Photographer: Chris Ratcliffe/Bloomberg

Hackers Target Think Tanks to Get a Peek at U.S. Government Strategy

  • Groups tied to China, Russia look for advanced intelligence
  • Iran, Islamic State eye U.S. companies, infrastructure

Foreign hackers are going after the wonks.

Cyber criminals are targeting policy groups and nongovernmental organizations to get a leg up on U.S. government strategy, according to an executive at cybersecurity company CrowdStrike Inc. Such "nation-state" hackers, often tied to governments including China or Russia, want advanced intelligence on U.S. policy, said Shawn Henry, chief security officer of the Irvine, California-based company.

"They want to know what the thought leaders in the United States are considering, what they’re debating,” Henry, who oversaw the FBI’s global cyber investigations before retiring in 2012, said in an interview in Arlington, Virginia. "They’re looking for how policy is being designed. They’re looking at how senior leaders or former senior leaders are advising existing senior leaders -- what the emerging issues are, how the U.S. government is going to implement certain strategy."

QuickTake Cybersecurity

While Henry wouldn’t provide specifics on targets, Washington has many so-called think tanks and interest groups staffed by former government officials and analysts who stay in close touch with current policy makers.

Foreign cyberthreats are also increasing from the Middle East. CrowdStrike is tracking "a number of Iranian campaigns," targeting the U.S. energy sector and telecommunications industries, Henry said. It’s also monitoring a group aligned with Islamic State militants that’s been eyeing U.S. critical infrastructure.

Political Agendas

Besides using malware, infiltrators are enhancing their tactics to gain access to an organization’s computer network. In addition, "hacktivist" groups aiming to promote their political or social agenda to gain media attention are active. The firm recently alerted clients to a group out of Turkey that stole and publicized data from some larger U.S. companies in an effort to demonstrate its support for Armenia and its anti-Azerbaijan stance, he said.

"We’re seeing a number of these different types of groups that are creating some consternation among executives by causing some havoc," Henry said.

The company has also seen a substantial increase in attacks targeting information across sectors, including retail, health care, financial services and mergers and acquisitions.

Russian Threats

Organized crime groups distributing ransomware from Russia are another threat. They’ve broken into networks at hospitals as well as local and state governments and then encrypted data, holding it for ransom until they’re paid. The cyberthieves are probably going after such agencies because they haven’t backed up their data and are left with little choice but to pay to recover it, Henry said.

Henry said the U.S. government could improve on the speed with which it shares information, instead of merely sending out an e-mail, for example.

"We have to have a better way of sharing intelligence faster in a more automated way," he said. "There have to be other communications mechanisms. It may be a network that is enabling organizations to better share intelligence."

Holes in the U.S. government’s capabilities with new technologies came to the fore when it was initially unable to crack an iPhone used by a shooter involved in a terrorist attack in December. A federal judge ordered Apple Inc. to create new software to get past the phone’s encryption. Apple refused, saying this could threaten the data security of all its customers. The FBI dropped the case after it bought a hacking tool from an outside entity to unlock the phone. But the issue isn’t going away.

The government relies on the private sector in dealing with cyberthreats, and there has to be collaboration as companies develop products, Henry said. The government can say to a company that this is “what you need to be considering as you build your technology to deliver to the market. You’ve got to consider these security protocols," he said.

Before it's here, it's on the Bloomberg Terminal.