Hackers Use ‘White House’ Christmas Card to Steal Data
- Posted on January 5, 2011 at 8:06am by
Jonathon M. Seidl
- Print »
- Email »
WASHINGTON (AP) — It looked like an innocent e-mail Christmas card from the White House.
But the holiday greeting that surfaced just before Christmas was a ruse by cybercriminals to steal documents and other data from law enforcement, military and government workers — particularly those involved in computer crime investigations.
Analysts who have studied the malicious software said Tuesday that hackers were able to use the e-mail to collect sensitive law enforcement data. But so far there has been no evidence that any classified information was compromised.
The targeted e-mail attack comes as the federal government is desperately trying to beef up its cybersecurity after the release of thousands of State Department cables and military documents by the WikiLeaks website. Federal authorities want to improve technology systems and crack down on employees to prevent the theft or loss of classified and sensitive information.
The red holiday e-mail card, with its brightly decorated Christmas tree, prompted recipients to click on a link, which would then download the ZueS malware — a well-known malicious code that is often used to steal passwords and other online credentials, primarily to poach Internet banking information. The malware was created several years ago and is widely available for criminals to acquire and adapt. It has been used to steal millions of dollars.
In this case, however, the code downloaded a second payload that is designed to steal documents from the recipient’s computer, accessing Microsoft Word and Excel files.
Don Jackson, director of threat intelligence for Atlanta-based SecureWorks, a computer security consulting company, said the attack was somewhat small and targeted to a limited number of groups with law enforcement, military and government affiliations.
It was small enough, he said, to suggest that is was sent out manually and not by a large network of infected computers. He said it was not large enough to be picked up by cybersecurity spam traps or sensors.
Alex Cox, principle research analyst for NetWitness, a cybersecurity firm in northern Virginia, said the e-mail was sent out just a day or so before Christmas, delivered by a control server in Belarus. He and Jackson said they believe this ZueS version was created by the same people who launched a similar but much larger attack last February.
Cox, who discovered the ZueS-infected malware last year when it infected at least 74,000 computers, said it’s hard to determine how many people were affected or how many documents were stolen in this latest attack.
Jackson said at the hackers stole at least several gigabytes of data.
Analysts learned of the e-mail attack last week and have spoken with federal authorities about it.
Homeland Security Department spokeswoman Amy Kudwa said officials are aware of the ZueS e-mail and are monitoring it along with other similar malware attacks that have been tracked for some time.
Cox and Jackson would not disclose details on who was attacked or what documents may have been compromised but agreed that the hackers probably were after the documents, rather than any banking or financial passwords.
One theory, said Jackson, is that the hackers were looking for information about law enforcement cases and investigative techniques related to cybercrime so that they could sell it to other criminals.
The e-mail attack, however, underscores the continuing vulnerability of government workers and their computer systems to versions of the ZueS malware. Hackers can easily tweak the code each time so that it does not trigger antivirus software.
“Criminals have found that if they change the files in small ways it can slip past antivirus software,” said Jackson.
While ZueS-related attacks are fairly common, this latest one stood out because of the use of the White House connection to lure recipients in and the targeted way it went after law enforcement, analysts said.
One U.S. official said that the code was rather poorly written. The hackers could only get easily accessible documents and not those filed deep within layers of folders on the hard drive, said the official, who spoke on condition of anonymity to discuss ongoing investigations.
Comments (22)
Sign In To Post Comments! Sign In
Popular Stories
Does Misstated Marathon Claim Prove Paul Ryan Is Dishonest? (POLL) 692 Comments
Paper Details Obama Admin’s Alleged Secret Note Sent to Iran: If Israel Attacks, We Won’t Get Involved 497 Comments
Roseanne Barr: Most Billionaires ‘Violent Pedophiles’ & ‘Heartless’ Cocaine Addicts 349 Comments
‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 332 Comments
This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 317 Comments
Faith
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 317 Comments
Pakistani Muslim Cleric Accused of Framing Disabled Christian Girl in Koran-Burning Case Read More- ‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 332 Comments
Meet the Controversial German Imam Accused of Brutally Beating His Wife & Pushing Sharia Law Read More
‘Self-Proclaimed Messiah’ & Unification Church Leader the Rev. Sun Myung Moon Has Died — Here’s His Life Story Read More
Business
President Obama Issues Major ‘Green Energy’ Executive Order 242 Comments- Germany’s Upcoming Court Ruling Will be Huge for the EU Read More
Ford Looks to Beat Toyota for Best-Selling Car in 2012 With This Model 148 Comments
Bernanke & QE3: Here’s What You Need to Know Read More- ‘Extortion’: Why Did the Labor Department ‘Drop the Hammer’ on Oregon Farmers? 302 Comments
Technology
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 317 Comments
‘TaserDrone’: Hackers Weaponize Quadcopter With Actual ‘Shocking’ Technology Read More
Ever Heard of the Wild ‘Burning Man’ Festival in the Middle of the Nev. Desert? Here’s Your Primer Read More
Stanford Develops Technology ‘Better Than Steroids’ for Athlete Recovery Read More
Have You Pretended to Know What ‘the Cloud’ Is? You’re Not Alone Read More
Submitting your tip... please wait!
OnfireNY
Posted on January 5, 2011 at 8:25pmAre you allowed to use “White House” and “Christmas Card” in the same sentence on the internet? Just asking?
Report Post »Bronco II
Posted on January 5, 2011 at 10:55amI don‘t except anything from the White House and I don’t go to their web-sites either unless I want MISINFORMATION FROM GOOGLE.
Report Post »UlyssesP
Posted on January 5, 2011 at 10:37amObama? Christmas? Who fell for that!
Report Post »Max jones
Posted on January 5, 2011 at 10:33amTrial run. Testing the waters. Probably not the first time.
Report Post »To this administration, the majority of citizens are the enemy. Have they not proved that?
dablooz
Posted on January 5, 2011 at 10:00amSimple solution….use Linux!
Report Post »loweralabama
Posted on January 5, 2011 at 9:31amI‘m from the government and I’m here to help. Yet another example of the ineptitude of the feds. How can anyone expect anything else? We need to cut government spending by at least 25 percent. That will reduce our exposure to such threats considerably. They can‘t be an exposure if they don’t exist.
Report Post »EqualJustice
Posted on January 5, 2011 at 9:30amProbably how they got that Navy video! Big brother is watching……
Report Post »Jim in Houston
Posted on January 5, 2011 at 9:05amAnyone dumb enough to open something from this White House deserves what they get.
Report Post »BuckOfama
Posted on January 5, 2011 at 8:54amBush’s fault
Report Post »Joe Camel
Posted on January 5, 2011 at 8:42amSome serious questions come to mind since this is my field. First, where did they get the email addresses? Are they using personal email addresses? If so, why are govt. employees spending time getting personal email at work, browsing the web, etc. Also, why are they running on an open network that is not locked down to internal access only. This only asks for issues. Many, many questions on how and why the government does things like this. It will be the downfall of our entire country soon, as it is quite easy to do as you can see from this simple issue. Lord help us.
Report Post »gzs3grls
Posted on January 5, 2011 at 8:34amI would like to say that remember when we point one finger at someone we have three fingers pointing back at us, we use the same tactics in elint, commint, sigint, we have been doing it for years to everyone, these three acronyms used to be a chargeable offense to even mention them out loud, but I am here to tell you that if you have a computer, in America, hooked up to inet, you are a target, big brother has the capability to surveil every email and word published, but at this point they don’t have enough analysts to peruse them, but it is just a matter of time, we are watching inward as much as outward communique’s, we are hated by the world for a reason, and the reason has been kept from us for years, only now is it starting to be brought into the light, I hope the likes of stories above start to awaken the brain dead dems sooner than later.
Report Post »oldguy49
Posted on January 5, 2011 at 8:32amduh…………….i thought everybody knows not to open unsolicited e-mail……….they must not watch fox
Report Post »SheriS
Posted on January 5, 2011 at 8:28amAll this garbage is brought to you by Obama and his mindless minions!
Report Post »JohnnyJT
Posted on January 5, 2011 at 8:15amDummies.
Report Post »Speak without Fear
Posted on January 5, 2011 at 8:14amReady to have you medical records online?
mmm mmmm mmmm Barack INSANE OBAMA mmm…mmmm….mmmmm
Report Post »Sledgehammer
Posted on January 5, 2011 at 8:13amThis data mineing, is brought to you by China!
Report Post »walkwithme1966
Posted on January 5, 2011 at 8:39amSo, the lesson here is don’t download anything from the White House!! http://wp.me/pYLB7-uK
Report Post »terryu1
Posted on January 5, 2011 at 8:58amThose who downloaded the fake card should have known that an anti-Christian Muslim would not be sending a Christmas card to anyone.
Report Post »Marcobob69
Posted on January 5, 2011 at 9:39amAnd I’ll bet they are the ones behind the cyber-attack on Iran, hoping the world will focus on Israel and the USA as the culprits. I don’t put anything past the Chinese!!!!
Report Post »taskmaster78
Posted on January 5, 2011 at 9:48amSledgehammer, come now that’s not PC no pun intended. China just wants the information that wiki is just not interested in. The thing that bugs me, no pun intended, is we have such poor security but some 2000 + computer techs in and at our disposal on the fed payroll.
Report Post »snowleopard3200 {cat folk art}
Posted on January 5, 2011 at 10:10amAnyone want to say “Wikileaks here we come!!!”
Report Post »*************************
Posted on January 5, 2011 at 3:42pm“Hackers Use ‘White House’ Christmas Card to Steal Data”
Hmmm. Just like marxist Obama and the commie Democrats … thieves. Nothing to see here. Move along. Move along.
sheriff BART [sees drunk in jail cell hanging upside-down]: “Are we awake?”
Report Post »town drunk JIM: “We’re not sure. Are we … black?”
sheriff BART: “Yes, we are.”
town drunk JIM: “Then we’re awake… but we’re very puzzled.”
-Blazing Saddles