How the Pentagon Hack May have been a Result of an E-mail Scam
Deputy Defense Secretary William J. Lynn III admitted in a Cybersecurity keynote last week that hackers managed to steal over 24,000 Pentagon files, most likely from a defense contractor. He did not disclose a lot of details about the incident, but hinted towards “foreign introducers” that managed to get their hands on “satellite communications systems, and network security protocols” among other things.
This story leaves a lot of room for speculation, and Nick Percoco, digital security expert and SVP at Trustwave’s SpiderLabs, said in an interview with Fast Company that he may have an idea as to what went down: an e-mail scam sent to a staff member of a given defense contractor.
“If you wanted to steal data like this, you could start by targeting a particular employee via email–“We’ve seen this happen to defense contractors,” Percoco notes. “Using technology like Google, and LinkedIn and other social networks” hackers could find out who best to target.”
That employee may be a senior executive, or a network administrator. Once the hacker obtained that individual’s email, they would have to gain access to a zero-day exploit of a program that is most likely installed on their work laptop, Peroco said. According to him, after that the hackers would just need to send an official-looking email from an official-looking address to that person as early in the morning as possible.
The pentagon hacking is one of the most alarming incidents so far, but it’s one case in a long list of breeches one we’ve been hearing about this year. Data about RSA’s SecurID token was obtained by hackers a few months ago, an incident most likely related to the attacks on the networks of at least two government contractors: Lockheed Martin and Northop Grumman. Many have been paying attention to all this activity, including Sen. John McCain, who is now seeking to form a specialized committee to investigate these attacks.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
