CFR Hack Attack 'Neutralized'

CFR president alerts members to recent ‘watering hole’ cyber attack

Richard Haass (AP)
December 29, 2012

The president of the Council on Foreign Relations on Friday notified members of the elite foreign policy group that its website was the target of a cyberattack and that the attack was neutralized.

Former State Department official Richard N. Haass stated in an email to all Council members that "the Council’s website was the subject of cyberattack.

"Early indications are that this event was what is commonly referred to as a ‘watering hole attack,’" Haass said in an email message.

"As a result of such an exploit, a visitor clicks on a compromised link on a host site, which conveys malware to their computer."

The hacking was first detected Thursday and the organization has been "working to mitigate the problem ever since," Haass stated.

"We believe we have neutralized the immediate threat and that it is safe to use the site," he said. "Our investigation is ongoing and once we have a better understanding of the nature of the attack, we will explore options and introduce measures to reduce the Council’s vulnerability to future exploits of this sort."

"No institution is completely immune from this kind of threat," he said. " is the Council’s front door, so it is our priority that it remains a safe, secure, and operational resource to our members and the general public."

The Free Beacon first reported the cyberattack on Thursday based on investigative work by private computer security forensic specialists.

The attack was traced to China based on Mandarin language found in the malicious software and its operating technique of targeting visitors to the CFR website whose browsers were configured for Chinese language and other Asian language characters.

The specialists called the intrusion a sophisticated cyberespionage attack aimed at the computers of current and former CFR members, many of whom are senior government officials.

The specialists said the exploit of taking over a web site is called a "drive-by" attack, where the attackers break into a computer server and use it to attack users who log in to the site remotely.

The attack appeared to end Thursday after the attackers removed their software to prevent investigators from learning further details of the attack, or by CFR itself after it was alerted to the strike.

The FBI was informed of the attack and is said to be investigating. An FBI spokeswoman declined to comment but said, "the FBI routinely receives information about threats and takes appropriate steps to investigate those threats."

CFR spokesman David Mikhail confirmed the attack and said the organization was investigating and "working to mitigate the possibility for future events of this sort." He provided no details.

According to investigators, a visitor to the CFR website discovered the attack after his computer became infected with malicious software.

Investigators discovered that the attack involved exploiting a previously unknown, or "zero day vulnerability," software flaw in the Internet Explorer 8 web browser and higher versions.

CFR publishes the prestigious Foreign Affairs quarterly journal and is one of the most influential foreign policy and national security organization in the United States. Among its 4,700 members are senior U.S. government officials and private sector leaders, including Secretary of State Hillary Clinton and Assistant Secretary of State Kurt Campbell, the Obama administration’s senior Asian affairs policy maker.

Senate Intelligence Committee Chairman Sen. Dianne Feinstein (D., Calif.) is also a member, as is Secretary of State-designate Sen. John Kerry.

Published under: China