Post by kevinfelixlee on Jun 3, 2011 14:54:42 GMT 8
People who work at the White House were among those targeted by the China-based hackers who broke into Google Inc.'s Gmail runescape gold accounts, according to one U.S. official. The hackers likely were hoping the officials were conducting administration business on their private emails, according to lawmakers and security experts.
The government has acknowledged senior administration officials were targeted in the "phishing" attacks on hundreds of users of the email service. White House officials declined to discuss who was targeted. The Obama administration reiterated Thursday that no official messages were compromised. But lawmakers and outside computer-security experts said recent White House history suggests administration officials sometimes use personal email to talk business, despite rules against doing so.
The Federal Bureau of Investigation and the Department of Homeland Security are working with Google to investigate. "These allegations are very serious," Secretary of State Hillary Rodham Clinton said Thursday. U.S. officials briefed on the incident said the Obama administration runescape money isn't going to raise the matter directly with the Chinese government until the facts become more clear. "Law enforcement needs to dig into this over the very short term so we have all the facts and procedures set out—then diplomacy," a U.S. official said.
White House officials in both the current and previous administrations have been accused of using personal emails to conduct business. No matter runescape accounts which party is in power, critics have argued, officials use personal accounts as a way to avoid having those messages turned over to congressional investigators, released under the Freedom of Information Act or retained for historic archives.
"If all White House officials were following rules prohibiting the use of personal email for official business, there would simply be no sensitive information to find," said Rep. Darrell Issa, Republican chairman of the House Oversight and Government Reform Committee, and a frequent thorn in the Obama runescape power leveling administration's side. "Unfortunately, we know that not everyone at the White House follows those rules and that creates an unnecessary risk."
Melanie Sloan, executive director of Citizens for Responsibility and Ethics in Washington, a watchdog group, said the hacking "suggests China believes government officials are using their personal accounts for official business, because I doubt they were looking for their weekend plans or a babysitter's schedule. Presumably, the Chinese wouldn't have done this if they weren't getting something."
The Chinese government has denied any involvement in hacking of U.S. officials' emails. Google disclosed the hacking attempts on Wednesday, saying senior U.S. officials, Chinese activists and others were targeted in an attack that tricked users into sharing their Gmail passwords with "bad actors" based in China, apparently with the goal of reading the victims' email.
Stewart Baker, a former homeland security official in the Bush administration, said he suspects the ultimate goal of the hacking may have been to use the email accounts as a stepping stone to penetrate the officials' home computers.
"If you can compromise that machine, you may well be able to access the communications they are having with the office," said Mr. Baker. Marcus Asner, a former cybersecurity prosecutor buy runescape gold in New York now at the firm of Arnold & Porter, said it is increasingly difficult for investigators to trace international hacking attacks to specific perpetrators.
"It used to be we'd send the FBI agents to find the 16-year-old boy in a basement responsible, but now you have national-security and State Department issues," he said. "Now, you're pitting countries against corporations."
U.S. officials have increasingly had their work and personal email accounts targeted by these types of booby-trapped email schemes in the past year or so, officials said. Government computer-security experts have tried to educate senior officials who would most likely be targeted by these attacks. For example, they've warned officials to be suspicious of emails that appear to be work-related but are sent to their personal email accounts. Employees are also told not to conduct official business on their personal email accounts.
The federal government fended off another targeted phishing attack in April, according to the Department of Homeland Security. One of these attacks "seriously impacted" a U.S. government facility. "Several employees at the facility were lured into clicking a link in the bogus e-mail that contained malware, which spread rapidly and extensively across the business IT network," according to a department report.
These phishing attacks have evolved significantly over the years, said James Mulvenon, a cybersecurity specialist who focuses on China. Initially they were tucked into emails fashioned in poor English, he said. But as attackers have gotten more sophisticated, it has become harder to identify these trick emails.
Now, such attacks target individuals with emails in perfect English on topics they are known to have worked on or mentioning meetings attended. One such scheme targeted attendees of a Defense Department-sponsored conference in 2008 with an email that purported to be from one of the presenters. The message contained malware that provided unfettered access to the victims' computers, said a person familiar with the incident.
Soon after, the attendees, mostly defense contractors, received emails that purported to be from one of the presenters at the conference. The notes included an attachment identified as his presentation materials, according to a person familiar with the incident. A majority of the conference attendees opened the attachment, which downloaded malware that provided "unfettered access" to their computer, this person said. "There was widespread success by the bad guys." A subsequent investigation tracked the perpetrator back to a Chinese hacking group.
"They're still doing the exact same thing" today, the person familiar with the incident said of the hacking group. ~By DEVLIN BARRETT and SIOBHAN GORMAN