A cyber extortion campaign was just discovered that has targeted more than 200 specific identities in 39 countries with phishing attacks based on authentic Google emails. The attacks pull documents from the victims’ Google Drives and dump them strategically onto the Internet.
But not before they are altered to create a disinformation campaign that provides false impressions of major journalists doing things like associating with CIA-backed plots to discredit world leaders and fuel revolutions in countries like Russia and Iran. The attacks have targeted prime ministers, ambassadors, senior military officers, heads of energy companies, academics, activists, journalists, and representatives of non-governmental organizations.
Apparently, patient-zero was David Satter, an investigative journalist who is known for his reporting on Russia and prominent Russian opposition figures and has been banned from the country since 2013. He has famously written in-depth pieces about Alexei Navalny, the prominent Russian anti-corruption activist.
Last October, Satter fell for a phishing attack and all of his documents were stolen, modified and re-distributed on the web. It is one thing when a political or academic figure’s work is modified to suit a particular agenda, but an entirely different thing when a C-level executive is impersonated in a similar way. The extortion demands in Satter’s case have not been made clear as of yet, but they will likely be steep.
Imagine the possibilities in modifying correspondence or internal memos from the chief executive officer of a corporation to fake the denigration of key customers, employees, associates or partners.
Bad guys regularly create dossiers on any entity that is perceived to be an obstacle to their social or political agenda which can include individuals, public and private entities, government officers, and other entities. Dossiers can be created from social media content and then correlated with phishing attacks and document exfiltration like the one described here.
Once the goods are collected, the information is easily marketed (aka, doxing) through the dark web via hacker forums, pastebins and dark net social media networks. The goal of doxing has traditionally been to threaten, embarrass, harass, and humiliate the individual or organization to further the hacktivists agenda.
But, this new form of doxing has a very different purpose in mind: Extortion.
The controlled leak of a single incriminating document will generally be enough of a teaser to get a senior executive’s attention. Denying the accuracy of an internal memo is not going to be enough to erase suspicion, especially when compounded through clever correlation with other data that builds a case for authenticity. The available options are both terrible.
The compromised executive publicly announces denial and pleads innocence while the release of documents intensifies in both content and volume which adds to the attention the leak is receiving. Or, the executive quietly agrees to pay off the attackers with the hope that all incriminating evidence will be destroyed and not used again.
In the case of the now famous Sony Pictures hack, the leak of information threatened their executive’s personal financial futures, seriously embarrassed CEO, Michael Lynton and caused Co-Chairman Amy Pascal to resign, among other major discordance and disruption. And that wasn’t even a clear extortion hack.
Fortunately, there are ways in which we can fight this form of cyber-extortion.
A company can employ software and services that maps their digital footprint and monitors hacker forums and other illegal markets for negative sentiment about a company or individual, looking for company-specific dark-net threats. The irony of the cyber-attacker personality is a need to brag or boast about accomplishments among their peers and that chatter can be analyzed by today’s modern machine-learning and predictive analytics software.
A case in point is the shooter who terrorized Virginia Tech in 2007 and killed 32 people, who posted his obsession with the Columbine massacre openly and repeatedly on Facebook and other social media sites for weeks before the tragic event unfolded.
Today’s technology would have identified that obsession as a real threat, and we would probably have had a very different outcome as a result.
We are also able with current technology to run comparative analyses assessing how a particular company might line up against others in industry sector benchmarks, and we can do this is multiple languages including Russian, Arabic, Chinese as well as English.
It is probably fair to assume that cyber-espionage attackers with a specific political agenda successfully hacked into the email account of John Podesta, the former chairman of Hillary Clinton’s unsuccessful presidential campaign. And, if you are a Hillary supporter, you have a deep appreciation for the damage such a phishing campaign might cause.
From whatever source, the damage can be fatal and the remediation options are all bad. Far better to bite the bullet, get these advanced levels of protection installed and layered in place and be ready should your top corporate leaders come into focus as targets of cyber-espionage or extortion.
In fact, if you are a true CIO or even one in title only, you have a fiduciary responsibility to prevent attacks of this nature and you are likely be held legally and personally accountable for the outcomes.