The Cable

U.S. ambassador to Brazil called back to oversee the Foreign Service

Secretary of State Hillary Clinton is temporarily bringing back U.S. ambassador to Brazil Tom Shannon to serve as acting undersecretary of state for political affairs while the State Department awaits the confirmation of President Barack Obama's nominee for the post, Wendy Sherman.

State Department spokeswoman Victoria Nuland confirmed to The Cable that Shannon will begin work next week as the temporary successor to Bill Burns, who was promoted to replace Jim Steinberg as deputy secretary of state. Shannon, a well-respected career member of the Foreign Service, served as assistant secretary of state for western hemisphere affairs from 2005 to 2009 and was the National Security Council senior director for the same region from 2003 to 2005.

Shannon will lead an office that has oversight of the State Department's regional bureaus and has responsibility for the day-to-day management of regional and bilateral issues. In a way, Shannon's return to Foggy Bottom temporarily solves two problems for Clinton, as he also will be able to keep an eye on the western hemisphere bureau, which remains leaderless since the May departure of Arturo Valenzuela.

Nuland emphasized that the State Department intends to return Shannon to Brazil as soon as Sherman is confirmed. She said that Shannon will return "for what we hope will be only a few weeks ... until the Senate acts on the president's nomination of Wendy Sherman."

"This stop-gap measure will help the secretary and department officials manage business until the confirmation of Ambassador Sherman. We have every expectation that the Senate will act quickly on Ambassador Sherman's nomination as soon as possible after Labor Day," Nuland told The Cable.

But Sherman's nomination still faces resistance by some GOP senators. They have three main concerns. One is due to Sherman's time as Secretary of State Madeleine Albright's counselor and North Korea policy coordinator. Some in the Senate GOP caucus are upset that the Obama administration has begun meeting bilaterally with the North Koreans and might use this nomination, along with the nomination of Sung Kim to be ambassador to Seoul, to make their point.

Second, senators are poised to demand that Sherman disclose her private client list as a vice president at the consulting firm of Albright-Stonebridge. There's suspicion, but as of yet no evidence, that Sherman worked on behalf of Chinese state-owned firms. Senators will demand full disclosure.

Lastly, senators will criticize Sherman for being president of the Fannie Mae Foundation from 1996 to 1997. Fannie Mae practices, mostly outside the Foundation, contributed to the financial meltdown, although those abuses occurred largely after she left.

State Department officials feel they have a strong candidate in Sherman and are prepared to fight for her confirmation. It's too early to see exactly how strong the GOP opposition to her confirmation will be, but there is more than one Republican senator opposed to her confirmation.

No Senate holds have been placed on the nomination yet -- that can only happen after Sherman is approved by the Senate Foreign Relations Committee. Sherman has yet to receive a hearing before the committee, which will only occur after Congress returns from vacation in September.

Meanwhile, Shannon will keep her chair warm. Another Latin America hand at State, Brian Naranjo, has been managing the staff of the office of undersecretary for political affairs office in Burns' and Shannon's absence. He will continue on in his job as the acting executive assistant to the undersecretary, placing him as Shannon's right hand man and head of the office staff.

It's not that unusual for an acting undersecretary to be put in place when there's a prolonged vacancy. During former President George W. Bush's administration, Assistant Secretary Chris Burnham served as acting undersecretary for management under then Secretary of State Condoleezza Rice, and Assistant Secretary John Rood worked as acting undersecretary for arms control for about 18 months from 2007 to 2009.

State is hoping that Shannon won't have to serve in his acting capacity that long. He will keep his diplomatic credentials in Brazil. Todd Chapman, the deputy chief of mission at the U.S. embassy in Brazil, will mind the store as chargé d'affaires during Shannon's absence.

The Cable

CNAS used as patsy in e-mail phishing attacks

The Center for a New American Security (CNAS) was entangled in a computer hacking scam that targeted international affairs experts and showed evidence of originating from China.

"On August 2, 2011 a small number of people received a phishing email referencing a recent CNAS report. The email came from an AOL email account that has no association with any CNAS network," CNAS external relations director Shannon O'Reilly said in an e-mail Friday afternoon. "We wish to assure users that the phishing email did not come from CNAS nor would CNAS ever ask for password information."

CNAS is a Washington think tank founded by Assistant Secretary of State for East Asia Kurt Campbell and Undersecretary of Defense for Policy Michele Flournoy. After Campbell and Flournoy entered the Obama administration, they handed over the reins to current CEO Nate Fick and President John Nagl.

The e-mail was sent to people "associated with political and international affairs," according to Mila Parkour, an Internet security expert who analyzed the hacking attempt on the blog Contagio. The e-mail asked the target to log into Gmail via an embedded link. If the target did so, their passwords were stored and their Gmail accounts began to be monitored from an unknown location.

The style of the attack is called "phishing," an attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity.

Government officials and international experts have been the targets of phishing attacks for years and the threat comes from many countries, but Defense Department officials have admitted that the great majority of cyber espionage attempts against the U.S. government come from China. Some officials believe these attacks are carried out with either the explicit or implicit permission of the Chinese government.

There's no way to be sure, but Paul Roberts at the Threat Post blog reported that there are some similarities between the CNAS-related attack and other Chinese cyber espionage attempts.

"Attackers accessed the account using TOR (The Onion Router), so it's unclear where they accessed the account from," he said. "However, other aspects of the spear phishing attack bear the telltale signatures of a China-based operation, including the source IP of the phishing e-mail, which traces back to Taiwan, and the attackers use of Foxmail to create and send the phishing e-mail -- a common trait of China-based spear phishing attacks."

Last January, several U.S. government officials received an e-mail from "," which turned out to be a fake State Department e-mail address. That email was crafted to look like an interagency communication over a U.S.-China joint statement ahead of Chinese President Hu Jintao's visit to Washington.

"This is the latest version of State's joint statement. My understanding is that State put in placeholder econ language and am happy to have us fill in but in a rush to get a cleared version from the WH they sent the attached to Mike," the fake e-mail said.

If the recipient clicked on "the attached," his system would be compromised. One U.S. official told us that a similar gambit was attempted during the Shangri-La Dialogue in Singapore last June.

The latest attack had the subject line, "CNAS Report Calls Declining Satellite Capabilities National Security Concern." That refers to a recent CNAS report that is actually quite interesting and can be found here.

Meanwhile, think tankers and officials around Washington are surely changing their Gmail passwords today and CNAS is warning that this won't be the last fishy phishing e-mail to hit the Washington foreign policy community.

"This incident is illustrative of a growing trend in which users are contacted by what appears to be trusted individuals or institutions in order to acquire sensitive information," O'Reilly said.