The myth of Vladimir Putin the puppet master

Julia Ioffe writes: Over the past year, Russian hackers have become the stuff of legend in the United States. According to U.S. intelligence assessments and media investigations, they were responsible for breaching the servers of the Democratic National Committee and the Democratic Congressional Campaign Committee. They spread the information they filched through friendly outlets such as WikiLeaks, to devastating effect. With President Vladimir Putin’s blessing, they probed the voting infrastructure of various U.S. states. They quietly bought divisive ads and organized political events on Facebook, acting as the bellows in America’s raging culture wars.

But most Russians don’t recognize the Russia portrayed in this story: powerful, organized, and led by an omniscient, omnipotent leader who is able to both formulate and execute a complex and highly detailed plot.

Gleb Pavlovsky, a political consultant who helped Putin win his first presidential campaign, in 2000, and served as a Kremlin adviser until 2011, simply laughed when I asked him about Putin’s role in Donald Trump’s election. “We did an amazing job in the first decade of Putin’s rule of creating the illusion that Putin controls everything in Russia,” he said. “Now it’s just funny” how much Americans attribute to him.

A businessman who is high up in Putin’s United Russia party said over an espresso at a Moscow café: “You’re telling me that everything in Russia works as poorly as it does, except our hackers? Rosneft”—the state-owned oil giant—“doesn’t work well. Our health-care system doesn’t work well. Our education system doesn’t work well. And here, all of a sudden, are our hackers, and they’re amazing?”

In the same way that Russians overestimate America, seeing it as an all-powerful orchestrator of global political developments, Americans project their own fears onto Russia, a country that is a paradox of deftness, might, and profound weakness—unshakably steady, yet somehow always teetering on the verge of collapse. Like America, it is hostage to its peculiar history, tormented by its ghosts. [Continue reading…]

Facebooktwittermail

FBI gave heads-up to fraction of Russian hackers’ U.S. targets

The Associated Press reports: The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin’s crosshairs, The Associated Press has found.

Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.

“It’s utterly confounding,” said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. “You’ve got to tell your people. You’ve got to protect your people.”

The FBI declined to discuss its investigation into Fancy Bear’s spying campaign, but did provide a statement that said in part: “The FBI routinely notifies individuals and organizations of potential threat information.”

Three people familiar with the matter — including a current and a former government official — said the FBI has known for more than a year the details of Fancy Bear’s attempts to break into Gmail inboxes. A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on when it received the target list, but said that the bureau was overwhelmed by the sheer number of attempted hacks. [Continue reading…]

Facebooktwittermail

Doomsday preppers expect civilization to collapse but the internet will survive

Bloomberg reports: Wendy McElroy is ready for most doomsday scenarios: a one-year supply of nonperishable food is stacked in a cellar at her farm in rural Ontario. Her blueprint for survival also depends upon working internet: part of her money, assuming she needs some after civilization collapses, is in bitcoin.

Across the North American countryside, preppers like McElroy are storing more and more of their wealth in invisible wallets in cyberspace instead of stockpiling gold bars and coins in their bunkers and basement safes.

They won’t be able to access their virtual cash the moment a catastrophe knocks out the power grid or the web, but that hasn’t dissuaded them. Even staunch survivalists are convinced bitcoin will endure economic collapse, global pandemic, climate change catastrophes and nuclear war. [Continue reading…]

Facebooktwittermail

Uber concealed cyberattack that exposed 57 million people’s data

Bloomberg reports: Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing company ousted Joe Sullivan, chief security officer, and one of his deputies for their roles in keeping the hack under wraps.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers were accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card details, trip location info or other data were taken, Uber said.

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

“None of this should have happened, and I will not make excuses for it,” Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement. “We are changing the way we do business.” [Continue reading…]

Facebooktwittermail

British cybersecurity chief warns of Russian hacking

The New York Times reports: Russian hackers over the past 12 months have tried to attack the British energy, telecommunications and media industries, the government’s top cybersecurity official said Tuesday in a summary of a speech to be delivered on Wednesday.

The warning, by Ciaran Martin, chief of the National Cyber Security Center, is the strongest indication yet that Russian cyberattacks on Western governments and industries may be far more persistent than United States or British officials have previously acknowledged. [Continue reading…]

Facebooktwittermail

How Russians hacked the Democrats’ emails

The Associated Press reports: It was just before noon in Moscow on March 10, 2016, when the first volley of malicious messages hit the Hillary Clinton campaign.

The first 29 phishing emails were almost all misfires. Addressed to people who worked for Clinton during her first presidential run, the messages bounced back untouched.

Except one.

Within nine days, some of the campaign’s most consequential secrets would be in the hackers’ hands, part of a massive operation aimed at vacuuming up millions of messages from thousands of inboxes across the world.

An Associated Press investigation into the digital break-ins that disrupted the U.S. presidential contest has sketched out an anatomy of the hack that led to months of damaging disclosures about the Democratic Party’s nominee. It wasn’t just a few aides that the hackers went after; it was an all-out blitz across the Democratic Party. They tried to compromise Clinton’s inner circle and more than 130 party employees, supporters and contractors. [Continue reading…]

Facebooktwittermail

U.S. prosecutors consider charging Russian officials in DNC hacking case

The Wall Street Journal reports: The Justice Department has identified more than six members of the Russian government involved in hacking the Democratic National Committee’s computers and swiping sensitive information that became public during the 2016 presidential election, according to people familiar with the investigation.

Prosecutors and agents have assembled evidence to charge the Russian officials and could bring a case next year, these people said. Discussions about the case are in the early stages, they said.

If filed, the case would provide the clearest picture yet of the actors behind the DNC intrusion. U.S. intelligence agencies have attributed the attack to Russian intelligence services, but haven’t provided detailed information about how they concluded those services were responsible, or any details about the individuals allegedly involved. [Continue reading…]

Facebooktwittermail

Hackers with possible Russian ties compromised the Trump Organization 4 years ago — and the company never noticed

Mother Jones reports: Four years ago, the Trump Organization experienced a major cyber breach that could have allowed the perpetrator (or perpetrators) to mount malware attacks from the company’s web domains and may have enabled the intruders to gain access to the company’s computer network. Up until this week, this penetration had gone undetected by President Donald Trump’s company, according to several internet security researchers.

In 2013, a hacker (or hackers) apparently obtained access to the Trump Organization’s domain registration account and created at least 250 website subdomains that cybersecurity experts refer to as “shadow” subdomains. Each one of these shadow Trump subdomains pointed to a Russian IP address, meaning that they were hosted at these Russian addresses. (Every website domain is associated with one or more IP addresses. These addresses allow the internet to find the server that hosts the website. Authentic Trump Organization domains point to IP addresses that are hosted in the United States or countries where the company operates.) The creation of these shadow subdomains within the Trump Organization network was visible in the publicly available records of the company’s domains. [Continue reading…]

Facebooktwittermail

The world once laughed at North Korean cyberpower. No more

The New York Times reports: When North Korean hackers tried to steal $1 billion from the New York Federal Reserve last year, only a spelling error stopped them. They were digitally looting an account of the Bangladesh Central Bank, when bankers grew suspicious about a withdrawal request that had misspelled “foundation” as “fandation.”

Even so, Kim Jong-un’s minions still got away with $81 million in that heist.

Then only sheer luck enabled a 22-year-old British hacker to defuse the biggest North Korean cyberattack to date, a ransomware attack last May that failed to generate much cash but brought down hundreds of thousands of computers across dozens of countries — and briefly crippled Britain’s National Health Service.

Their track record is mixed, but North Korea’s army of more than 6,000 hackers is undeniably persistent, and undeniably improving, according to American and British security officials who have traced these attacks and others back to the North.

Amid all the attention on Pyongyang’s progress in developing a nuclear weapon capable of striking the continental United States, the North Koreans have also quietly developed a cyberprogram that is stealing hundreds of millions of dollars and proving capable of unleashing global havoc.

Unlike its weapons tests, which have led to international sanctions, the North’s cyberstrikes have faced almost no pushback or punishment, even as the regime is already using its hacking capabilities for actual attacks against its adversaries in the West.

And just as Western analysts once scoffed at the potential of the North’s nuclear program, so did experts dismiss its cyberpotential — only to now acknowledge that hacking is an almost perfect weapon for a Pyongyang that is isolated and has little to lose. [Continue reading…]

Facebooktwittermail

How Israel caught Russian hackers scouring the world for U.S. secrets

The New York Times reports: It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.

The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules.

Like most security software, Kaspersky Lab’s products require access to everything stored on a computer in order to scour it for viruses or other dangers. Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky. That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest. [Continue reading…]

Even though the reporting is sloppy, where it says an NSA employee using his home computer “on which Kaspersky’s antivirus software was installed,” there’s little reason to doubt that this software had been installed by choice by that employee. Moreover, he most likely chose that software for the same reason most experienced users do: he believed it performs better than competing products. And as for the fact that the software detected the NSA hacking tools, that’s what antivirus software is designed to do.

In spite of the cloud of suspicion that now hangs over all-things-Russian, it’s hard not to wonder whether Kaspersky provoked the ire of Israeli and American intelligence through its work on exposing the operation of Stuxnet. Kaspersky’s role in raising public awareness about cyberwarfare operations can hardly have been welcomed by the agencies running those operations.

Given that “antivirus is the ultimate back door,” as Blake Darché, a former NSA operator, observes, this raises questions that aren’t touched upon in the reporting on Kaspersky: do all brands of antivirus software present serious security risks to their users? And do companies such as Symantec actively cooperate with the NSA?

Facebooktwittermail

North Korea ‘hackers steal U.S.-South Korea war plans’

BBC News reports: Hackers from North Korea are reported to have stolen a large cache of military documents from South Korea, including a plan to assassinate North Korea’s leader Kim Jong-un.

Rhee Cheol-hee, a South Korean lawmaker, said the information was from his country’s defence ministry.

The compromised documents include wartime contingency plans drawn up by the US and South Korea.

They also include reports to the allies’ senior commanders.

The South Korean defence ministry has so far refused to comment about the allegation.

Plans for the South’s special forces were reportedly accessed, along with information on significant power plants and military facilities in the South.

Mr Rhee belongs to South Korea’s ruling party, and sits on its parliament’s defence committee. He said some 235 gigabytes of military documents had been stolen from the Defence Integrated Data Centre, and that 80% of them have yet to be identified. [Continue reading…]

Facebooktwittermail

John Kelly’s personal cellphone was compromised, White House believes

Politico reports: White House officials believe that chief of staff John Kelly’s personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials.

The discovery raises concerns that hackers or foreign governments may have had access to data on Kelly’s phone while he was secretary of Homeland Security and after he joined the West Wing.

Tech support staff discovered the suspected breach after Kelly turned his phone in to White House tech support this summer complaining that it wasn’t working or updating software properly.

Kelly told the staffers the phone hadn’t been working properly for months, according to the officials. [Continue reading…]

Facebooktwittermail

Russian hacker wanted by U.S. tells court he worked for Putin’s party

Reuters reports: A Russian hacker arrested in Spain on a U.S. warrant said on Thursday he previously worked for President Vladimir Putin’s United Russia party and feared he would be tortured and killed if extradited, RIA news agency reported.

Peter Levashov was arrested while on holiday in Barcelona in April. U.S. prosecutors later charged him with hacking offences, accusing him of operating a network of tens of thousands of infected computers used by cyber criminals.

Levashov’s comments offered a rare glimpse into the relationship between cyber criminals and the Russian state. U.S. officials say Russian authorities routinely shield hackers from prosecution abroad before recruiting them for espionage work. [Continue reading…]

Facebooktwittermail

NSA warned White House against using personal email

Politico reports: The National Security Agency warned senior White House officials in classified briefings that improper use of personal cellphones and email could make them vulnerable to espionage by Russia, China, Iran and other adversaries, according to officials familiar with the briefings.

The briefings came soon after President Donald Trump was sworn into office on Jan. 20, and before some top aides, including senior adviser Jared Kushner, used their personal email and phones to conduct official White House business, as disclosed by POLITICO this week.

The NSA briefers explained that cyberspies could be using sophisticated malware to turn the personal cellphones of White House aides into clandestine listening devices, to take photos and video without the user’s knowledge and to transfer vast amounts of data via Wi-Fi networks and Bluetooth, according to one former senior U.S. intelligence official familiar with the briefings. [Continue reading…]

Facebooktwittermail

21 states told they were targeted by Russian hackers during 2016 election

The Washington Post reports: The Department of Homeland Security contacted election officials in 21 states Friday to notify them that they had been targeted by Russian government hackers during the 2016 election.

Three months ago, DHS officials said that people connected to the Russian government tried to hack voting registration files or public election sites in 21 states, but Friday was the first time that government officials contacted individual state election officials to let them know they were targeted.

Officials said DHS told officials in all 50 states whether they were hacked or not.

“We heard feedback from the secretaries of state that this was an important piece of information,” said Bob Kolasky, acting deputy undersecretary for DHS’s National Protection and Programs Directorate. “We agreed that this information would help election officials make security decisions.”

He said it was important that the states shore up their systems now “rather than a few weeks before” the 2018 midterm elections. [Continue reading…]

Facebooktwittermail

U.S. bans use of Kaspersky software in federal agencies amid concerns of Russian espionage

The Washington Post reports: The U.S. government on Wednesday moved to ban the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyberespionage activities.

In a binding directive, acting homeland security secretary Elaine Duke ordered that federal civilian agencies identify Kaspersky Lab software on their networks. After 90 days, unless otherwise directed, they must remove the software, on the grounds that the company has connections to the Russian government and its software poses a security risk.

The Department of Homeland Security “is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the department said in a statement. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.” [Continue reading…]

Facebooktwittermail

WikiLeaks turned down leaks on Russian government during U.S. presidential campaign

Foreign Policy reports: In the summer of 2016, as WikiLeaks was publishing documents from Democratic operatives allegedly obtained by Kremlin-directed hackers, Julian Assange turned down a large cache of documents related to the Russian government, according to chat messages and a source who provided the records.

WikiLeaks declined to publish a wide-ranging trove of documents — at least 68 gigabytes of data — that came from inside the Russian Interior Ministry, according to partial chat logs reviewed by Foreign Policy.

The logs, which were provided to FP, only included WikiLeaks’s side of the conversation.

“As far as we recall these are already public,” WikiLeaks wrote at the time.

“WikiLeaks rejects all submissions that it cannot verify. WikiLeaks rejects submissions that have already been published elsewhere or which are likely to be considered insignificant. WikiLeaks has never rejected a submission due to its country of origin,” the organization wrote in a Twitter direct message when contacted by FP about the Russian cache.

(The account is widely believed to be operated solely by Assange, the group’s founder, but in a Twitter message to FP, the organization said it is maintained by “staff.”)

In 2014, the BBC and other news outlets reported on the cache, which revealed details about Russian military and intelligence involvement in Ukraine. However, the information from that hack was less than half the data that later became available in 2016, when Assange turned it down.

“We had several leaks sent to Wikileaks, including the Russian hack. It would have exposed Russian activities and shown WikiLeaks was not controlled by Russian security services,” the source who provided the messages wrote to FP. “Many Wikileaks staff and volunteers or their families suffered at the hands of Russian corruption and cruelty, we were sure Wikileaks would release it. Assange gave excuse after excuse.”

The Russian cache was eventually quietly published online elsewhere, to almost no attention or scrutiny. [Continue reading…]

Facebooktwittermail

In Ukraine, a malware expert who could blow the whistle on Russian hacking

The New York Times reports: The hacker, known only by his online alias “Profexer,” kept a low profile. He wrote computer code alone in an apartment and quietly sold his handiwork on the anonymous portion of the internet known as the Dark Web. Last winter, he suddenly went dark entirely.

Profexer’s posts, already accessible only to a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in the hacking of the Democratic National Committee.

But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I.

“I don’t know what will happen,” he wrote in one of his last messages posted on a restricted-access website before going to the police. “It won’t be pleasant. But I’m still alive.”

It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the D.N.C. hack and the heated debate it has stirred. The Ukrainian police declined to divulge the man’s name or other details, other than that he is living in Ukraine and has not been arrested. [Continue reading…]

Facebooktwittermail