North Korea said to be target of inquiry over $81 million cyberheist

The New York Times reports: Federal prosecutors are investigating North Korea’s possible role in the theft of $81 million from the central bank of Bangladesh in what security officials fear could be a new front in cyberwarfare.

The United States attorney’s office in Los Angeles has been examining the extent to which the North Korea government aided and abetted the bold heist in February 2016, according to a person briefed on the investigation who was not authorized to speak publicly.

In the theft, the attackers, using a global payment messaging system known as Swift, were able to persuade the Federal Reserve Bank of New York to move money from the Bangladesh bank to accounts in the Philippines. The Swift system is used by some 11,000 banks and companies to transfer money from one country to another.

In the months that followed the Bangladesh heist, it was disclosed that cyberthieves had also attacked banks in Vietnam and Ecuador using Swift. [Continue reading…]

Facebooktwittermail

Why Wikileaks? Why now?

Fred Kaplan writes: Tuesday’s WikiLeaks release exposing thousands of detailed documents on CIA hacking tools is an unbridled attack on U.S. intelligence operations with little or no public benefit. It makes no claim or pretense that the CIA has used these tools to engage in domestic surveillance or any other illegal activity. Most whistleblowers who leak national security secrets take care to avoid revealing where the secrets come from — the “sources and methods” of the intelligence. These documents are about nothing but sources and methods. [Continue reading…]

Reuters reports: A longtime intelligence contractor with expertise in U.S. hacking tools told Reuters the documents included correct “cover” terms describing active cyber programs.

“People on both sides of the river are furious,” he said, referring to the CIA and the eavesdropping National Security Agency based in Fort Meade, Maryland. “This is not a Snowden-type situation. This was taken over a long term and handed over to WikiLeaks.” [Continue reading…]

In a press release, Wikileaks said: Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete. [Continue reading…]

The Atlantic reports: WikiLeaks appears to be shifting its strategy with its latest document dump. In the past, it has let the public loose on its leaked documents with little more than a few paragraphs of introduction, occasionally building search functions to let users sift through the largest dumps. The CIA leak, on the other hand, came with a detailed press release and analysis of the some key findings from the documents, written in a journalistic style.

Uncharacteristically, WikiLeaks appears to have gone out of its way to redact sensitive information and withhold malicious code from the CIA documents it made public. That’s a slight departure from previous leaks, which were wholly unfiltered. [Continue reading…]

Given that it has become increasingly difficult to differentiate between Wikileaks the organization and Julian Assange the individual, I have my doubts that the massive number of redactions and carefully crafted press release should necessarily be attributed to a shift in strategy on the part of Wikileaks/Assange. This may in fact be the way the leaks were delivered: pre-packaged.

In other words, the leaker(s) were just as concerned about how this information got out as they were with its contents — and that begs the question (as posed by @pwnallthethings): why use Wikileaks?

If, as the source is alleged to claim, the goal here is to generate public debate, why use such a flawed messenger — a messenger widely viewed as operating in the service of the Russian intelligence.

The source’s choice of going through Wikileaks suggests they were opting for a suitably malleable conduit and wanted to reach a target audience that thinks little or cares less about Julian Assange’s agenda.

Journalists are hamstrung (or to put it less kindly, incredibly easy to manipulate) in this situation. The key questions are about the source of leaks and the agenda being pursued, yet these are at this time matters of pure conjecture. The alternative to speculation is to focus on the content and get distracted by smart TV vulnerabilities etc.

Yet the source/Wikileaks is in large part teeing this up for political debate and casting the CIA as a rogue intelligence agency — a narrative that surely plays well inside the White House.

As is often the case, Donald Trump’s current silence is much more telling than his tweets.

Facebooktwittermail

Trump inherits a secret cyberwar against North Korean missiles

The New York Times reports: Three years ago, President Barack Obama ordered Pentagon officials to step up their cyber and electronic strikes against North Korea’s missile program in hopes of sabotaging test launches in their opening seconds.

Soon a large number of the North’s military rockets began to explode, veer off course, disintegrate in midair and plunge into the sea. Advocates of such efforts say they believe that targeted attacks have given American antimissile defenses a new edge and delayed by several years the day when North Korea will be able to threaten American cities with nuclear weapons launched atop intercontinental ballistic missiles.

But other experts have grown increasingly skeptical of the new approach, arguing that manufacturing errors, disgruntled insiders and sheer incompetence can also send missiles awry. Over the past eight months, they note, the North has managed to successfully launch three medium-range rockets. And Kim Jong-un, the North Korean leader, now claims his country is in “the final stage in preparations” for the inaugural test of his intercontinental missiles — perhaps a bluff, perhaps not.

An examination of the Pentagon’s disruption effort, based on interviews with officials of the Obama and Trump administrations as well as a review of extensive but obscure public records, found that the United States still does not have the ability to effectively counter the North Korean nuclear and missile programs. Those threats are far more resilient than many experts thought, The New York Times’s reporting found, and pose such a danger that Mr. Obama, as he left office, warned President Trump they were likely to be the most urgent problem he would confront. [Continue reading…]

Facebooktwittermail

Watch out, Europe. Germany is top of Russian hackers’ list

Natalie Nougayrède writes: One year ago in Berlin, Lisa F, a 13-year-old German-Russian girl, disappeared for 30 hours. When she returned to her parents, she claimed she had been kidnapped and raped by “Arab” men. This was a lie – as she later admitted. She had fallen out with her parents and invented the whole story. But that did little to stop the episode from becoming the centrepiece of a whirlwind Russian disinformation campaign aimed at destabilising Angela Merkel and German institutions.

Russian state media and pro-Russian websites in Germany immediately swirled with reports. Merkel was already under pressure for her open-door policy on refugees. Now German far-right groups and representatives of Germany’s ethnic Russian community held demonstrations. The Russian foreign minister, Sergey Lavrov, described Lisa (a dual German-Russian citizen) as “our girl” and accused German authorities of a cover-up and “whitewashing reality to make it politically correct”.

A diplomatic spat ensued, with the German foreign minister accusing Russia of “political propaganda”. Berlin officials struggled to counter the Russian campaign. But Moscow’s overt meddling in Germany’s domestic politics seeped into the public consciousness – for a while, at least.

Fast-forward to January 2017. The fallout from the Trump-Russia dossier has now placed Vladimir Putin and his power structure at the centre of American politics. For Europeans, a question arises: what could this all mean for the old continent, as it approaches key elections? This year, voting will take place in France, the Netherlands and in Germany. Remembering the Lisa scandal is important, for it says something about what may lie ahead.

Now that Russia’s covert activities are being so intensely discussed in the US, it is high time Europe placed as much attention on what it might, in turn, be confronted with – and to prepare itself. [Continue reading…]

Facebooktwittermail

Trump voters mostly indifferent about Russian interference in U.S. election

The New York Times reports: “Sour grapes,” explained Bob Marino, 79, weighing in on the recent spycraft bombshell from the corner table of a local McDonald’s.

“Sour grapes,” agreed Roger Noel, 65, sitting next to him.

“Bunch of crybabies,” Reed Guidry, 64, offered from across the table.

The subject of conversation was the report released by United States intelligence chiefs on Friday informing President-elect Donald J. Trump of their unanimous conclusion that President Vladimir V. Putin of Russia ordered an extensive, but covert, cyberoperation to help Mr. Trump win the election. The Russians had hacked and leaked emails, unleashed “trolls” on social media and used their “state-run propaganda machine” to spread stories harmful to Hillary Clinton.

In Washington, the report was viewed as extraordinary, both for its timing, raising sharp questions about the president-elect’s legitimacy on the verge of his taking office, and for its assertions, describing the operation as Russia’s boldest effort yet to meddle with American elections, to spread discontent and to “undermine the U.S.-led democratic order.”

But interviews with Trump supporters here in Louisiana, a state the president-elect won by 20 points, and in Indiana, a state he won by nearly the same margin, found opinions about the report that ranged from general indifference to outright derision.

“From the parts of the report I’ve seen,” said Rob Maness, a retired Air Force colonel who twice ran for Senate here as Tea Party favorite, “it seems silly.”

There are genuine concerns about Russia’s cyberoperations, he said, but the notion that they changed the outcome of the election was absurd. (The report made no determination on how they affected the election.)

Of the comments he had seen from fellow Trump supporters on Facebook and in emails, he added, “90 percent of them are like, ‘What’s the big deal?’”

The Russians may have very well gotten involved, several people said. They added that kind of interference should be combated. But many assumed that foreign actors had long tried to play favorites in American elections, and that the United States had done the same in other countries’ elections. Even if the Russians did do it — which some were more willing to concede than others — what difference did it make? People did not need the Russians to make up their minds about Mrs. Clinton, Mr. Trump’s election opponent. Blaming her loss on the Russians was, as one Trump supporter here said, “just being sore losers.” [Continue reading…]

Facebooktwittermail

How Russia is spreading fake news and forged docs in Sweden

The Local reports: Sweden’s most respected foreign policy institute has accused Russia of using underhand methods, including fake news, counterfeit documents, and other disinformation, to influence Swedish decision-making.

The report by Martin Kragh, a Russia expert at the Swedish Institute of International Affairs, is the first empirical study detailing Russia’s use of ‘active measures’ in its information war against Sweden, which is largely directed at steering the country away from joining Nato.

“The study lies within a subject area which a lot of people are discussing right now, and we want to contribute to that discussion,” Kragh told Sweden’s Dagens Nyheter newspaper.

“It is completely normal for a foreign minister to say that some development concerns them, or is positive, but what we see as a problem is when illegitimate methods are used to try to influence opinion or decision-making in Sweden.”

“It may not necessarily be politically effective to spread false documents, but we believe it demonstrates an intention to influence decision-making and that in itself is a reason to try to document and understand the ways in which it is carried out.”

In the study, which is published in the Journal of Strategic Studies, Kragh argues that over the past few years, Russia has increasingly been returning to what the KGB historically referred to as “active measures” to impact public opinion in Sweden.

According the report, “active measures” are designed “to hamper the target country’s ability to generate public support in pursuing its policies”.

Such measures have included the Russian government deploying troll armies on Swedish Twitter, launching its own Swedish-language version of the news site Sputnik, and spreading fake documents, 26 of which Kragh has identified. [Continue reading…]

Facebooktwittermail

Cyberwar for sale

Mattathias Schwartz reports: On the morning of May 18, 2014, Violeta Lagunes was perplexed by a series of strange messages that appeared in her Gmail inbox. It was Election Day to choose the leadership of Mexico’s right-wing Partido Acción Nacional, or PAN, and Lagunes, a former federal congresswoman, was holding a strategy meeting in her office in Puebla city. The emails seemed harmless, at least at first. One appeared to come from the account of a trusted colleague. It asked her to download and review a document. Lagunes clicked on the link, but it seemed to be broken, so she wrote back to her colleague and asked him to send it again. Elsewhere in her inbox was an email from Google warning her that someone had tried to log in to her account. Meanwhile, she began to receive phone calls from PAN allies, who claimed that they had received emails from Lagunes’s account that she did not remember sending.

Now Lagunes was worried. Around 1 o’clock, she called the colleague who appeared to have emailed her. She reached him at a restaurant, where he was finishing lunch with other campaign allies. “I did not send you an email,” he insisted. A consultant with the campaign — who asked to remain anonymous in order to preserve his relationships with other candidates — overheard the conversation. He knew of other campaign workers who had been receiving similar messages: emails with vague subject lines, asking the recipient to review a document or click a link. The campaign, he realized, had been hacked.

In the vote for party leader, Lagunes and her allies in Puebla — a two-hour drive southeast from Mexico City — were supporting the challenger, a senator who promised to return the party to its conservative roots. But the incumbent was backed by Puebla’s powerful governor, Rafael Moreno Valle. One of Mexico’s rising political stars, Moreno Valle is close to Mexico’s president, Enrique Peña Nieto, and has forged an alliance between PAN and Nieto’s centrist Partido Revolucionario Institucional, or PRI, long the dominant force in Mexican politics. Since winning the governorship in 2010, Moreno Valle’s opponents say, his ambitions have grown, and he has resorted to increasingly harsh measures to keep Puebla state — including members of his own party — under control. “In the beginning, the governor was low-profile and respectful,” Rafael Micalco, a former leader of PAN in Puebla state, told me. “When he became governor, he transformed. Now he controls the party through threats.”

This race to retain control of the party leadership in 2014 was a crucial test for the governor, who was rumored to be considering a run for Mexico’s presidency in 2018. (This past September, Moreno Valle publicly announced his intent to run.) Clashes between the two camps were especially intense in Puebla, where backers of the challenger, Ernesto Cordero, claimed that the governor was using public money to support the incumbent, Gustavo Madero, though the governor’s office has denied these charges. Shortly before the election, Madero’s campaign manager said that Cordero’s side was trying to undermine the legitimacy of the process. “Their strategy is clear from the outset,” he said in an interview with a Mexican magazine. “ ‘If I win, good. If not, I was cheated.’ ”

After Lagunes’s call on Election Day, her colleagues rushed from the restaurant back to their local headquarters, a hotel conference room that they had nicknamed “the bunker.” All morning, they had been trying to reach their field network, a group of 40 Cordero canvassers who were working to get out the vote in Puebla state. But the field network seemed to have gone dark. Few of the canvassers were even answering their phones. Hackers, the team concluded, must have found the list of the canvassers’ names and phone numbers — widely circulated by email within the campaign — and begun to intimidate them.

“The day before,” the consultant told me, the field network was “motivated and eager to do this work. After the hack, it was very hard to reach them. The few who did answer said that they had received phone calls saying that their lives were at stake. They were worried that if they went out, they or their families would get hurt.”

According to another worker on Cordero’s campaign, who also requested anonymity, citing fear of reprisal, the message to the canvassers was simple and direct: “We know who you are. If you don’t want any trouble, shut down your cellphone and stop your activity.” The worker added: “It’s an authoritarian regime.”

Madero won the election, with 57 percent of the 162,792 votes cast over all. In Puebla, his margin was substantially larger, roughly 74 percent. Cordero’s team decided not to contest the result. They had suspicions about how they were hacked. But it would be another year before any evidence emerged. Their political enemies, leaked documents seemed to show, had built a spying operation using software made by an Italian firm called Hacking Team — just one of many private companies that, largely below public notice, have sprung up to aid governments in surveilling the private lives of individual citizens. The industry claims that its products comply with local laws and are used to fight crime and terror. But in many countries around the world, these tools have proved to be equally adept at political espionage. [Continue reading…]

Facebooktwittermail

The GRU: Putin’s no-longer-so-secret weapon

Michael Weiss writes: It says something about the ingrained rivalry between the various fiefdoms of Russian espionage that the founder of Soviet military intelligence, Leon Trotsky, had an ice-ax driven into his head in Mexico by an agent of Stalin’s foreign intelligence service.

Ever since, in the long dark history of Soviet and Russian spookery the military’s Main Intelligence Directorate, or GRU, has been overshadowed by a succession of more powerful, famous and infamous organizations known by a succession of acronyms, most famously as the KGB and, since the collapse of the Soviet Union, the FSB and SVR.

But on Thursday the GRU suddenly emerged from the shadows when the waning Obama administration imposed sanctions on the four top-ranking GRU officers for their roles hacking the private email correspondence of the Democratic National Committee and Hillary Clinton’s campaign chief John Podesta. The entire spy agency, along with the FSB, was also sanctioned institutionally.

The Glavnoye razvedyvatel’noye upravleniye, as it is formally known, was founded in 1920, assuming the mantle of its prior incarnation, the Registration Directorate for Coordination of Efforts of All Army Intelligence Agencies, after the Red Army’s fiasco invasion of Poland that year. Its first director, Yan Berzin, was appointed by Felix Dzerzhinsky, the inaugural head of Lenin’s Cheka. Yet somehow, unlike the KGB, the GRU managed to endure the rocky transition from communism to democracy to authoritarian kleptocracy with its acronym intact. [Continue reading…]

Facebooktwittermail

Russian hackers evolve to serve the Kremlin

The Wall Street Journal reports: With the hacking of Hillary Clinton’s campaign and the Democratic National Committee, U.S. officials say Russia has unleashed a strengthened cyberwarfare weapon to sow uncertainty about the U.S. democratic process.

In doing so, Russia has transformed state-sponsored hackers known as Fancy Bear and Cozy Bear from internet spies to political tools with the power to target the country’s adversaries, according to U.S. officials and cybersecurity experts.

The attacks are the harder side of parallel campaigns in the Kremlin’s English-language media, which broadcast negative news about Western institutions and alliances and focus on issues that demonstrate or stoke instability in the West, such as Brexit. Moscow seeks particularly to weaken the North Atlantic Treaty Organization, which has expanded its defense against Russia.

“The underlying philosophy of a lot of these attacks is about establishing information as a weapon,” said Alexander Klimburg, a cyber expert at the Hague Center for Strategic Studies. “Hacking for them is literally about controlling information.”

President Vladimir Putin denies Russian involvement in the hacking, but in a way that telegraphs glee about the potential chaos being sown in the U.S. democratic process.

“Everyone is talking about who did it, but is it so important who did it?” Mr. Putin said. “What is important is the content of this information.”

Former Central Intelligence Agency Director Michael Hayden said the Kremlin doesn’t appear to be trying to influence the election’s outcome, noting Russian involvement has provided fodder for both Republicans and Democrats. “They are not trying to pick a winner,” he said Tuesday at a cybersecurity conference in Washington. Rather, Russia is likely unleashing the emails “to mess with our heads.”

Pro-Kremlin commentators in Russia have seized on the DNC leaks to cast doubt on the American democratic process and argue that Washington has no right to criticize Moscow. They have said the hacked DNC emails, which showed party officials working to undermine primary runner-up Bernie Sanders, prove Americans are hypocritical when they malign Mr. Putin’s authoritarianism. [Continue reading…]

Facebooktwittermail

White House says U.S. will retaliate against Russia for hacking

Politico reports: White House Press Secretary Josh Earnest promised on Tuesday that the U.S. would deliver a “proportional” response to Russia’s alleged hacking of American computer systems.

In addition to pledging that the U.S. “will ensure that our response is proportional,” Earnest told reporters flying on Air Force One that “it is unlikely that our response would be announced in advance.”

“The president has talked before about the significant capabilities that the U.S. government has to both defend our systems in the United States but also carry out offensive operations in other countries,” he said as the press corps traveled with the president to a Hillary Clinton campaign event in North Carolina. “So there are a range of responses that are available to the president and he will consider a response that is proportional.” [Continue reading…]

Facebooktwittermail

U.S. government officially accuses Russia of hacking campaign to interfere with elections

The Washington Post reports: The Obama administration on Friday officially accused Russia of attempting to interfere in the 2016 elections, including by hacking the computers of the Democratic National Committee and other political organizations.

The denunciation, made by the Office of the Director of National Intelligence and the Department of Homeland Security, came as pressure was growing from within the administration and some lawmakers to publicly name Moscow and hold it accountable for actions apparently aimed at sowing discord around the election.

“The U.S. Intelligence Community is confident that the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations,” said a joint statement from the two agencies. “. . . These thefts and disclosures are intended to interfere with the U.S. election process.”

The public finger-pointing was welcomed by senior Democratic and Republican lawmakers, who also said they now expect the administration to move to punish the Kremlin as part of an effort to deter further acts by its hackers. [Continue reading…]

Facebooktwittermail

Who are the Russian-backed hackers attacking the U.S. political system?

NBC News reports: Two teams of highly skilled hackers directed and protected by the Russian state are on the offensive.

Cybersecurity experts and intelligence officials tell NBC News the same hackers who broke into the Democratic Party’s computers, the World Anti-Doping Agency’s Administration System and who are implicated in the leaks of the personal emails of former Secretary of State Colin Powell and the health documents of Olympians are executing a Kremlin-backed campaign of cyber-espionage and sabotage.

Their target: Western democratic institutions and Russia’s political opponents.

“They are starting to figure out the way to apply the power they have in terms of technical capabilities into the geopolitical aspect,” Italian cyber security investigator Stefano Maccaglia told NBC News.

At a small square in Rome on a recent summer day, Maccaglia explained how he came to know most of these hackers in the early 2000s, when he was one himself. Having since crossed to the other side, Maccaglia’s job now is to investigate — sometimes for the Italian government — the Russian hackers’ cyber-attacks.

Maccaglia, who is now an advisory consultant for the network security company RSA, explained that the two teams of Russian hackers vary from trained researchers with a mathematical background to “the very funny person” skilled in computer programming languages and are turned into “gangs of cyber-mercenaries” who offer their “brilliance” to the highest bidder.

“They obviously have a very good life now,” Maccaglia said of the privileges they enjoy for their services.

Their relationship to the Russian state, he explained, is a win-win: The cyber gangsters are allowed to keep stealing — their traditional hacking work — as long as they do the bidding of Russian intelligence services.

In exchange, they receive state protection.

“They are above the law and are obviously protected,” Maccaglia said. “That’s why nobody can prosecute them. There is no way to reach them anymore.” [Continue reading…]

Facebooktwittermail

U.S. investigating potential covert Russian plan to disrupt November elections

The Washington Post reports: U.S. intelligence and law enforcement agencies are investigating what they see as a broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions, intelligence and congressional officials said.

The aim is to understand the scope and intent of the Russian campaign, which incorporates cyber-tools to hack systems used in the political process, enhancing Russia’s ability to spread disinformation.

The effort to better understand Russia’s covert influence operations is being coordinated by James R. Clapper Jr., the director of national intelligence. “This is something of concern for the DNI,” said Charles Allen, a former longtime CIA officer who has been briefed on some of these issues. “It is being addressed.”

A Russian influence operation in the United States “is something we’re looking very closely at,” said one senior intelligence official who, like others interviewed, spoke on the condition of anonymity to discuss a sensitive matter. Officials also are examining potential disruptions to the election process, and the FBI has alerted state and local officials to potential cyberthreats.

The official cautioned that the intelligence community is not saying it has “definitive proof” of such tampering, or any Russian plans to do so. “But even the hint of something impacting the security of our election system would be of significant concern,” the official said. “It’s the key to our democracy, that people have confidence in the election system.”

The Kremlin’s intent may not be to sway the election in one direction or another, officials said, but to cause chaos and provide propaganda fodder to attack U.S. democracy-building policies around the world, particularly in the countries of the former Soviet Union. [Continue reading…]

Facebooktwittermail

Release of NSA hacking tools exposes risk of keeping software vulnerabilities secret

The Washington Post reports: To penetrate the computers of foreign targets, the National Security Agency relies on software flaws that have gone undetected in the pipes of the Internet. For years, security experts have pressed the agency to disclose these bugs so they can be fixed, but the agency hackers have often been reluctant.

Now with the mysterious release of a cache of NSA hacking tools over the weekend, the agency has lost an offensive advantage, experts say, and potentially placed at risk the security of countless large companies and government agencies worldwide.

Several of the tools exploited flaws in commercial firewalls that remain unpatched, and they are out on the Internet for all to see. Anyone from a basement hacker to a sophisticated foreign spy agency has access to them now, and until the flaws are fixed, many computer systems may be in jeopardy.

The revelation of the NSA cache, which dates to 2013 and has not been confirmed by the agency, also highlights the administration’s little-known process for figuring out which software errors to disclose and which to keep secret.

The hacker tools’ release “demonstrates the key risk of the U.S. government stockpiling computer vulnerabilities for its own use: Someone else might get a hold of them and use them against us,” said Kevin Bankston, director of New America’s Open Technology Institute.

“This is exactly why it should be U.S. government policy to disclose to software vendors the vulnerabilities it buys or discovers as soon as possible, so we can all better protect our own cybersecurity.” [Continue reading…]

Facebooktwittermail

Possible NSA hacking could signal warning shot from Russia

The New York Times reports: The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed.

Most outside experts who examined the posts, by a group calling itself the Shadow Brokers, said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the N.S.A.’s custom-built malware.

Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the N.S.A. to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.

According to these experts, the coding resembled a series of “products” developed inside the N.S.A.’s highly classified Tailored Access Operations unit, some of which were described in general terms in documents stolen three years ago by Edward J. Snowden, the former N.S.A. contractor now living in Russia.

But the code does not appear to have come from Mr. Snowden’s archive, which was mostly composed of PowerPoint files and other documents that described N.S.A. programs. The documents released by Mr. Snowden and his associates contained no actual source code used to break into the networks of foreign powers.

Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the N.S.A. or other servers around the world that the agency would have used to store the files. The code that was published on Monday dates to mid-2013, when, after Mr. Snowden’s disclosures, the agency shuttered many of its existing servers and moved code to new ones as a security measure.

By midday Tuesday Mr. Snowden himself, in a Twitter message from his exile in Moscow, declared that “circumstantial evidence and conventional wisdom indicates Russian responsibility” for publication, which he interpreted as a warning shot to the American government in case it was thinking of imposing sanctions against Russia in the cybertheft of documents from the Democratic National Committee. [Continue reading…]

Facebooktwittermail

U.S. considers sanctions against Russia in response to hacks of Democratic groups

The Wall Street Journal reports: U.S. officials are discussing whether to respond to computer breaches of Democratic Party organizations with economic sanctions against Russia, but they haven’t reached a decision about how to proceed, according to several people familiar with the matter.

Levying sanctions would require the White House to publicly accuse Russia, or Russian-backed hackers, of committing the breach and then leaking embarrassing information. The U.S. has frequently opted not to publicly release attribution for cyber-assaults, though Washington did openly accuse North Korea of carrying out an embarrassing breach of Sony Pictures Entertainment Inc. in 2014.

The Federal Bureau of Investigation and U.S. intelligence agencies have been studying the Democratic hacks, and several officials have signaled it was almost certainly carried out by Russian-affiliated hackers. Russia has denied any involvement, but several cybersecurity companies have also released reports tying the breach to Russian hackers.

On Thursday, House Minority Leader Nancy Pelosi (D., Calif.) told reporters, regarding a breach of the Democratic Congressional Campaign Committee, which spearheads the Democratic House campaigns: “I know for sure it is the Russians” and “we are assessing the damage.”

She added, “This is an electronic Watergate…The Russians broke in. Who did they give the information to? I don’t know. Who dumped it? I don’t know.” [Continue reading…]

Facebooktwittermail