A top Washington think tank disclosed last night (Feb. 21) that its networks had been penetrated in a manner strikingly similar to the well-publicized hack of The New York Times.
Last night, The Huffington Post published a story that said The Aspen Institute had been hacked.
Aspen Institute IT director Trent Nichols told The Huffington Post that hackers, apparently from China, used spear-phishing emails to steal login information for three institute employees, including President and Chief Executive Officer Walter Isaacson.
It was one of a trio of major hacks disclosed yesterday evening. The NBC main website was found to be harboring dangerous malware. Online-customer-service firm Zendesk said attackers had stolen member data pertaining to three of its clients, thought to be Tumbler, Pinterest and Twitter.
Nichols said he'd learned of The Aspen Institute's intrusion from the Department of Homeland Security and the FBI.
"We were shocked," Nichols told The Huffington Post, adding that the intruders "would just go in, read their emails and get out. They were basically snooping around to see what they could find."
Isaacson is one of the most well connected journalists in America. He is the author of the best-selling 2011 biography of Apple founder Steve Jobs, and was formerly managing editor of Time magazine and chairman of CNN.
It’s not the first time Chinese hackers have targeted an American think tank. In December, the Council on Foreign Relations' website was rigged in an apparent "watering hole" attack meant to infect the council's well connected members with spyware.
However, The Aspen Institute's problems more broadly resemble those suffered by The New York Times this past fall.
In that case, hackers, also apparently from China, established a beachhead in the company network, then fanned out searching for information on a story the Times was working on concerning corrupt members of the family of Chinese Premier Wen Jiabao.
The Times brought in security-forensics firm Mandiant to clean up the mess, but The Aspen Institute doesn't have such deep pockets.
"We don't have the money to pay for a forensic team to find this sort of thing," Nichols told The Huffington Post. "We don’t have the manpower. I've got one network administrator and he's juggling email and firewalls. He's very busy."