Threat Management, Breach, Threat Management, Threat Intelligence, Data Security, Malware, Phishing

Report: Russian hackers breached Joint Chiefs’ email system in 2015

Share

An unclassified e-mail system used by the U.S. Joint Chiefs of Staff, their chairman and his support staff was infiltrated by Russian hackers in August 2015, according to a CBS News report, citing former Joint Chiefs Chairman Martin Dempsey.

Dempsey, who was chairman at the time of the system breach, told the news organization that the perpetrators stole passwords and electronic signatures belonging to him and hundreds of other senior officers. Although the hackers did not gain any intelligence from the attack, the incursion did force Pentagon officials to fully take the network down and spend two weeks replacing hardware and software.

The email system is used by the Pentagon's Joint Staff, composed of roughly 3,500 military officers and civilians working for the chairman. According to the news report, the attack started with 30,000 malicious emails sent to a university on the West Coast. Of those emails, four were forwarded on to members of the Joint Staff, one of which was opened.

Just one in 30,000 was all it took to incite chaos.

One might jump to the conclusion that this attack was the work of a Russian advanced persistent threat group. However, John Bambenek, manager of threat systems at Fidelis Cybersecurity – one of the companies whose analysts concluded that Russian APTs Fancy Bear and Cozy Bear hacked the Democratic National Committee –expressed skepticism that an nation-state threat group was involved.

“It would appear odd to me that [a foreign] intelligence agency would send 30,000 emails to a single university as a foothold to pivot to the Joint Chiefs of Staff,” said Bambenek, in an email interview with SC Media. “Without having investigated this directly, this strikes me as routine phishing in ‘napalm-the-earth style' that got forwarded to military contacts and then spread organically from there.”

Still, news of this 2015 incident adds to the growing narrative that Russian hackers have been relentlessly penetrating U.S. assets and institutions such as the DNC, the Democratic Congressional Campaign Committee and the Election Assistance Commission, and also interfered in the 2016 presidential election. But at least from first impressions, Bambenek does not think this particular incident was quite so Machiavellian.

“The government may have more information that leads them to believe otherwise, but based on a spam run to a university pivoting to the military, combined with the somewhat sensationalized media reporting… my educated suspicion is that this was a criminal, not intelligence, actor” who just happens to be Russian or sympathetic to Russian interests, said Bambenek. But, “Once the attackers realized what they had, [they] decided to engage in some sabotage.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.