Think tanks and law firms in Washington, experts say, are targets of pervasive espionage by cyber spies who are stealing sensitive information on business and policy matters and are using their unwitting victims to better understand the intricacies of Washington decision-making. The FBI and computer security analysts have investigated intrusions aimed at dozens of organizations, including human rights groups, trade associations, and public relations firms, and the organizations share a common theme: They all work on issues of economic and political interest to the Chinese government.
One prominent organization that found itself an unwitting target of cyber spying is the Brookings Institution, which runs a policy center on China. Brookings’ computer systems were penetrated last summer by an intruder who tricked a still-unknown number of employees into installing back doors on Brookings’ networks, according to several people with knowledge of the incident.
“I can confirm that we did have an incident, and that we did take steps to address it,” says Laurie Boeder, a spokesperson for Brookings, who declined to discuss details of how the intrusion was discovered and whether federal authorities were alerted to the breach. She also wouldn’t comment on whether China was presumed to be responsible.
But the influential think tank isn't unique. "Brookings is targeted often, as are all the think tanks in the Washington area," says Adam Vincent, the CEO of Cyber Squared, a computer security company in Arlington. Vincent's organization tracked a string of cyber break-ins last summer. At least 22 different organizations saw their networks penetrated, including two think tanks and two law firms in Washington. (Vincent declined to say whether Brookings was among them.)
The spies also tried to pilfer information from an array of other groups, including technology companies, Canadian immigration agencies, and groups with ties to mining, food safety, and environmental protection, among others. Cyber Squared dubbed the campaign Project Enlightenment.
"They did their homework," Vincent says of the cyber spies. "They knew whom in the organizations to target. They kept control of their computers for months, without people knowing it."
The common thread tying all the targets together is their work on areas of particular interest to China, including business deals and official policy disputes. Cyber Squared determined that the targets were compromised at the same time they were working on matters "uniquely and individually tied to Chinese strategic interests" that were in the news or the subject of ongoing debate.
For instance, an organization that was urging the United States to sell F-16 fighters to Taiwan, in order to create a military bulwark against China, received a spear-phishing e-mail shortly after legislation on the issue was brought up in Congress. Such e-mails are a key tool of cyber espionage; they appear to come from someone the target knows or is likely to know, and they contain malicious software code embedded in a link or attached document that, when opened, installs a hidden entryway into the target's computer or network.
In the case of the Taiwan F-16 sales, the target didn't open the attachment, and instead alerted Vincent's group, which investigated and found dozens of other targets in a "Chinese state-sanctioned or sponsored exploitation campaign."
Vincent says his company sent messages to every one of the victims it could identify, but none of them have responded. He says the company also notified federal law enforcement authorities. A spokesperson for the FBI declined to comment, citing a general rule of not discussing investigations.
Cyber spies aren't so much interested in the articles and white papers that organizations like Brookings publish, which anyone can read on the Internet, as in their network of contacts among the influential circles of Washington policymakers and power brokers, according to security analysts.
A personal, presumably confidential e-mail exchange between, say, a China expert at a think tank and a State Department official could give a spy a rare window into how US officials will approach negotiations with China. And personal schedules noting when an employee met with a particular administration official might give telling signals into what policymakers are discussing behind closed doors.
For the same reason, advocacy groups in Washington have also found themselves threatened. "We're a target pretty much every day," says Lotta Danielsson, the vice-president of the US-Taiwan Business Council, which has pushed for the sale of the F-16s. (Danielsson declined to say whether her group was the one that initially contacted Cyber Squared after it received a phishing e-mail.)
"There's really nothing you can do about it," Danielsson says. "There's only three of us in this office. We're very careful, and extremely paranoid." She says staffers disconnect their computers from the Internet when they don't need to use the Web or send e-mail. And they never open an e-mail they're not expecting without asking the sender if it's authentic. "We can't not use e-mail, but if we could get away without using it we probably would. It's such a minefield," she says.
Danielsson adds that spies also attempt to trick others into opening e-mails that appear to come from her group. "That happens quite a lot," she says. The latest incident was a few weeks ago.
Experts say cyber espionage with suspected links to China is so widespread that it's hard to know precisely what the spies are trying to understand at a given moment. DC-based policy outfits have become such rich sources that hacking and spear-phishing are just costs of doing business. "It's really hard to find an organization in that space that hasn't been targeted and compromised," says Steven Adair, the director of cyber intelligence for Terremark, which helps companies and organizations deal with advanced espionage threats. Other experts speculate that as the federal government has gotten better at improving its own network security, spies are going after "soft targets" that do business with the government but don't have as strong defenses.
Human rights lawyers are also in the crosshairs. Jared Genser, the founder of Freedom Now, which represents Chinese dissidents and activists, says one of his staffers received a spear-phishing e-mail two years ago. It contained an innocuous-looking link and appeared to come from a member of Freedom Now's board of directors.
Genser says his group contacted the FBI, and that investigators found a "keystroke logger" implanted on the computer, which clandestinely recorded anything the user typed. "It was buried deep in the guts of the computer, where you just can't get to it," Genser says. "We were told [by the FBI] to trash the computer, which is what we did."
Cyber Squared found that at least two law firms with offices in Washington were targeted as recently as last June. In those cases, it appears the spies were targeting the firm's clients, which include companies involved in business negotiations in China as well as trade-secret disputes with Chinese organizations. Like think tanks, law firms have become a routine target, Vincent says, because "lawyers have lots of very juicy information."