The scenario involved a spearphishing attack against a DHS employee, according to a report by Federal News Radio. The exercise showed how an attacker, using free tools found on the internet, could send an email with malware embedded in a PDF document that appeared to come from a DHS employee’s manager.
Once the employee opened up the PDF attachment, malware was launched that enabled the attacker to get the user’s password as well as the network and administrative passwords, according to the report. Once the hacker had these passwords, he or she could download, delete, upload, and change files, as well as turn on the computer’s microphone and web camera to record activity taking place in the room.
"Anyone can do [these attacks]. Many of them are point and click", Mark Weatherford, deputy undersecurity for cybersecurity at DHS, was quoted by Federal News Radio as saying.
Earlier this year, the Obama administration conducted a simulation for senators on a cyberattack against the New York City power grid during a summer heat wave. So far, the administration’s efforts have not persuaded Republican opponents to support the Democratic-based Cybersecurity Act.
Sen. Joe Lieberman (I-Conn.), a sponsor of the bill, has expressed concern that if the bill is not passed soon, it will not be passed at all. Senate Majority Leader Harry Reid (D-Nev.) said this week that he wants to have a Senate vote on the bill as soon as possible.