Chinese believed to be behind cyberattack on Aspen Institute
The Aspen Times
Glenwood Springs, CO Colorado
The Aspen Institute is the latest U.S. organization to see some of its email accounts targeted in the purported wave of Chinese cyberattacks.
Three of the Institute’s estimated 350 email accounts were broken into, said Trent Nichols, director of information technology and services for the think-tank, which keeps its headquarters in Washington, D.C., and holds a strong presence in Aspen. The accounts belonged to high-ranking Institute officials.
Nichols said Institute President and CEO Walter Isaacson was one of the victims. He declined to identify the other two.
“Walter has made no secret about this,” Nichols said. “His reaction was pretty much that anything he says is public knowledge, and he doesn’t consider anything in his inbox privileged or confidential.”
Support Local Journalism
The news was first reported Thursday night by the Huffington Post.
Nichols told The Aspen Times he believed it was a “targeted attack. They were looking specifically for access to these members [Isaacson and the other two].”
It was likely the work of a “well-funded” Chinese group, Nichols said.
“It’s a position and it’s an assumption based on everything else that’s in the news,” he said.
Isaacson, in an email to the Huffington Post, said that the FBI told him “the Chinese had hacked the Aspen Institute.”
The Institute’s revelation about the cyberattacks – the hackers had been rummaging through Isaacson and the other two Institute officials’ emails for two months – comes the same week Virginia-based Mandiant Inc. released a report detailing China’s role in the espionage. Mandiant’s report accused the Chinese government of sponsoring cyberattacks on 141 companies. The driving motivation behind the attacks is to obtain trade secrets and other intelligence, experts say. The Chinese government has denied any involvement.
As for the Institute, which joins The New York Times, The Wall Street Journal, Apple, Facebook and other notable U.S. entities as a victim of cyber spying, Nichols said no sensitive information was obtained.
“They weren’t emailing from those accounts, they were sending out spam,” he said. “They were just trying to find whatever they could find.”
The hackers did so, Nichols explained, by sending a “spear phishing” email to Isaacson and the other two.
“It looked like an email and they opened the attachment that contained a virus specifically crafted” to obtain their passwords, Nichols said.
They accessed the email accounts through the Institute’s Web mail, Nichols said. Isaacson and the other victims were unaware that their email accounts had been hit, Nichols said.
“It’s difficult to protect through our means,” he said.
Nichols said he was in the process of sending an email to Institute members on Friday, directing them all to change their passwords.
“I’m asking them to make a more complex password, with eight or more characters and a combination of letters and numbers,” he said.
But there are no guarantees that the Institute won’t be hit again.
“It’s a tough business we’re in now,” he said.
Support Local Journalism
Readers around Glenwood Springs and Garfield County make the Post Independent’s work possible. Your financial contribution supports our efforts to deliver quality, locally relevant journalism.
Now more than ever, your support is critical to help us keep our community informed about the evolving coronavirus pandemic and the impact it is having locally. Every contribution, however large or small, will make a difference.
Each donation will be used exclusively for the development and creation of increased news coverage.
Start a dialogue, stay on topic and be civil.
If you don't follow the rules, your comment may be deleted.
In a 4-3 vote Monday night, city council allowed the Roaring Fork Transportation Authority to continue operating in Glenwood Springs amid the COVID-19 crisis.