Hackers steal info on military, defense personnel

Email address, names snatched from DefenseNews make great fodder for spear phishing attacks, says expert

Email addresses and names of subscribers to DefenseNews, a highly-regarded website that covers national and international military and defense news, were accessed by hackers and presumed stolen, Gannett announced yesterday.

DefenseNews ' subscribers include active and retired military personnel, defense contractors and others in both the U.S. and other countries' defense establishments.

"We discovered that the attacker gained unauthorized access to files containing information of some of our users," said Gannett Government Media, an arm of the media chain that publishes not only DefenseNews, but also the Military Times and Federal Times sites, as well as a number of military-specific magazines and journals, ranging from the Army Times to the Intelligence, Surveillance and Reconnaissance Journal.

In a message posted to its site Monday , Gannett acknowledged that the accessed information included first and last names, email addresses, account passwords, and duty status branch of service for military personnel.

Gannett urged registered users to reset their site passwords, "as well as your other online accounts, particularly those that use the same email address used for your Gannett Government Media Corporation account."

The attack was first detected June 7.

One security expert said it was possible the attack against DefenseNews and the other sites Gannett operates was targeted, perhaps by state-backed hackers. "It's hard to know if this was just part of the general ransacking of sites, or an attempt to obtain valuable information for spear-phishing," said Anup Ghosh, the founder and CEO of Web security firm Invincea.

Ghosh said it's likely the attack was deliberately after the names and email addresses of people in the defense industry and military.

"This is a pretty selective group," Ghosh said of the DefenseNews account holders, and would be restricted in scope to the military-industrial [establishment]. It would be very attractive from a nation-state point of view."

He based the last observation on the fact that hackers-for-profit are unlikely to go after such names and addresses. "But nation-state [hackers] are after military and defense intellectual property, and designs and plans."

The stolen information would make the perfect fodder for future "spear phishing," the kind of attacks that target individuals within an organization by crafting convincing messages, often with embedded links or attached files that direct recipients to malicious sites or plant malware directly on PCs to, for instance, gather more information or gain greater access to a network.

Spear phishing attacks have been blamed for a number of recent high-profile attacks, including ones against the International Monetary Fund (IMF) and senior government officials through Gmail.

Military contractors, most notably Lockheed , have also been attacked this year, although not necessarily through spear-phishing tactics.

"With this information, spear phishers could create pretty convincing messages [to these individuals]," said Ghosh, who said that click-through rates in such attacks can reach as high as 20%, meaning one-out-of-five people click on a link, open a file attachment or disclose other personal information.

Ghosh also noted that defense agencies and militaries are careful not to reveal contact information for their workers or personnel, for just that reason. "I wouldn't have thought to target a publication like this," said Ghosh. "It was actually very clever."

Gannett has sent emails to subscribers whose information was accessed, and warned them against falling for any spear phishing schemes.

"You should delete any unusual or suspicious emails without opening them and should not click on any links embedded in a message that appears suspicious once you have opened it," the company told subscribers in a copy of the email obtained by Computerworld.

DefenseNews has not said how many account records were accessed by attackers, and did not return a call for comment Tuesday.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com .

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Copyright © 2011 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon