Governance & Risk Management , Information Sharing , Next-Generation Technologies & Secure Development

Report: China Spies on Private Emails

Could Info Be Used for Social Engineering, Extortion?
Report: China Spies on Private Emails

Chinese spies reading the private emails of top Obama administration officials could pose a potential threat to national security, even if no sensitive information is exposed in those private messages, security experts say.

See Also: Secure Document Sharing Across Multiple Networks

Since April 2010, Chinese hackers have had access to the private emails of top national security and trade officials, says a senior U.S. intelligence official who cites a 2014 National Security Agency briefing, NBC News reports.

The official tells NBC News that Chinese also garnered the email address books of targeted officials, reconstructing and then "exploiting [their] social networks" by sending malware to their friends and colleagues.

"Getting into their personal email of a government official can conceivably be a very valuable thing from a social engineering perspective, from a social networking perspective, figuring out who knows who, who's interested in what," says Samuel Visner, senior vice president at technology adviser ICF International.

Everyone Does It

The Obama administration declined to address the specifics and impact of the news report on Chinese reading administration officials' private emails. "We know that malicious actors often target personal email accounts of government and business leaders across the United States," the senior administration official says. "That's one of the many reasons why we believe it is important for not only government and private sector companies but also individuals to improve their cybersecurity practices and why this administration is working hard to raise our cyber-defenses across the board."

But for these administration officials, the content of private email messages could be as important as that found in official correspondence. "They contain more unguarded moments, as we suspect that others won't ever be able to read them," says Jason Healey, senior research scholar in cyber-conflict studies at Columbia University. "Use of non-work emails for sensitive items is especially true in government."

Healey doesn't see the Chinese doing anything new or wrong in e-spying on administration officials' private email messages. Everyone does it. After all, the National Security Agency has targeted the personal communications of foreign leaders. "Remember, the NSA did not apparently target [German Chancellor] Angela Merkel's work phone, just the one she used for non-government party business" Healey says.

"The Chinese are certainly in this for pure foreign intelligence, as personal emails are probably less protected than their classified emails," he says. "The Chinese might also be [seeking] interesting personal tidbits to help them understand their U.S. counterparts."

Malcolm Harkins, global chief information security officer at antivirus and endpoint protection provider Cylance, says private emails could contain information that could be used to blackmail the official - "think of something of a sexual [nature] or ... that could be very embarrassing."

Private email messages could disclose what would seem as innocent activities that could create problems in the workplace. Harkins envisions a physical advanced persistent threat, of sorts, in which the hacker learns of the delivery schedule of a package by reading a personal email message. "If you were a sophisticated threat actor, you could perhaps intercept the package and alter it or plant something in it that could be used later for espionage," he says.

Identifying Patterns

ICF International's Visner says that combining big data, data mining and data analysis could take information contained in the private emails and identify patterns that could produce valuable information for hackers.

Samuel Visner on how hackers could connect the dots from reading private email messages.

But Martin Libicki of the Rand Corp. says making such social engineering links might not generate significant benefit for the hacker. "There may be some intelligence value in knowing who communicates socially with whom, but the relationship between purloined data of that type and the Chinese ability to make decisions to the detriment of the United States winds its way through so many conjectures that the vast majority of its value washes out," says Libicki, whose research at the think tank focuses IT's impact on domestic and national security.

"Think of how modest the increase in insight is when studying a historic figure based on what he did that was in the public record and when one then throws in knowledge of his correspondence with others," he says.

According to NBC News, officials initially gave the private email grab the codename of "Dancing Panda" but later changed in to "Legion Amethyst."

Pentagon Unclassified Network Restored

The report Monday of alleged Chinese spying on administration officials' private email messages came as the Pentagon revealed that it restored the unclassified email network used by the Joint Chiefs of Staff and its support staff that has been out of commission for two weeks following a purported Russian breach (see Report: Russians Behind Pentagon Breach).

"Isolating the Joint Staff network enabled us to conduct a systematic process to hunt for adversaries, mitigate any malicious activity, confirm network security and integrity and further harden defenses," Army Lt. Col. Valerie Henderson, a Defense Department spokeswoman, said in a statement issued Monday.

The shutdown of the Joint Chiefs network came days after the United States Computer Emergency Readiness Team issued an alert that it had received multiple and continuing reports of three email-based phishing campaigns targeting U.S. government agencies and businesses.

According to reports, U.S. officials say Russians coordinated an attack on an unclassified Pentagon email system used by the Joint Chiefs of Staff that was offline since July 25. The officials say it's unclear if the attack was sanctioned by the Russian government. No classified information was compromised, the officials say.

DoD spokeswoman Henderson wouldn't furnish details about the specifics of the attack and remediation of the unclassified network, saying its Pentagon policy not to comment on intrusions.

"While any intrusion or attack upon our network is troubling, each attempt to intrude upon our networks offers a learning opportunity to improve our ability to effectively respond and bolster our cyber-defenses and network security," she said. "We have full confidence in the integrity of the DoD networks and systems."

Email woes this past week hammered the private sector, too. Wireless networking technology provider Ubiquiti Networks disclosed it had been targeted by a $46.7 million email impersonation scheme that induced employees in its finance department to fraudulently schedule wire transfers to overseas accounts (see Wire Fraud Just Got More Challenging).


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.