The son of an editor at the National Journal made an interesting observation while perusing some of the U.S. government cables released by WikiLeaks.
The astute reader noticed a series of emails sent in 2009 to five State Department officials requesting comment on climate change issues.
The emails were spoofed to appear to have originated from the National Journal’s editor and columnist Bruce Stokes, and were titled "China and Climate Change”.
At the time, the State Department officials contacted were engaged in sensitive negotiations with the Chinese government on greenhouse-gas emissions.
The emails contained attachments infested with malware that would have allowed the attackers access to the recipient's computers by way of a backdoor.
There is no evidence either way regarding the success of the spearfishing attack, and the assumption that the Chinese may have been behind the operation is purely circumstantial, based solely on the timing and the targets.
Spear-fishing refers to a social engineering strategy aimed at specific individuals using information tailored to fool the targets into providing sensitive information or, as was the case with the State Department officials, opening a malware-tainted document because they assume an attachment is from a trusted source.
This particular incident may have gone unacknowledged had it not been for the sharp eye of the unnamed editor's son who, after stumbling upon the emails, sent a message to his father stating, “I see that the Chinese government is using your magazine as a tool for international espionage.”
Spear-fishing as a social engineering tactic has continued to gain popularity with the increase in personal information shared on social networks.
Always exercise caution when opening attachments, even from sources assumed to be legitimate.