Regarding the Recent Cyberattack on CFR.org

December 30, 2012 / Updated January 3, 2013

Dear Visitor:

It was recently discovered that this website, www.cfr.org, was the subject of a cyberattack that enabled the site to host “malware,” downloadable software intended to infect the personal computers of a small number of users who accessed the website under certain specific conditions earlier this month. This malware was identified and removed on Thursday December 27th.

The investigation into this matter is currently ongoing. We will post further information on this page once we have thoroughly assessed the nature of the intrusion and have a fuller understanding of any potential consequences to users. It is important to note that, at this time, our analysis has not uncovered any evidence suggesting that user data entrusted to our organization—email addresses, passwords, etc.—have been compromised through this event.

CFR.org is the Council on Foreign Relations’ front door, so we take cybersecurity very seriously. It is our priority that our website remains a safe, secure, and operational resource to CFR members and the general public. To this end, we have implemented additional measures to ensure the security of our website and its users, both in response to this past incident and as a part of our continued focus on cybersecurity.

Sincerely,
W. Thomas Davey III

Director
CFR Web Management and Development

Update as of January 3, 2013

In response to the recent cybersecurity attack on CFR.org, we have rid our server of any malware. We have also taken steps to increase the security of the site going forward by strengthening the defenses of the servers. Our focus now is to help the small number of people that might have been infected by the attack.

Further study of the malware that was hosted on CFR.org, as well as information about the malware available from third-party security researchers, has determined that users could have been infected by the malware only if ALL of the following three conditions were true:

  1. The visitor was browsing CFR.org on a computer using Microsoft Windows with Microsoft Internet Explorer Version 8 (or lower);
  2. the visitor's browser had the Adobe Flash plugin installed; and
  3. the visits to CFR.org occurred between December 6 and December 27, 2012.

Mobile devices such as Blackberries, iPhones, or iPads would not have been infected by the malware. Neither would desktop browsers like Google Chrome, Mozilla Firefox, and Apple Safari, nor any Apple Macintosh computer running OS X.

We have consulted a number of cybersecurity experts. For the visitors who meet the three conditions above, we are recommending the following best practices to alleviate potential security issues:

  1. Run a full antivirus and/or malware scan on your computer. It is important to note that at this time not all antivirus programs tested were able to identify the malware. Our testing has verified that the free antivirus scanner named HouseCall from Trend Micro appears capable of detecting the malware delivered by the CFR.org cyberattack. If using Housecall, individuals need to be sure to select "Full System Scan" under "Settings."
  2. Consider changing system passwords and your passwords for email, websites, etc. Do this especially if the malware was detected on your machine by an antivirus or malware scan.

For more information and recommendations, we are steering people to the Microsoft Security Advisory for this malware. For people who suspect that they may have been affected by this malware, we are also encouraging them to contact their antivirus vendor's support center for further assistance. Those using a corporate computer should contact their IT department.

W. Thomas Davey III

Director
CFR Web Management and Development