China suspected of Facebook attack on NATO’s supreme allied commander

Beijing cyber-spies accused of using fake social networking accounts in bid to steal military secrets from the West

From Nick Hopkins, the Guardian:  Nato’s most senior military commander has been repeatedly targeted in a Facebook scam thought to have been co-ordinated by cyber-spies in China , the Observer has learned. The spies are suspected of being behind a campaign to glean information about Admiral James Stavridis from his colleagues, friends and family, sources say.

This involved setting up fake Facebook accounts bearing his name in the hope that those close to him would be lured into making contact or answering private messages, potentially giving away personal details about Stavridis or themselves.

This type of "social engineering" impersonation is an increasingly common web fraud. Nato said it wasn’t clear who was responsible for the spoof Facebook pages, but other security sources pointed the finger at China. . . .

The sophistication and relentlessness of these "advanced persistent threat" cyber attacks has convinced intelligence agencies on both sides of the Atlantic that they must have been state-sponsored. Nato has warned all its top officials about the dangers of being impersonated on social networking sites, and awarded a £40m contract to a major defence company to bolster security at the organisation’s headquarters and 50 other sites across Europe.

A Nato official confirmed that Stavridis, who is supreme allied commander Europe (Saceur), had been targeted on several occasions in the past two years: "There have been several fake Saceur pages. Facebook has cooperated in taking them down … the most important thing is for Facebook to get rid of them."

The official added: "First and foremost, we want to make sure that the public is not being misinformed. Saceur and Nato have made significant policy announcements on either the Twitter or Facebook feed, which reflects Nato keeping pace with social media. It is important the public has trust in our social media."

Nato said it was now in regular contact with Facebook account managers and that the fake pages were usually deleted within 24 to 28 hours of being discovered. Finding the actual source in cases such as these is notoriously difficult, but another security source said: "The most senior people in Nato were warned about this kind of activity. The belief is that China is behind this. . . ."

James Lewis, a cyber expert from the Centre for Strategic and International Studies thinktank in Washington, said the time for dithering had passed. "We know that Russia and China have done the reconnaissance necessary to plan to attack US critical infrastructure," he said. "You might think we should put protection of critical infrastructure at a slightly higher level. It is completely vulnerable."

Shawn Henry, executive assistant director at the FBI, told the Observer the agency was dealing with thousands of fresh attacks every month. "We recognise that there are vulnerabilities in infrastructure. That’s why we see breaches by the thousand every single month," he said. "There are thousands of breaches every month across industry and retail infrastructure. We know that the capabilities of foreign states are substantial and we know the type of information that they are targeting."   (photo: Yves Logghe/AP)

Image: ap%203%2010%2012%20James%20Stavridis_0.jpg