You know the drill. An email from a mysterious sender appears in your inbox, you delete it immediately. Whatever you do, you do NOT open and you most definitely do NOT click on any links in the message. You might think that this is common knowledge and that anyone with a modicum of Internet savvy would know this – especially anyone who might be dealing with highly classified information, say military scientists and engineers. Alas, you are wrong.
An Associated Press report, published Wednesday, revealed that Russian hackers have targeted key contract workers involved in military drones, missiles, cloud-computing platforms, and other highly sensitive defense technology. This in itself is not all that surprising, but, shockingly, 40 percent of the 87 targets went on to click on dodgy phishing links contained within the body of the email. Clicking on the links left the workers’ personal email accounts and computer files vulnerable to data theft.
As of right now, the amount of information they were able to get their hands on is unclear but it clearly raises a lot of questions over US cybersecurity.
“The programs that they appear to target and the people who work on those programs are some of the most forward-leaning, advanced technologies,” Charles Sowell, a former senior adviser to the US Office of the Director of National Intelligence, told the AP.
“[I]f those programs are compromised in any way, then our competitive advantage and our defense is compromised.”
The hackers involved in this attack are a group called Fancy Bear. These are the same guys who interfered in the US presidential elections, working for the Kremlin to steer Trump to victory. This time their goal was to steal US defense secrets, specifically those to do with drone technology.
“This would allow them to leapfrog years of hard-won experience,” explained Keven Gambold, a drone consultant and hacking target.
Even those with a solid understanding of email 101, could fall prey to these phishing attempts when tired or distracted. That’s what happened to James Poss, who is involved in drone research for the Federal Aviation Administration. He was about to hop on a taxi to the 2015 Paris Air Show when, distracted, he clicked on the link of an incoming email created to look like a Google security alert.
“I clicked on it and instantly knew that I had been had,” he said.
What is more strange is the fact that the FBI seems to have been aware of the hacking campaign for over a year. The problem is that they’re finding it hard to keep up with the sheer number of cyber-attacks.
“It’s a matter of triaging to the best of our ability the volume of the targets who are out there,” explained a senior official.
[H/T: Associated Press]