Hack of Democrats’ accounts was wider than believed, officials say

The New York Times reports: A Russian cyberattack that targeted Democratic politicians was bigger than it first appeared and breached the private email accounts of more than 100 party officials and groups, officials with knowledge of the case said Wednesday.

The widening scope of the attack has prompted the F.B.I. to broaden its investigation, and agents have begun notifying a long list of Democratic officials that the Russians may have breached their personal accounts.

The main targets appear to have been the personal email accounts of Hillary Clinton’s campaign officials and party operatives, along with a number of party organizations.

Officials have acknowledged that the Russian hackers gained access to the Democratic Congressional Campaign Committee, which is the fund-raising arm for House Democrats, and to the Democratic National Committee, including a D.N.C. voter analytics program used by Mrs. Clinton’s presidential campaign.

But the hack now appears to have extended well beyond those groups, and organizations like the Democratic Governors’ Association may also have been affected, according to Democrats involved in the investigation. [Continue reading…]

Facebooktwittermail

Obama prepares to boost U.S. cyberwarfare capabilities

Reuters reports: The Obama administration is preparing to elevate the stature of the Pentagon’s Cyber Command, signaling more emphasis on developing cyber weapons to deter attacks, punish intruders into U.S. networks and tackle adversaries such as Islamic State, current and former officials told Reuters.

Under the plan being considered at the White House, the officials said, U.S. Cyber Command would become what the military calls a “unified command” equal to combat branches of the military such as the Central and Pacific Commands.

Cyber Command would be separated from the National Security Agency, a spy agency responsible for electronic eavesdropping, the officials said. That would give Cyber Command leaders a larger voice in arguing for the use of both offensive and defensive cyber tools in future conflicts. [Continue reading…]

Facebooktwittermail

Clinton campaign said to be hacked, apparently by Russians

The New York Times reports: Computer systems used by Hillary Clinton’s presidential campaign were hacked in an attack that appears to have come from Russia’s intelligence services, a federal law enforcement official said on Friday.

The apparent breach, coming after the disclosure last month that the Democratic National Committee’s computer system had been compromised, escalates an international episode in which Clinton campaign officials have suggested that Russia might be trying to sway the outcome of the election.

Mrs. Clinton’s campaign said in a statement that intruders had gained access to an analytics program used by the campaign and maintained by the national committee, but it said that it did not believe that the campaign’s own internal computer systems had been compromised.

The Democratic Congressional Campaign Committee, the fund-raising arm for House Democrats, also said on Friday that its systems had been hacked. Together, the databases of the national committee and the House organization contain some of the party’s most sensitive communications and voter and financial data.

Meredith Kelly, a spokeswoman for the congressional committee, said that after it discovered the breach, “we immediately took action and engaged with CrowdStrike, a leading forensic investigator, to assist us in addressing this incident.”

The attack on the congressional committee’s system appears to have come from an entity known as “Fancy Bear,” which is connected to the G.R.U., the Russian military intelligence service, according to an official involved in the forensic investigation. [Continue reading…]

Reuters reports: Several U.S. officials said the Obama administration has avoided publicly attributing the attacks to Russia as that might undermine Secretary of State John Kerry’s effort to win Russian cooperation in the war on Islamic State in Syria.

The officials said the administration fears Russian President Vladimir Putin might respond to a public move by escalating cyber attacks on U.S. targets, increasing military harassment of U.S. and allied aircraft and warships in the Baltic and Black Seas, and making more aggressive moves in Eastern Europe.

Some officials question the approach, arguing that responding more forcefully to Russia would be more effective than remaining silent.

The Obama administration announced in an April 2015 executive order that it could apply economic sanctions in response to cyber attacks. [Continue reading…]

Facebooktwittermail

How vulnerable to hacking is the U.S. election cyber infrastructure?

By Richard Forno, University of Maryland, Baltimore County

Following the hack of Democratic National Committee emails and reports of a new cyberattack against the Democratic Congressional Campaign Committee, worries abound that foreign nations may be clandestinely involved in the 2016 American presidential campaign. Allegations swirl that Russia, under the direction of President Vladimir Putin, is secretly working to undermine the U.S. Democratic Party. The apparent logic is that a Donald Trump presidency would result in more pro-Russian policies. At the moment, the FBI is investigating, but no U.S. government agency has yet made a formal accusation.

The Republican nominee added unprecedented fuel to the fire by encouraging Russia to “find” and release Hillary Clinton’s missing emails from her time as secretary of state. Trump’s comments drew sharp rebuke from the media and politicians on all sides. Some suggested that by soliciting a foreign power to intervene in domestic politics, his musings bordered on criminality or treason. Trump backtracked, saying his comments were “sarcastic,” implying they’re not to be taken seriously.

Of course, the desire to interfere with another country’s internal political processes is nothing new. Global powers routinely monitor their adversaries and, when deemed necessary, will try to clandestinely undermine or influence foreign domestic politics to their own benefit. For example, the Soviet Union’s foreign intelligence service engaged in so-called “active measures” designed to influence Western opinion. Among other efforts, it spread conspiracy theories about government officials and fabricated documents intended to exploit the social tensions of the 1960s. Similarly, U.S. intelligence services have conducted their own secret activities against foreign political systems – perhaps most notably its repeated attempts to help overthrow pro-communist Fidel Castro in Cuba.

Although the Cold War is over, intelligence services around the world continue to monitor other countries’ domestic political situations. Today’s “influence operations” are generally subtle and strategic. Intelligence services clandestinely try to sway the “hearts and minds” of the target country’s population toward a certain political outcome.

What has changed, however, is the ability of individuals, governments, militaries and criminal or terrorist organizations to use internet-based tools – commonly called cyberweapons – not only to gather information but also to generate influence within a target group.

So what are some of the technical vulnerabilities faced by nations during political elections, and what’s really at stake when foreign powers meddle in domestic political processes?

[Read more…]

Facebooktwittermail

How the U.S. can retaliate if Kremlin hackers tried to influence the presidential election

Vice News reports: The US intelligence community and private cybersecurity firms say Russia almost certainly hacked the Democratic National Committee and leaked documents that enraged Bernie Sanders supporters, embarrassed Democratic donors and senior party officials, and led to the resignation of DNC chairwoman Debbie Wasserman Schultz.

The US government hasn’t publicly accused Russia of responsibility for the leak, but President Barack Obama noted on Tuesday that Russia has a history of interfering in other countries’ elections.

Now the question is whether the US government is going to do something about it.

If confirmed, Kremlin responsibility for the DNC hack and leak would mark the first time a foreign government has interfered in a US election on this grand a scale.

“If Russian involvement is true, it shows how far they will go to get involved in our internal affairs,” said former US Ambassador to Russia Michael McFaul. “That’s something new. I don’t think anything remotely close to that happened during the Cold War.”

“We all do espionage,” he said, “but it’s one thing to practice intelligence gathering, and another to use those means to affect an electoral outcome.”

McFaul says all the evidence points to Russia deliberately seeking to interfere in a US election on behalf of Donald Trump, a candidate it believes would be more friendly to its interests. [Continue reading…]

Facebooktwittermail

By November, Russian hackers could target voting machines

Bruce Schneier writes: Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands of internal emails just before the party’s convention began, U.S. intelligence agencies have reportedly concluded.

The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation’s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November — that our election systems and our voting machines could be vulnerable to a similar attack.

If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is essential. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don’t see.

Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way — politically, economically or in cyberspace — and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there’s no guarantee the next country that tries to manipulate our elections will share your preferred candidates. [Continue reading…]

Facebooktwittermail

Russian cyberattacks likely to increase if they continue to provoke little U.S. response

Defense One reports: In 2015, there were over one million cyber attacks on individuals and companies every day — and that is why even the strongest U.S. response to the theft of the Democratic National Committee emails will do little to deter future state-sponsored attacks, cybersecurity experts say.

The sheer volume and increasing sophistication of network attacks provide plausible deniability to state-sponsored groups, like the APT 28 and APT 29 thought to be behind the DNC hack, says Christopher Porter, of cybersecurity company FireEye.

“One of the key factors that makes these Russian operations doable is that sophisticated criminal groups have APT-like capabilities and go after similar targets,” said Porter, whose company first documented APT 29’s ties to the Kremlin in 2014.“The best criminals use some of the same tools that lower-end states might use.”

Recognizing the valuable cover this provides, the “Russian government has been intentionally blurring the lines between cyber activists, criminals and state-paid hackers,” said Jarno Limnell, vice president for cybersecurity at Insta Group Oy.

This makes it hard to conclusively attribute an attack to a particular government, and all but impossible to respond firmly. So Western countries have thus far remained “fairly quiet” in the face of various Russian provocations, and that has only emboldened Moscow, Limnell said. [Continue reading…]

Facebooktwittermail

The U.S. could have destroyed Iran’s entire infrastructure without dropping a single bomb

Tech Insider reports: The United States had a top-secret operation that gave it the ability to shut down much of Iran’s infrastructure ahead of a full-scale war, without a single bomb being dropped.

The incredible insight into a highly-classified cyber operation called Nitro Zeus was first exposed in the film “Zero Days” and later corroborated by The New York Times, which interviewed intelligence and military officials who were involved.

The film, directed by Alex Gibney, premieres on Friday.

“We spent hundreds of millions, maybe billions on it,” an anonymous National Security Agency source says in the film. “We were inside, waiting, watching. Ready to disrupt, degrade, and destroy those systems with cyber attacks. In comparison, Stuxnet was a back alley operation. [Nitro Zeus] was the plan for a full scale cyber war with no attribution.”

The source, whose face and voice are concealed throughout the film, is later revealed to be an actor reciting lines from testimony offered to Director Alex Gibney by CIA and NSA employees.

The focus of the “Zero Days” film is on Stuxnet — the world’s first cyber weapon — that was used against Iran’s nuclear facilities. But in researching for the film, Gibney found that malicious software was just one small piece of a much larger puzzle. [Continue reading…]

 

Facebooktwittermail

What cyberwar against ISIS should look like

Fred Kaplan writes: Pentagon officials have publicly said, in recent weeks, that they’re hitting ISIS not only with bullets and bombs but also with cyberoffensive operations. “We are dropping cyberbombs,” Robert Work, deputy secretary of defense, is quoted as proclaiming in Monday’s New York Times. Similar, if less colorful, statements have been made by Secretary of Defense Ash Carter and,a week ago, President Obama.

What does it mean? And what effects are these new weapons having on the overall war? After dropping his “cyberbombs” bombshell, Work said, “We have never done that before.” But in fact, the United States has done it before, against Iraqi insurgents, including al-Qaida fighters, back in 2007. And, as I discovered while researching my book Dark Territory: The Secret History of Cyber War, the effects were devastating.

Standard accounts have credited President George W. Bush’s troop surge and Gen. David Petraeus’ counterinsurgency strategy for turning the Iraq conflict in the coalition’s favor in 2007. These accounts aren’t wrong, as far as they go, but they leave out another crucial factor — cyberoffensive warfare, as conducted by the Joint Special Operations Command and the National Security Agency. [Continue reading…]

Facebooktwittermail

FBI adds two Syrian hackers to its most-wanted list for cybercriminals

The Atlantic reports: In late April 2013, a tweet from the Associated Press claimed that a pair of explosions at the White House had injured President Barack Obama. Markets reacted nearly instantly, sending stocks plunging. But when, a short time later, Press Secretary Jay Carney told reporters there was no explosion, the market quickly righted itself.

The news organization’s Twitter account was hacked, it turned out. A group calling itself the Syrian Electronic Army claimed credit. In only a few minutes, their rogue tweet demonstrated the market-moving power of 140 characters sent from a credible source.

The Syrian Electronic Army has also defaced websites belonging to the U.S. Marines, Harvard University, and Human Rights Watch, as well as websites and Twitter feeds of other major news organizations like the BBC, CNN, and The Washington Post. The group’s members remained anonymous, going by pseudonyms like “The Shadow” and “The Pro.”

But on Tuesday, the Justice Department revealed the identity of three members of the group, charging them with computer hacking and placing two of them on the FBI’s “Cyber’s Most Wanted” list. The FBI is offering a $100,000 bounty for information leading to their arrest. [Continue reading…]

Facebooktwittermail

Russia steps up Syria cyber assault

Financial Times reports: Russia is mounting a far-reaching cyber espionage campaign against Syrian opposition groups and NGOs, as Moscow seeks to influence the flow of information on the country’s humanitarian crisis and obscure the full extent of its military operations there.

Targets include some of the most important human rights organisations and aid groups operating in the country, such as the Syrian Observatory of Human Rights, which reports on military incidents and is frequently cited in western media outlets, the Financial Times has learnt. The operation shares many of the hallmarks of Moscow’s sustained hacking campaign against the Ukrainian government in 2013 and 2014. [Continue reading…]

Facebooktwittermail

The cyberattack on Ukraine’s power grid is a warning of what’s to come

By Nilufer Tuptuk, UCL and Stephen Hailes, UCL

When more than 100,000 people in and around the Ukrainian city of Ivano-Frankivsk were left without power for six hours, the Ukrainian energy ministry accused Russia of launching a cyberattack on the country’s national energy grid.

Now reports released by security researchers from the SANS Industrial Control Systems team and the Industrial Control Systems Cyber Emergency Response Team confirm their belief that a cyberattack was responsible for the power cut, making the incident one of the first significant, publicly reported cyberattacks on civil infrastructure.

This is a rare event, of which the most famous example is the Stuxnet malware used to destroy equipment in the Iranian nuclear programme. Many consider Stuxnet so sophisticated that national governments must have been involved. But as is frequently the case, attributing responsibility for Stuxnet has proved difficult, and it’s likely that, despite circumstantial evidence, it will be the same in this case. While the Ukrainian Security Service (SBU) and the international press were quick to blame Russian state-backed hackers, Moscow has remained silent.

[Read more…]

Facebooktwittermail

Constructing a cyber superpower

DefenseNews reports: The site of an Army golf course named for US President Dwight Eisenhower, one long drive from the National Security Agency, is an active construction site, the future of US military cyber.

Where there were once bunkers, greens and tees is a large gray building due to become an NSA-run 600,000-square-foot, state-of-the-art server farm, a skeletal structure that will one day house US Cyber Command’s joint operations center, with plots reserved for individual Marine Corps and Navy cyber facilities.

The plans reflect the growth in ambition, manpower and resources for the five-year-old US Cyber Command. One measure of this rapid expansion is the command’s budget — $120 million at its inception in 2010 rising to $509 million for 2015.

Another measure is the $1.8 billion in construction at Fort Meade, much of it related to Cyber Command. Though Cyber Command’s service components and tactical teams are spread across the country, the headquarters for Cyber Command, the NSA and Defense Information Systems Agency make Fort Meade a growing hub for military cyber.

Earlier this year, Defense Secretary Ash Carter announced a new cyber strategy that acknowledges in the strongest terms that the Pentagon may wage offensive cyber warfare. The strategy emphasizes deterrence and sets up a reliance on the commercial technology sector, hinging on a push to strengthen ties between Silicon Valley and the Pentagon. [Continue reading…]

Facebooktwittermail

Theft of Saudi documents suggests an Iranian hack

The Washington Post reports: The purported theft of confidential Saudi documents that have been released by WikiLeaks bears the hallmarks of Iranian hackers linked to cyberattacks in more than a dozen countries, including the United States, according to cybersecurity experts and Middle East analysts.

Last week, WikiLeaks published about 70,000 of what it said were half a million documents obtained from Saudi Arabia’s Foreign Ministry. The transparency advocacy group promises more releases of the diplomatic cables, whose authenticity has not been independently verified.

Experts said that the cables, apparently stolen over the past year, paint an unflattering portrait of Saudi diplomacy as reliant on oil-wealth patronage and obsessed with Iran, the kingdom’s chief rival, but appeared to contain no shocking revelations. [Continue reading…]

Facebooktwittermail

Why cyber war is dangerous for democracies

Moisés Naím writes: This month, two years after his massive leak of NSA documents detailing U.S. surveillance programs, Edward Snowden published an op-ed in The New York Times celebrating his accomplishments. The “power of an informed public,” he wrote, had forced the U.S. government to scrap its bulk collection of phone records. Moreover, he noted, “Since 2013, institutions across Europe have ruled similar laws and operations illegal and imposed new restrictions on future activities.” He concluded by asserting that “We are witnessing the emergence of a post-terror generation, one that rejects a worldview defined by a singular tragedy. For the first time since the attacks of Sept. 11, 2001, we see the outline of a politics that turns away from reaction and fear in favor of resilience and reason.”

Maybe so. I am glad that my privacy is now more protected from meddling by U.S. and European democracies. But frankly, I am far more concerned about the cyber threats to my privacy posed by Russia, China, and other authoritarian regimes than the surveillance threats from Washington. You should be too. [Continue reading…]

Facebooktwittermail

Russia’s Internet Research Agency has industrialized the art of trolling

Adrian Chen writes: Around 8:30 a.m. on Sept. 11 last year, Duval Arthur, director of the Office of Homeland Security and Emergency Preparedness for St. Mary Parish, Louisiana, got a call from a resident who had just received a disturbing text message. “Toxic fume hazard warning in this area until 1:30 PM,” the message read. “Take Shelter. Check Local Media and columbiachemical.com.”

St. Mary Parish is home to many processing plants for chemicals and natural gas, and keeping track of dangerous accidents at those plants is Arthur’s job. But he hadn’t heard of any chemical release that morning. In fact, he hadn’t even heard of Columbia Chemical. St. Mary Parish had a Columbian Chemicals plant, which made carbon black, a petroleum product used in rubber and plastics. But he’d heard nothing from them that morning, either. Soon, two other residents called and reported the same text message. Arthur was worried: Had one of his employees sent out an alert without telling him?

If Arthur had checked Twitter, he might have become much more worried. Hundreds of Twitter accounts were documenting a disaster right down the road. “A powerful explosion heard from miles away happened at a chemical plant in Centerville, Louisiana #ColumbianChemicals,” a man named Jon Merritt tweeted. The #ColumbianChemicals hashtag was full of eyewitness accounts of the horror in Centerville. @AnnRussela shared an image of flames engulfing the plant. @Ksarah12 posted a video of surveillance footage from a local gas station, capturing the flash of the explosion. Others shared a video in which thick black smoke rose in the distance.

Dozens of journalists, media outlets and politicians, from Louisiana to New York City, found their Twitter accounts inundated with messages about the disaster. “Heather, I’m sure that the explosion at the #ColumbianChemicals is really dangerous. Louisiana is really screwed now,” a user named @EricTraPPP tweeted at the New Orleans Times-Picayune reporter Heather Nolan. Another posted a screenshot of CNN’s home page, showing that the story had already made national news. ISIS had claimed credit for the attack, according to one YouTube video; in it, a man showed his TV screen, tuned to an Arabic news channel, on which masked ISIS fighters delivered a speech next to looping footage of an explosion. A woman named Anna McClaren (@zpokodon9) tweeted at Karl Rove: “Karl, Is this really ISIS who is responsible for #ColumbianChemicals? Tell @Obama that we should bomb Iraq!” But anyone who took the trouble to check CNN.com would have found no news of a spectacular Sept. 11 attack by ISIS. It was all fake: the screenshot, the videos, the photographs.

In St. Mary Parish, Duval Arthur quickly made a few calls and found that none of his employees had sent the alert. He called Columbian Chemicals, which reported no problems at the plant. Roughly two hours after the first text message was sent, the company put out a news release, explaining that reports of an explosion were false. When I called Arthur a few months later, he dismissed the incident as a tasteless prank, timed to the anniversary of the attacks of Sept. 11, 2001. “Personally I think it’s just a real sad, sick sense of humor,” he told me. “It was just someone who just liked scaring the daylights out of people.” Authorities, he said, had tried to trace the numbers that the text messages had come from, but with no luck. (The F.B.I. told me the investigation was still open.)

The Columbian Chemicals hoax was not some simple prank by a bored sadist. It was a highly coordinated disinformation campaign, involving dozens of fake accounts that posted hundreds of tweets for hours, targeting a list of figures precisely chosen to generate maximum attention. The perpetrators didn’t just doctor screenshots from CNN; they also created fully functional clones of the websites of Louisiana TV stations and newspapers. The YouTube video of the man watching TV had been tailor-made for the project. A Wikipedia page was even created for the Columbian Chemicals disaster, which cited the fake YouTube video. As the virtual assault unfolded, it was complemented by text messages to actual residents in St. Mary Parish. It must have taken a team of programmers and content producers to pull off.

And the hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. The campaign followed the same pattern of fake news reports and videos, this time under the hashtag #EbolaInAtlanta, which briefly trended in Atlanta. Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.

On the same day as the Ebola hoax, a totally different group of accounts began spreading a rumor that an unarmed black woman had been shot to death by police. They all used the hashtag #shockingmurderinatlanta. Here again, the hoax seemed designed to piggyback on real public anxiety; that summer and fall were marked by protests over the shooting of Michael Brown in Ferguson, Mo. In this case, a blurry video purports to show the shooting, as an onlooker narrates. Watching it, I thought I recognized the voice — it sounded the same as the man watching TV in the Columbian Chemicals video, the one in which ISIS supposedly claims responsibility. The accent was unmistakable, if unplaceable, and in both videos he was making a very strained attempt to sound American. Somehow the result was vaguely Australian.

Who was behind all of this? When I stumbled on it last fall, I had an idea. I was already investigating a shadowy organization in St. Petersburg, Russia, that spreads false information on the Internet. It has gone by a few names, but I will refer to it by its best known: the Internet Research Agency. [Continue reading…]

Facebooktwittermail