Cyber Spies Target Washington Think Tanks and Law Firms

Their target: sensitive information on business and policy matters.

Think tanks and law firms in Washington, experts say, are
targets of pervasive espionage by cyber spies who are stealing sensitive
information on business and policy matters and are using their
unwitting victims to better understand the intricacies of Washington
decision-making. The FBI and computer security analysts have
investigated intrusions aimed at dozens of organizations, including
human rights groups, trade associations, and public relations
firms, and the organizations share a common theme: They all
work on issues of economic and political interest to the
Chinese government.

One prominent organization that found itself an
unwitting target of cyber spying is the Brookings Institution, which
runs
a policy center on China. Brookings’ computer systems were
penetrated last summer by an intruder who tricked a still-unknown
number of employees into installing back doors on Brookings’
networks, according to several people with knowledge of the incident.

“I can confirm that we did have an incident, and that we did take steps to address it,” says
Laurie Boeder, a spokesperson for Brookings,
who declined to discuss details of how the intrusion was discovered and
whether federal authorities
were alerted to the breach. She also wouldn’t comment on
whether China was presumed to be responsible.

But the influential think tank isn’t unique. “Brookings is targeted often, as are all the think tanks in the Washington area,”
says
Adam Vincent, the CEO of Cyber Squared, a
computer security company in Arlington. Vincent’s organization tracked a
string of cyber break-ins
last summer. At least 22 different organizations saw their
networks penetrated, including two think tanks and two law firms
in Washington. (Vincent declined to say whether Brookings was
among them.)

The spies also tried to pilfer information from an
array of other groups, including technology companies, Canadian
immigration
agencies, and groups with ties to mining, food safety, and
environmental protection, among others. Cyber Squared dubbed the
campaign Project Enlightenment

“They did their homework,” Vincent says of the cyber spies. “They knew whom in the organizations to target. They kept control
of their computers for months, without people knowing it.”

The common thread tying all the targets together is
their work on areas of particular interest to China, including business
deals and official policy disputes. Cyber Squared determined
that the targets were compromised at the same time they were
working on matters “uniquely and individually tied to Chinese
strategic interests” that were in the news or the subject of
ongoing debate.

For instance, an organization that was urging the
United States to sell F-16 fighters to Taiwan, in order to create a
military
bulwark against China, received a spear-phishing e-mail shortly
after legislation on the issue was brought up in Congress.
Such e-mails are a key tool of cyber espionage; they appear to
come from someone the target knows or is likely to know, and
they contain malicious software code embedded in a link or
attached document that, when opened, installs a hidden entryway
into the target’s computer or network.

In the case of the Taiwan F-16 sales, the target
didn’t open the attachment, and instead alerted Vincent’s group, which
investigated
and found dozens of other targets in a “Chinese
state-sanctioned or sponsored exploitation campaign.”

Vincent says his company sent messages to every one of
the victims it could identify, but none of them have responded. He
says the company also notified federal law enforcement
authorities. A spokesperson for the FBI declined to comment, citing
a general rule of not discussing investigations.

Cyber spies aren’t so much interested in the articles
and white papers that organizations like Brookings publish, which anyone
can read on the Internet, as in their network of contacts among
the influential circles of Washington policymakers and power
brokers, according to security analysts.

A personal, presumably confidential e-mail exchange
between, say, a China expert at a think tank and a State Department
official
could give a spy a rare window into how US officials will
approach negotiations with China. And personal schedules noting
when an employee met with a particular administration official
might give telling signals into what policymakers are discussing
behind closed doors.

For the same reason, advocacy groups in Washington have also found themselves threatened. “We’re a target pretty much every
day,” says
Lotta Danielsson, the vice-president of the US-Taiwan Business Council, which has pushed for the sale of the F-16s. (Danielsson declined to
say whether her group was the one that initially contacted Cyber Squared after it received a phishing e-mail.)

“There’s really nothing you can do about it,”
Danielsson says. “There’s only three of us in this office. We’re very
careful,
and extremely paranoid.” She says staffers disconnect their
computers from the Internet when they don’t need to use the Web
or send e-mail. And they never open an e-mail they’re not
expecting without asking the sender if it’s authentic. “We can’t
not use e-mail, but if we could get away without using it we
probably would. It’s such a minefield,” she says.

Danielsson adds that spies also attempt to trick others into opening e-mails that appear to come from her group. “That happens
quite a lot,” she says. The latest incident was a few weeks ago.

Experts say cyber espionage with suspected links to
China is so widespread that it’s hard to know precisely what the spies
are trying to understand at a given moment. DC-based policy
outfits have become such rich sources that hacking and spear-phishing
are just costs of doing business. “It’s really hard to find an
organization in that space that hasn’t been targeted and compromised,”
says
Steven Adair, the director of cyber
intelligence for Terremark, which helps companies and organizations deal
with advanced espionage threats.
Other experts speculate that as the federal government has
gotten better at improving its own network security, spies are
going after “soft targets” that do business with the government
but don’t have as strong defenses.

Human rights lawyers are also in the crosshairs.
Jared Genser, the founder of Freedom Now,
which represents Chinese dissidents and activists, says one of his
staffers received a spear-phishing
e-mail two years ago. It contained an innocuous-looking link
and appeared to come from a member of Freedom Now’s board of
directors.

Genser says his group contacted the FBI, and that
investigators found a “keystroke logger” implanted on the computer,
which
clandestinely recorded anything the user typed. “It was buried
deep in the guts of the computer, where you just can’t get
to it,” Genser says. “We were told [by the FBI] to trash the
computer, which is what we did.”

Cyber Squared found that at least two law firms with
offices in Washington were targeted as recently as last June. In those
cases, it appears the spies were targeting the firm’s clients,
which include companies involved in business negotiations in
China as well as trade-secret disputes with Chinese
organizations. Like think tanks, law firms have become a routine target,
Vincent says, because “lawyers have lots of very juicy
information.”

More from News & Politics