Monday, July 7, 2014

Chinese Hackers Targeting Middle East Experts at Think Tanks

Chinese hackers are back to targeting US think tanks.  The latest revelation is that Middle East experts at think tanks were hacked by Chinese cyberspies during the past few weeks.

The think tank targeting strategy being used by Chinese cyberspies appears to have changed, as they have switched from attacking Asia experts to Middle East experts.  Reuters says that experts on Iraq are being targeted.

Here is more from The Washington Post:
The group behind the breaches, called "DEEP PANDA" by security researchers, appears to be affiliated with the Chinese government, says Dmitri Alperovitch, chief technology officer of the firm CrowdStrike. The company, which works with a number of think tanks on a pro bono basis, declined to name which ones have been breached.
Alperovitch said the firm noticed a "radial" shift in DEEP PANDA's focus on June 18, the same day witnesses reported that Sunni extremists seized Iraq's largest oil refinery. The Chinese group has typically focused on senior individuals at think tanks who follow Asia, said Alperovitch. But last month, it suddenly began targeting people with ties to Iraq and Middle East issues.
Experts say that breaking into organizations like think tanks can give adversaries access to sensitive communications about international strategy – and potentially allow them to use compromised e-mail accounts to get at other targets: A phishing message coming from a trusted acquaintance at a prominent think tank that asks a user to download an attachment is more likely to succeed than a seemingly random e-mail.
Experts say Chinese interest in U.S. think tanks is part of a larger information gathering strategy aimed at understanding how Washington works. Chinese officials often assume that think tanks and news outlets are being influenced by the U.S. government as their Chinese counterparts are by Beijing, these experts say.

One weaknesses at think tanks, according to the article, is that they often do not have the monetary resources to fend off sophisticated cyber attacks.  After all, Goldman Sachs can drop millions of dollars in a few days on cybersecurity, but a think tank like Center for American Progress (CAP) or American Enterprise Institute (AEI) needs to be more careful with its relatively limited resources.

Richard Bejtlich, Chief Security Strategist at FireEye and a Nonresident Senior Fellow at the Brookings Institution, also noted that it is hard to get think tankers to adhere to strict security measures because the atmosphere at think tanks is "more like a university than some place with stricter security needs like a financial institution."

So, which think tanks in the US have Middle East experts?  A ton do, including Brookings, Center for Strategic & International Studies (CSIS), US Institute of Peace (USIP), Atlantic Council, Heritage Foundation, Council on Foreign Relations (CFR), Carnegie Endowment for International Peace (CEIP), American Enterprise Institute (AEI), Center for a New American Security (CNAS), and New America Foundation (NAF), among others.

Think Tank Watch has written extensively about cyber attacks at think tanks, particularly by the Chinese.  Here is one post revealing an attack on the Aspen Institute.  Here is a post from last year about China targeting US think tanks.

By the way, RAND Corporation, which several days ago was faced with a fake "leaked" document regarding the crisis in Ukraine, issued a report detailing the shortage of cybersecurity professionals and how that poses a risk to national security.

Update: China on Tuesday (July 8) disputed claims by security firm Crowdstrike that China was cyberspying on think tanks.  Geng Shuang, press counselor for the Chinese Embassy in Washington, DC said "Chinese law prohibits cyber crimes of all forms, and Chinese government has done whatever it can to combat such activities."  [Think Tank Watch would note that the Chinese response is not a 100% denial of the claims.]