A diplomatic cable published by WikiLeaks reveals that hackers launched a sophisticated attack against United States climate negotiators about the same time the Climategate hacking of scientists happened last year. Brad Johnson has the story.
The attack, a “spear phishing” attempt to gain control of Department of State (DoS) computers, took place in the months before the Copenhagen climate talks of December, 2009. The June 19, 2009, cable warned that these kinds of “socially engineered” attacks, trying to trick people into running malicious software, were likely to be repeated:
DoS personnel have been targeted with socially engineered climate change-related e-mail. It is probable that receipt of climate change-themed socially engineered messages will persist as negotiations continue.
Five officials within the State Department’s Special Envoy for Climate Change Todd Stern’s office received an email about “China and Climate Change” designed to look like it came from a National Journal columnist, with a PDF attachment that harbored malicious code. If the attack had been successful, the hackers could have gotten “nearly complete control” over the computer systems. However, State’s Cyber Threat Analysis Division detected the attack and the users’ software was kept up to date, preventing harm:
China and the U.S. had just ended three days of negotiations in Beijing in early June. The cable gave no indication of who initiated the attack:
Though the incident has not been attributed to any known hostile actor, the event appears to be a targeted spear-phishing attempt and may be indicative of efforts to gather intelligence on the U.S.’s position on climate change issues.
Five months later, hackers uploaded an archive of thousands of emails stolen from England’s University of East Anglia’s servers of correspondence between climate scientists, as part of a campaign to derail the Copenhagen climate talks and cripple political action on global warming in the United States. Hackers and burglars also targeted climate scientists at the University of Victoria in Canada. No one has yet been charged in these crimes.
– Brad Johnson, in a WonkRoom cross-post.
(HT Plains Justice Blog)