A Russian hacker group known as Fancy Bear tricked key U.S. contract workers into exposing their email to theft, possibly revealing secrets of military drones and other sensitive U.S. defense technology, an Associated Press investigation has found.
It is uncertain what may have been stolen, but the hackers clearly exploited a national vulnerability in cybersecurity: poorly protected email and barely any direct notification to victims.
The infamous hacker group, which also intruded in the U.S. election, went after at least 87 people working on militarized drones, missiles, rockets, stealth fighter jets, cloud-computing platforms or other sensitive activities, the Associated Press found.
Among the companies targeted by the hackers were small businesses and defense giants like Lockheed Martin Corp., Raytheon Co., Boeing Co., Airbus Group and General Atomics. A handful of people in Fancy Bear’s sights also worked for trade groups, contractors in U.S.-allied countries or on corporate boards.
“The programs that they appear to target and the people who work on those programs are some of the most forward-leaning, advanced technologies,” said Charles Sowell, a former senior adviser to the U.S. Office of the Director of National Intelligence, who reviewed the list of names for the Associated Press.
“And if those programs are compromised in any way, then our competitive advantage and our defense are compromised.”
“That’s what’s really scary,” added Sowell, who was one of the hacking targets.
The AP identified the defense and security targets from about 19,000 lines of email phishing data created by hackers and collected by the U.S.-based cybersecurity company SecureWorks, which calls the hackers Iron Twilight. The data is partial and extends only from March 2015 to May 2016.
Most of the targets’ work was classified. Yet as many as 40 percent of them clicked on the hackers’ phishing links, the AP analysis indicates. That was the first step in potentially opening their personal email accounts or computer files to data theft by the digital spies.
James Poss, who ran a partnership doing drone research for the Federal Aviation Administration, was about to catch a taxi to the 2015 Paris Air Show when what appeared to be a Google security alert materialized in his inbox. Distracted, he moved his cursor to the blue prompt on his laptop.
“I clicked on it and instantly knew that I had been had,” the retired Air Force major general said. Poss says he realized his mistake before entering his credentials, which would have exposed his email to the hackers.
Hackers predominantly targeted personal Gmail, with a few corporate accounts mixed in. Personal accounts can convey snippets of classified information, whether through carelessness or expediency. They also can lead to other more valuable targets or carry embarrassing personal details that can be used for blackmail or to recruit spies.
