A cyber extortion campaign that has targeted more than 200 specific identities in 39 countries has just been uncovered.

The attack uses phishing attacks based on authentic Google emails. It pulls documents from the victims’ Google drives and dumps them strategically onto the Internet — but not before altering them to create a disinformation campaign that provides false impressions of major journalists: impressions like associating with CIA-backed plots to discredit world leaders and fuel revolutions in countries like Russia and Iran. The attacks have targeted prime ministers, ambassadors, senior military officers, heads of energy companies, academics, activists, journalists, and representatives of non-governmental organizations.

The compromised executive issues a public denial and pleads innocence while the release of documents intensifies in both content and volume, which adds to the attention the leak is receiving.

Close

And yes, this cyberattack technique absolutely contributes to the plethora of fake news rushing through the media.

Apparently, patient zero was an investigative journalist who is known for his reporting on Russia and prominent Russian opposition figures, and who has been banned from that country since 2013. Last October, he fell for a phishing attack and all of his documents were stolen, modified and re-distributed on the web. It is one thing when a political or academic figure’s work is modified to suit a particular agenda, but an entirely different thing when a C-level executive is impersonated in a similar way. The extortion demands in the journalist’s case have not been made clear as of yet, but they will likely be steep.

Imagine the possibilities in modifying correspondence or internal memos from the chief executive officer of a corporation to fake the denigration of key customers, employees, associates or partners.

[lz_ndn video= 32494451]

Bad guys regularly create dossiers on any entity that is perceived to be an obstacle to their social or political agenda, and their targets can include individuals, public and private entities, government officers, and other parties. Dossiers can be created from social media content and then correlated with phishing attacks and document exfiltration such as the one described here.

Once the goods are collected, the information is easily marketed (aka doxing) through the dark web via hacker forums, repositories called pastebins, and dark net social media networks. The goal of doxing has traditionally been to threaten, embarrass, harass and humiliate the individual or organization to further the hacktivist’s agenda.

But this new form of doxing has a very different purpose: extortion.

The controlled leak of a single incriminating document will generally be enough of a teaser to get a senior executive’s attention. Denying the accuracy of an internal memo is not going to be enough to erase suspicion, especially when compounded through clever correlation with other data that build a case for authenticity. Both available options are terrible.

Who do you think would win the Presidency?

By completing the poll, you agree to receive emails from LifeZette, occasional offers from our partners and that you've read and agree to our privacy policy and legal statement.

The compromised executive issues a public denial and pleads innocence while the release of documents intensifies in both content and volume, which adds to the attention the leak is receiving. Or the executive quietly agrees to pay off the attackers with the hope that all incriminating evidence will be destroyed and not used again.

In the case of the now famous Sony Pictures hack, the leak of information threatened the personal financial futures of Sony executives, seriously embarrassed the company’s CEO, and caused the co-chairman of the company, Amy Pascal, to resign, among other serious discordance and disruption. And that wasn’t even a clear extortion hack.

Fortunately, there are ways we can fight this form of cyber extortion. A company can employ software and services that map its digital footprint and monitor hacker forums and other illegal markets for negative sentiment about a company or individual, looking for company-specific dark-net threats. And it can do this in multiple languages, including Russian, Arabic and Chinese, in addition to English.

A mark of the cyberattacker personality is a need to brag or boast about accomplishments to peers. That chatter can be analyzed by today’s modern machine learning and predictive analytics software.

A case in point is the shooter who terrorized Virginia Tech in 2007 and killed 32 people. He’d posted his obsession with the Columbine massacre openly and repeatedly on Facebook and other social media sites for weeks before the tragic event unfolded. Today’s technology would have identified that obsession as a real threat, and we would probably have had a very different outcome as a result.

We are also able with current technology to run comparative analyses assessing how a particular company might line up against others in industry sector benchmarks so that companies can measure their preparedness against the norm.

[lz_related_box id=803131]

Foreign or otherwise, the damage can be fatal, and the remediation options are all bad. It is far better to bite the bullet, get these advanced levels of protection installed and be ready should your top corporate leaders come into focus as targets of cyber espionage or extortion.

The time for our government to get involved and begin insisting that these fundamental controls are in place has passed. This is a perfect opportunity for President Donald Trump to create a set of mandates and force businesses to comply. The threat is imminent. The damage will be great. And our national security is at risk.

On June 1, the Chinese implemented their brand-new nationwide cybersecurity law, which insists that all IT systems be sourced in China. There is a message there for us as well.

Steve King is the COO and CTO of Netswitch Technology Management.