Hackers steal info on military, defense personnel

Email address, names snatched from <i>DefenseNews</i> make great fodder for spear phishing attacks, says expert

Email addresses and names of subscribers to DefenseNews, a highly-regarded website that covers national and international military and defense news, were accessed by hackers and presumed stolen, Gannett announced yesterday.

DefenseNews ' subscribers include active and retired military personnel, defense contractors and others in both the U.S. and other countries' defense establishments.

"We discovered that the attacker gained unauthorized access to files containing information of some of our users," said Gannett Government Media, an arm of the media chain that publishes not only DefenseNews, but also the Military Times and Federal Times sites, as well as a number of military-specific magazines and journals, ranging from the Army Times to the Intelligence, Surveillance and Reconnaissance Journal.

In a message posted to its site Monday , Gannett acknowledged that the accessed information included first and last names, email addresses, account passwords, and duty status branch of service for military personnel.

Gannett urged registered users to reset their site passwords, "as well as your other online accounts, particularly those that use the same email address used for your Gannett Government Media Corporation account."

The attack was first detected June 7.

One security expert said it was possible the attack against DefenseNews and the other sites Gannett operates was targeted, perhaps by state-backed hackers. "It's hard to know if this was just part of the general ransacking of sites, or an attempt to obtain valuable information for spear-phishing," said Anup Ghosh, the founder and CEO of Web security firm Invincea.

Ghosh said it's likely the attack was deliberately after the names and email addresses of people in the defense industry and military.

"This is a pretty selective group," Ghosh said of the DefenseNews account holders, and would be restricted in scope to the military-industrial [establishment]. It would be very attractive from a nation-state point of view."

He based the last observation on the fact that hackers-for-profit are unlikely to go after such names and addresses. "But nation-state [hackers] are after military and defense intellectual property, and designs and plans."

The stolen information would make the perfect fodder for future "spear phishing," the kind of attacks that target individuals within an organization by crafting convincing messages, often with embedded links or attached files that direct recipients to malicious sites or plant malware directly on PCs to, for instance, gather more information or gain greater access to a network.

Spear phishing attacks have been blamed for a number of recent high-profile attacks, including ones against the International Monetary Fund (IMF) and senior government officials through Gmail.

Military contractors, most notably Lockheed , have also been attacked this year, although not necessarily through spear-phishing tactics.

"With this information, spear phishers could create pretty convincing messages [to these individuals]," said Ghosh, who said that click-through rates in such attacks can reach as high as 20%, meaning one-out-of-five people click on a link, open a file attachment or disclose other personal information.

Ghosh also noted that defense agencies and militaries are careful not to reveal contact information for their workers or personnel, for just that reason. "I wouldn't have thought to target a publication like this," said Ghosh. "It was actually very clever."

Gannett has sent emails to subscribers whose information was accessed, and warned them against falling for any spear phishing schemes.

"You should delete any unusual or suspicious emails without opening them and should not click on any links embedded in a message that appears suspicious once you have opened it," the company told subscribers in a copy of the email obtained by Computerworld.

DefenseNews has not said how many account records were accessed by attackers, and did not return a call for comment Tuesday.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com .

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cybercrime and HackingGovernment use of ITIT in GovernmentsecurityGannettgovernmentintelprivacy

More about AppleetworkIMFInternational Monetary FundLockheed MartinMicrosoftTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place