Authorities believe Chinese were behind cyberattack on Aspen Institute
Ryan Summerlin February 23, 2013
ASPEN – The Aspen Institute is the latest U.S. organization to see some of its email accounts targeted in the purported wave of Chinese cyberattacks.
Three of the institute’s estimated 350 email accounts were broken into, said Trent Nichols, director of information technology and services for the think-tank, which keeps its headquarters in Washington, D.C., and holds a strong presence in Aspen. The accounts belonged to high-ranking institute officials.
Nichols said institute President and CEO Walter Isaacson was one of the victims. He declined to identify the other two.
“Walter has made no secret about this,” Nichols said. “His reaction was pretty much that anything he says is public knowledge, and he doesn’t consider anything in his inbox privileged or confidential.”
The news was first reported Thursday night by the Huffington Post.
Nichols told The Aspen Times he believed it was a “targeted attack. They were looking specifically for access to these members (Isaacson and the other two).”
It was likely the work of a “well-funded” Chinese group, Nichols said.
“It’s a position and it’s an assumption based on everything else that’s in the news,” he said.
Isaacson, in an email to the Huffington Post, said the FBI told him that “the Chinese had hacked the Aspen Institute.”
The institute’s revelation about the cyberattacks – the hackers had been rummaging through Isaacson’s and the other two Institute officials’ emails for two months – comes the same week Virginia-based Mandiant Inc. released a report detailing China’s role in the espionage. Mandiant’s report accused the Chinese government of sponsoring cyberattacks on 141 companies. The driving motivation behind the attacks is to obtain trade secrets and other intelligence, experts say. The Chinese government has denied any involvement.
As for the institute, which joins The New York Times, The Wall Street Journal, Apple, Facebook and other notable U.S. entities as a victim of cyber-spying, Nichols said no sensitive information was obtained.
“They weren’t emailing from those accounts. They were not sending out spam,” he said. “They were just trying to find whatever they could find.”
The hackers did so, Nichols explained, by sending a “spear phishing” email to Isaacson and the other two.
“It looked like an email, and they opened the attachment that contained a virus specifically crafted” to obtain their passwords, Nichols said.
They accessed the email accounts through the institute’s Web mail, Nichols said. Isaacson and the other victims were unaware that their email accounts had been hit, Nichols said.
“It’s difficult to protect through our means,” he said.
Nichols said he was in the process of sending an email to institute members on Friday, directing them all to change their passwords.
“I’m asking them to make a more complex password, with eight or more characters and a combination of letters and numbers,” he said.
But there are no guarantees that the institute won’t be hit again.
“It’s a tough business we’re in now,” he said.