The Center for a New American Security (CNAS) was entangled in a computer hacking scam that targeted international affairs experts and showed evidence of originating from China.

"On August 2, 2011 a small number of people received a phishing email referencing a recent CNAS report. The email came from an AOL email account that has no association with any CNAS network," CNAS external relations director Shannon O'Reilly said in an e-mail Friday afternoon. "We wish to assure users that the phishing email did not come from CNAS nor would CNAS ever ask for password information."

CNAS is a Washington think tank founded by Assistant Secretary of State for East Asia Kurt Campbell and Undersecretary of Defense for Policy Michele Flournoy. After Campbell and Flournoy entered the Obama administration, they handed over the reins to current CEO Nate Fick and President John Nagl.

The e-mail was sent to people "associated with political and international affairs," according to Mila Parkour, an Internet security expert who analyzed the hacking attempt on the blog Contagio. The e-mail asked the target to log into Gmail via an embedded link. If the target did so, their passwords were stored and their Gmail accounts began to be monitored from an unknown location.

The style of the attack is called "phishing," an attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity.

Government officials and international experts have been the targets of phishing attacks for years and the threat comes from many countries, but Defense Department officials have admitted that the great majority of cyber espionage attempts against the U.S. government come from China. Some officials believe these attacks are carried out with either the explicit or implicit permission of the Chinese government.

There's no way to be sure, but Paul Roberts at the Threat Post blog reported that there are some similarities between the CNAS-related attack and other Chinese cyber espionage attempts.

"Attackers accessed the account using TOR (The Onion Router), so it's unclear where they accessed the account from," he said. "However, other aspects of the spear phishing attack bear the telltale signatures of a China-based operation, including the source IP of the phishing e-mail, which traces back to Taiwan, and the attackers use of Foxmail to create and send the phishing e-mail -- a common trait of China-based spear phishing attacks."

Last January, several U.S. government officials received an e-mail from "dorsetttr1@state.gov," which turned out to be a fake State Department e-mail address. That email was crafted to look like an interagency communication over a U.S.-China joint statement ahead of Chinese President Hu Jintao's visit to Washington.

"This is the latest version of State's joint statement. My understanding is that State put in placeholder econ language and am happy to have us fill in but in a rush to get a cleared version from the WH they sent the attached to Mike," the fake e-mail said.

If the recipient clicked on "the attached," his system would be compromised. One U.S. official told us that a similar gambit was attempted during the Shangri-La Dialogue in Singapore last June.

The latest attack had the subject line, "CNAS Report Calls Declining Satellite Capabilities National Security Concern." That refers to a recent CNAS report that is actually quite interesting and can be found here.

Meanwhile, think tankers and officials around Washington are surely changing their Gmail passwords today and CNAS is warning that this won't be the last fishy phishing e-mail to hit the Washington foreign policy community.

"This incident is illustrative of a growing trend in which users are contacted by what appears to be trusted individuals or institutions in order to acquire sensitive information," O'Reilly said.

Foggy Bottom is flat out denying a British news report on Sunday that said State Department money would be awarded to the BBC to combat Internet censorship around the world.

"The BBC World Service is to receive a "significant" sum of money from the US government to help combat the blocking of TV and internet services in countries including Iran and China," the Guardian reported.

In fact, State has not yet made any decisions on how to spend the $30 million of congressionally appropriated money for fighting internet censorship that is sitting in its coffers. The BBC World Trust Service is just one of the 61 organizations applying for the funds, but has not gotten any approval or grants.

Assistant Secretary of State for Democracy, Human Rights, and Labor Michael Posner called the Guardian article "inaccurate and misleading."

"The BBC World Service Trust has indicated its intention to submit a proposal to the State Department in the area of Internet freedom, as part of an open and competitive solicitation, but we have not yet received this proposal or made any funding decisions," Posner said in a statement.

He also said State has no intention of announcing the awarding of the funds on May 3, Press Freedom Day, as the Guardian article alleged. Our sources said that proposals are due on March 31; the following week, evaluation panels will meet to go over the proposals and make decisions. 

On Capitol Hill, there's a bipartisan push to make sure most of those funds go to the U.S. government funded Broadcasting Board of Governors (BBG). Sen. Richard Lugar (R-IN) wrote a letter to Secretary of State Hillary Clinton asking her to immediately transfer no less than $8 million of the funds to the BBG.

Lugar is concerned that America is falling behind in the public diplomacy competition to countries that are expanding their external media operations, such as China.

"In the same way that our trade with China is out of balance, it is clear to even the casual observer that when it comes to interacting directly with the other nation's public we are in another lop-sided contest," Lugar wrote in a recent report (PDF).

In Senate testimony earlier this month, Clinton agreed.

"We are in an information war, and we are losing that war," she said. "I'll be very blunt in my assessment. Al Jazeera is winning. The Chinese have opened a global English language and multi-language television network. The Russians have opened up an English-language network."

The House's version of the temporary funding bill for the rest of fiscal 2011 calls for $10 million to be transferred from State to BBG toward this effort; the Senate version of the bill calls for $15 million. Aides on the Hill told The Cable that if a significant portion of the funds don't end up in BBG hands, Lugar and other lawmakers will get deeply involved in pressuring State to rethink its decision.

"Given the recent language included in both House and Senate continuing resolutions, the State Department's inability to see the Congressional handwriting on the wall on this issue is nothing short of breathtaking," a GOP Senate aide said.

The Broadcasting Board of Governors (BBG) has announced that Jeff Gedmin will step down as the head of Radio Free Europe and Radio Liberty (RFE/RL), the Prague-based organization he has led since 2007.

Gedmin will move to London to become CEO and president of the Legatum Institute, a research organization focused on understanding free markets and promoting the issues of democracy and civil society. He starts in his new role March 1.

In an interview from Prague, Gedmin said that his decision to leave RFE/RL after working so hard on its expansion for the last four years was the toughest career decision he's ever made.

"The best time to leave a job you love is never, yet if you are genuinely committed to growth and personal development, you always have to mindful of what you're giving to the organization where you work as well as what your next step will be," Gedmin said.

"I decided it was the right time to move on because if I'm telling my people to step out of their comfort zone and be open to growth, I have to be able to take my own advice."

Gedmin's tenure at RFE/RL was marked by an expansion of the reporting resources there. He now manages a staff of over 550 people in Prague and RFE/RL has about 40 personnel in Washington, DC as well. Gedmin oversaw the launching of Radio Mashaal, a news service covering neglected regions of Pakistan, which will celebrate its one year anniversary this week.

RFE/RL under Gedmin's leadership has also expanded its reporting in Central Asia, Afghanistan, Iraq, and Iran. Through the use of anti-censorship Internet technologies, the RFE/RL websites now log over 1 million visitors each month from inside Iran through a proxy server.

Multiple staff members told The Cable that Gedmin's departure would leave a huge void at RFE/RL, but they nevertheless wished him well.

"He's immensely popular in the building with the staff. He's completely revamped this [organization] into a 21^st century media operation. He's really put it on the map. Everybody is really disappointing that he's leaving," said one employee.

Another reporter for RFE/RL in Prague noted how Gedmin transitioned the organization's focus "away from the traditional places, toward the Caucasus, toward Central Asia, Iraq, Afghanistan, Iran. Those are the hotbeds today where accurate, reliable information is in need the way it was in Eastern Europe during the cold war."

Gedmin's departure comes just after the installation of the BBG's new chairman, Walter Isaacson, former head of CNN and Time magazine.

"Jeff's passion for the power of the truth has been a great inspiration for all of us involved in international broadcasting," Isaacson said in statement. "The Board looks forward to Jeff serving as a valuable adviser in the future."

With all about the chatter about China’s hacking of Google and Secretary of State Hillary Clinton’s drive to deliver “consequences” to bad actors in cyberspace, it’s worth noting that the problem of cyber attacks either promulgated or supported by the Chinese government is far from new.

In a previous life, your Cable guy broke a story that revealed senior military officials believe the Chinese government is supporting hackers that attack “anything and everything” in the U.S. national security infrastructure on a constant basis. And while it’s difficult to prove guilt, the scale, organization, and intent of the attacks leads experts and officials alike to one sponsor: the Chinese government.

The Defense Department has said that the Chinese government, in addition to employing thousands of its own hackers, manages massive teams of experts from academia and industry in “cyber militias” that act in Chinese national interests with unclear amounts of support and direction from China’s People’s Liberation Army (PLA).

According to SANS Institute research director Alan Paller, “The problem is 1,000 times worse than what we see.” But the tip of the iceberg is still large. Here are some of the most damaging attacks on the U.S. government that have been attributed to Chinese government sponsorship or endorsement over the past few years:

1) Titan Rain

In 2004, an analyst named Shawn Carpenter at Sandia National Laboratories traced the origins of a massive cyber espionage ring back to a team of government sponsored researchers in Guangdong Province in China. The hackers, code named by the FBI “Titan Rain,” stole massive amounts of information from military labs, NASA, the World Bank, and others. Rather than being rewarded, Carpenter was fired and investigated after revealing his findings to the FBI, because hacking foreign computers is illegal under U.S. law. He later sued and was awarded more than $3 million. The FBI renamed Titan Rain and classified the new name. The group is still assumed to be operating.

2) State Department’s East Asia Bureau

In July 2006, the State Department admitted it had become a victim of cyber hacking after an official in “East Asia” accidentally opened an email he shouldn’t have. The attackers worked their way around the system, breaking into computers at U.S. embassies all over the region and then eventually penetrating systems in Washington as well.

3) Offices of Rep. Frank Wolf

Wolf has been one of the most outspoken lawmakers on Chinese human rights issues, so it was of little surprise when he announced that in August 2006 that his office computers had been compromised and that he suspected the Chinese government.  Wolf also reported that similar attacks had compromised the systems of several other congressmen and the office of the House Foreign Affairs Committee.

4) Commerce Department

The Commerce Department’s Bureau of Industry and Security had to throw away all of its computers in October 2006, paralyzing the bureau for more than a month due to targeted attacks originating from China. BIS is where export licenses for technology items to countries like China are issued.

5) Naval War College

In December 2006, the Naval War College in Rhode Island had to take all of its computer systems offline for weeks following a major cyber attack. One professor at the school told his students that the Chinese had brought down the system. The Naval War College is where much military strategy against China is developed.

6) Commerce Secretary Carlos Gutierrez and the 2003 blackout?

A National Journal article revealed that spying software meant to clandestinely steal personal data was found on the devices of then Commerce Secretary Carlos Gutierrez and several other officials following a trade mission to China in December 2007. That same article reported that intelligence officials traced the causes of the massive 2003 northeast blackout back to the PLA, but some analysts question the connection.

7) McCain and Obama presidential campaigns

That’s right, both the campaigns of then Senators Barack Obama and John McCain were completely invaded by cyber spies in August 2008. The Secret Service forced all campaign senior staff to replace their Blackberries and laptops. The hackers were looking for policy data as a way to predict the positions of the future winner. Senior campaign staffers have acknowledged that the Chinese government contacted one campaign and referred to information that could only have been gained from the theft.

8) Office of Sen. Bill Nelson, D-FL

At a March 2009 hearing, Nelson revealed that his office computers had been hacked three separate times and his aide confirmed that the attacks had been traced back to China. The targets of the attacks were Nelson’s foreign-policy aide, his legislative director, and a former NASA advisor.

9) Ghostnet

In March, 2009, researchers inToronto concluded a 10-month investigation that revealed a massive cyber espionage ring they called Ghostnet that had penetrated more than 1,200 systems in 103 countries. The victims were foreign embassies, NGOs, news media institutions, foreign affairs ministries, and international organizations. Almost all Tibet-related organizations had been compromised, including the offices of the Dalai Lama. The attacks used Chinese malware and came from Beijing.

10) Lockheed Martin’s F-35 program

In April, 2009, the Wall Street Journal reported that China was suspected of being behind a major theft of data from Lockheed Martin’s F-35 fighter program, the most advanced airplane ever designed. Multiple infiltrations of the F-35 program apparently went on for years.