Even the Executive Office of the President of the United States isn’t immune to hacking. A holiday e-mail sent out from the President late December proved to be carrying malware known as ZeuS, a vehicle for cyberespionage.
The e-card, “sent” from the Executive Office with wishes of a “Merry Christmas and a very happy, prosperous New Year,” contained a link to download the malware. Once downloaded, ZeuS was able to extract PDF, Microsoft Word and Excel documents and drop them on a server based in Belarus.
Cybercrime blogger Brian Krebs postulated (without naming names) a few of the victims of the breach. Incuded were:
- A Massachusetts State Police intelligence analyst
- A worker with the Financial Action Task Force (“a body set up to develop national and international policies against terrorist financing and money laundering”)
- An employee of the National Science Foundation’s Office of Cyber Infrastructure
- An official with the Moroccan government’s Ministry of Industry, Commerce and New Technologies
- An employee at the Millennium Challenge Corporation (“a federal agency set up to provide foreign aid for development projects in 15 countries in Africa, Central America and other regions”)
Due to poor coding, according to one U.S. official, none of the documents hacked were buried too deeply in layers of folders on the hard drive; so the compromised information was relatively accessible. Though the government may be downplaying the significance of the breach, it has been revealed that several gigabytes of data were hacked.
In the past, the ZeuS Trojan has been used to gain access to bank information, resulting in millions of dollars in theft.
Though this hack may seem like a mildly consequential breach, it is a great bellwether of the rise of governmental server insecurity and the use of malware for cyberespionage.