Correction: The office targeted by this “spear-phishing” attack was the Division of Ocean Affairs of the Office of the Special Envoy for Climate Change, within the U.S. State Department. The Guardian posted the cable in question on Dec. 3 and the New York Times reported on the revelation in a Dec. 4 article about Chinese cyber warfare, although it’s not clear to me that there’s any substantive link between the Chinese and this particular attack.
Leading French newspaper Le Monde has been delving into WikiLeaks in depth with a growing online section devoted to new revelations. An article posted Dec. 12, titled Pirates informatiques contre climatologues (Computer pirates against climatologists), reveals a few American diplomats’ fears that cyberattacks on climate scientists might increase in the days leading up to the 2009 Copenhagen meeting. One email reveals an unsuccessful attack against the U.S. State Department’s Bureau of Oceans, Environment and Science (OES) that has received very little coverage (none that I can find) in domestic press.
According to Le Monde, there was little discussion of “Climategate” via diplomatic cables, but June 19, 2009 traffic revealed by WikiLeaks discussed a failed attack against an agency of the U.S. government. During the summer of 2009, five OES employees received an email titled “China and climate change”, disguised to look as if it originated with an economics journalist for the National Journal. The body of the message was also written specifically for the recipients, according to their professional roles. Attached to the message was a PDF document carrying malware designed to take silent control of the targeted computer. At least one of the targeted employees opened the attachment. Fortunately the State Department’s frequent computer security updates detected and disabled the attack.
The note cited by Le Monde concludes (my translation of the French translation):
As climate negotiations continue, it is likely that attacks like this will persist…. Personnel involved in climate change research or related subjects should remain conscious of the elevated risk.
As loud voices call for prosecution of Julian Assange and warn of the risk of Chinese cyber warfare, I can’t help but wonder, where were the voices of outrage and the demands for investigation and justice when unknown parties attacked the U.S. State Department in an attempt to derail the Copenhagen negotiations? Or does the need for justice depend on the ends pursued by “cyberterrorists”?