear phishing attack." In such attacks, hackers send targeted emails to employees that appear to come from a trusted source, like a friend or colleague, but contain malicious links or attachments that, when clicked, download malware onto victims' computers and allow hackers to remotely spy on their activities.
In 2011, the security firm McAfee published a report that identified a five-year cyber-espionage operation that targeted 71 companies, governments, and non-profit organizations around the world. Though it was not named in the McAfee report, one of those organizations was the Aspen Institute, Nichols said.
Security experts said they considered that operation the work of Chinese hackers. The Chinese government has repeatedly denied any involvement in hacking.
The Aspen Institute is not the only think tank to admit being hacked recently. Last month, the Center for American Progress said its computer network was targeted by Chinese hackers, but gave few details.
Sean Henry, a former FBI cybersecurity official, has said think tanks make valuable targets for cyberspies because they provide policy research for federal agencies, and their employees often join the government and work on classified data.
"These organizations aggregate very valuable data, and that's exactly the kind of information that foreign intelligence services are looking for," Henry told USA Today last year.
The Aspen Institute was recently ranked as the 41st best think tank in the US according to the annual University of Pennsylvania rankings.
Here is yesterday's Think Tank Watch post on Chinese hackers targeting think tanks. It notes a variety of think tanks have been hacked, including CSIS, AEI, Brookings, CFR, and CAP.
