Russian Hackers Sent Phishing Emails From Fake Harvard Email Address

In the days after the 2016 presidential election, a group of hackers tied to the Russian government launched a phishing scheme through a fake Harvard email address in an attempt to spread malware to American think tanks and nonprofits.

Under the scheme, the hackers laced Kennedy School Professor Pippa Norris’s paper “Why American Elections Are Flawed” with malware and sent it to recipients under a fake email address that appeared to be from Harvard’s Faculty of Arts and Sciences. The phishing campaign, which was first reported in the New York Times, came from a Russian hacking group also involved in the hacking of the Democratic National Committee this summer, according the cybersecurity firm Volexity.

According to Volexity, the phishing email sent from the fake Harvard address had the “widest distribution” compared to phishing attempts sent through other organizations, which include the Clinton Foundation and a cloud fax service.

Harvard University Information Technology alerted members of FAS on Nov. 10 about the phishing email and warned them not to open unusual emails. In a statement, Doug Gavel, a spokesperson for the Kennedy School, said the school quickly responded to the phishing message.

“We were aware of this most recent phishing attempt because a few individuals at HKS received the email (without clicking on the link) and quickly alerted our IT team,” Gavel wrote in an email.

Norris said she only learned that her academic work was being used in the phishing emails after she read the story in the Times. Hackers downloaded her paper from an online portal and distributed digital files of containing her essay.

“When I asked our security guys, they said, 'Well, there's nothing we can actually do about it,' in the sense that people can obviously download PDFs from wherever they find them and send off false malware,” Norris said. “But in some ways it’s not actually a security issue at the Kennedy School.”

While the phishing may not pose a cybersecurity threat, Norris said she was concerned about the effect the scam will have on the Electoral Integrity Project, a research study examining “international standards of electoral integrity” and the potential fallout of failed elections. Norris serves as director of the project.

“It does kind of damage our project because clearly if people feel that our work has been hacked, when I send out genuine emails, how are people going to know that it’s not from somebody else—Dukes or the Russians or whatever?” she said.

This is not the first time a Harvard affiliate has been targeted by hackers recently. Christian Hamer, HUIT’s chief information security officer, said in 2013 that the University experiences “tens of thousands” of attempted cyber breaches per day. Harvard’s servers—which contain data like students’ social security numbers and academic research—are regular targets.

Most recently, Harvard suffered a network intrusion in June, prompting the University to switch to two-step verification for logging into Harvard’s online portals. In order to access websites that require Harvard credentials, school affiliates must now use a secondary device—typically a cell phone—to receive an authentication code, which they can then use to sign onto their accounts.

—Staff writer Brandon J. Dixon can be reached at brandon.dixon@thecrimson.com. Follow him on Twitter @BrandonJoDixon.

—Staff writer Lucas Ward can be reached at lucas.ward@thecrimson.com.