A Chinese-based cyber attack is targeting the U.S. Defense Department’s Common Access Cards with technology that could steal information from military networks while troops and civilians work at their desks, researchers say.
The new cyber weapon apparently can get inside individual computers after users unwittingly open a standard PDF email file. Once embedded, it logs the users’ keystrokes to obtain personal identification numbers or codes associated with that card and user, according to AlienVault, a Silicon Valley-based cyber security firm.
“Basically, they are able to steal the PIN and then they can get access to whatever they want,” said Jaime Blasco, the lab manager for AlienVault who published detailed technical information about the attack.
The attacks are a variant of a virus, or malware, known as “Sykipot” and date back as far as March 2011, Blasco said.
The new Sykipot strain specifically targets the technology used to support the Pentagon’s CAC system and the emails seeking to spread it often are disguised as official military or government communications, Blasco said.
To lure defense workers to open the infected attachment, some of the emails have used information about new drone technology and pictures of unmanned aerial vehicles, he said.
The hackers behind the virus can access military systems only as long as an infected user’s card remains logged into a system.
Pentagon spokeswoman Air Force Lt. Col. April Cunningham declined to comment on the details published by AlienVault.
“We are aware of reports regarding this matter and take these type of reports seriously. However, due to operational security, we are not able to provide further details,” she told Military Times.
Blasco said the virus is linked to a “command and control server” that appears to be based in China; some flaws buried deep in the code revealed Chinese language characters, suggesting that only a Chinese speaker would be able to launch it.
Defending against attacks using this technology is extremely difficult. The best way to keep military networks secure is to train troops and civilian employees not to open any unfamiliar files or email attachments, Blasco said.
Many military officials are eager to begin widespread use of smart phones, tablets and other wireless devices, but cyber security experts caution that such technology can be more vulnerable to cyber attacks.