China’s “Dancing Panda” cyber operation spied on the Obama administration by breaching employee use of commercial email providers primarily for personal uses but also to harvest potentially small pieces of information to be used to construct a much larger picture:
It emerged last week that the FBI has begun investigating the security of Mrs Clinton’s private email set up, in a bid to establish whether the account could have been compromised.
Neither the 2014 NSA briefing, nor the intelligence official has revealed the names and ranks of the people whose accounts were hacked.
But in the last five years, the email espionage operation has attacked and taken information from over 600 American official targets.
The operation was first Dancing Panda by US officials. The name was later changed to Legion Amethyst.
The Chinese also harvested the email address books of the officials, according to the NSA document, and used them to spread the malware that allowed them to conduct their spying operation.
Google was one, but not the only, provider affected by the attack the officials said.
Most people do not realize how dangerous it is for their personal email to be breached by nation state actors. The average, every day user generally does not have anything to be concerned with except for the potential financial losses they could incur. However, imagine a government official and how they use personal email.
If a government official is to travel to a foreign country for business purposes, the entire planning is done through government channels. However, this same person may also send email to friends and family, informing them of their overseas travel. They may email local friends at their destination to setup meetings, discuss their flight arrangements, lodging, and more.
All this data may seem small, but it could help nation state actors piece together a much larger picture. This person could be traveling overseas for a government-to-government meeting, and all the aggregate of this information may help the attackers better understand what potential attack possibilities they could leverage during the event.
Cyber security is a difficult and challenging problem even for security professionals. Imagine how the average user thinks about these things – likely, they rarely, if ever, consider the unintended consequences of their actions or sending that email to a loved one.