How the Pentagon Hack May have been a Result of an E-mail Scam

Deputy Defense Secretary William J. Lynn III admitted in a Cybersecurity keynote last week that hackers managed to steal over 24,000 Pentagon files, most likely from a defense contractor. He did not disclose a lot of details about the incident, but hinted towards “foreign introducers” that managed to get their hands on “satellite communications systems, and network security protocols” among other things.

This story leaves a lot of room for speculation, and Nick Percoco, digital security expert and SVP at Trustwave’s SpiderLabs, said in an interview with Fast Company that he may have an idea as to what went down: an e-mail scam sent to a staff member of a given defense contractor.

“If you wanted to steal data like this, you could start by targeting a particular employee via email–“We’ve seen this happen to defense contractors,” Percoco notes. “Using technology like Google, and LinkedIn and other social networks” hackers could find out who best to target.”

That employee may be a senior executive, or a network administrator. Once the hacker obtained that individual’s email, they would have to gain access to a zero-day exploit of a program that is most likely installed on their work laptop, Peroco said. According to him, after that the hackers would just need to send an official-looking email from an official-looking address to that person as early in the morning as possible.

The pentagon hacking is one of the most alarming incidents so far, but it’s one case in a long list of breeches one we’ve been hearing about this year. Data about RSA’s SecurID token was obtained by hackers a few months ago, an incident most likely related to the attacks on the networks of at least two government contractors: Lockheed Martin and Northop Grumman.  Many have been paying attention to all this activity, including Sen. John McCain, who is now seeking to form a specialized committee to investigate these attacks.

RELATED:  Outcome-driven healthcare enabled by Watson, but security threats challenge | #IBMinsight

Maria Deutscher

Maria Deutscher

Maria Deutscher is a staff writer for SiliconANGLE covering all things enterprise and fresh. Her work takes her from the bowels of the corporate network up to the great free ranges of the open-source ecosystem and back on a daily basis, with the occasional pit stop in the world of end-users. She is especially passionate about cloud computing and data analytics, although she also has a soft spot for stories that diverge from the beaten track to provide a more unique perspective on the complexities of the industry.
Maria Deutscher


Join our mailing list to receive the latest news and updates from our team.

Submit a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Share This

Share This

Share this post with your friends!