In cyberwarfare, everyone is a combatant

The Wall Street Journal reports: This is already a banner year for hacks, breaches and cyberwarfare, but the past week was exceptional.

South Carolina reported hackers attempted to access the state’s voter-registration system 150,000 times on Election Day last November—part of what former Homeland Security Secretary Jeh Johnson alleges is a 21-state attack perpetrated by Russia. And U.S. intelligence officials alleged that agents working for the United Arab Emirates planted false information in Qatari news outlets and social media, leading to sanctions and a rift with Qatar’s allies. Meanwhile, Lloyd’s of London declared that the takedown of a significant cloud service could lead to monetary damages on par with those of Hurricane Katrina.

Threats to the real world from the cyberworld are worse than ever, and the situation continues to deteriorate. A new kind of war is upon us, one characterized by coercion rather than the use of force, says former State Department official James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies.

Businesses and individuals now are directly affected in ways that were impossible in the first Cold War. In another age, the threat of nuclear annihilation loomed over everyone’s heads, but the cloak-and-dagger doings of global powers remained distinct from the day-to-day operations of businesses. Now, they are hopelessly entangled. The often unfathomable priorities of terrorists, cybercriminals and state-affiliated hackers only make things worse.

The current climate of cyberattacks is “crazy,” says Christopher Ahlberg of Recorded Future, a private intelligence firm that specializes in cyberthreats. “It’s like a science-fiction book. If you told anybody 10 years ago about what’s going on now, they wouldn’t believe it.”

In the first Cold War, the U.S., China and the Soviet Union fought proxy wars rather than confront one another directly. In Cold War 2.0, we still have those—Syria and whatever is brewing in North Korea come to mind—but much of the proxy fighting now happens online.

The result is significant collateral damage for businesses that aren’t even a party to the conflicts, says Corey Thomas, chief executive of cybersecurity firm Rapid 7. Recent ransomware attacks that some analysts attribute to Russia might have been aimed at Ukraine but resulted in the shutdown of computer systems at businesses and governments around the world. Russia has denied involvement in these attacks. Botnets made of internet-connected devices, stitched together by an unknown hacker for unknown reasons, caused countless internet services and websites to become unavailable in October 2016. [Continue reading…]

Facebooktwittermail

Putin’s hackers now under attack — from Microsoft

The Daily Beast reports: A new offensive by Microsoft has been making inroads against the Russian government hackers behind last year’s election meddling, identifying over 120 new targets of the Kremlin’s cyber spying, and control-alt-deleting segments of Putin’s hacking apparatus.

How are they doing it? It turns out Microsoft has something even more formidable than Moscow’s malware: Lawyers.

Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft’s trademarks. The action, though, is not about dragging the hackers into court. The lawsuit is a tool for Microsoft to target what it calls “the most vulnerable point” in Fancy Bear’s espionage operations: the command-and-control servers the hackers use to covertly direct malware on victim computers. These servers can be thought of as the spymasters in Russia’s cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents. [Continue reading…]

Facebooktwittermail

UAE orchestrated hacking of Qatari sites, sparking regional upheaval, according to U.S. intel officials

The Washington Post reports: The United Arab Emirates orchestrated the hacking of Qatari government news and social media sites in order to post incendiary false quotes attributed to Qatar’s emir, Sheikh Tamim Bin Hamad al-Thani, in late May that sparked the ongoing upheaval between Qatar and its neighbors, according to U.S. intelligence officials.

Officials became aware last week that newly analyzed information gathered by U.S. intelligence agencies confirmed that on May 23, senior members of the UAE government discussed the plan and its implementation. The officials said it remains unclear whether the UAE carried out the hacks itself or contracted to have them done. The false reports said that the emir, among other things, had called Iran an “Islamic power” and praised Hamas.

The hacks and posting took place on May 24, shortly after President Trump completed a lengthy counterterrorism meeting with Persian Gulf leaders in neighboring Saudi Arabia and declared them unified. [Continue reading…]

Facebooktwittermail

Soviet veteran who met with Trump Jr. is a master of the dark arts

The New York Times reports: Rinat Akhmetshin, the Russian-American lobbyist who met with Donald Trump Jr. at Trump Tower in June 2016, had one consistent message for the journalists who met him over the years at the luxury hotels where he stayed in Moscow, London and Paris, or at his home on a leafy street in Washington: Never use email to convey information that needed to be kept secret.

While not, he insisted, an expert in the technical aspects of hacking nor, a spy, Mr. Akhmetshin talked openly about how he had worked with a counterintelligence unit while serving with the Red Army after its 1979 invasion of Afghanistan and how easy it was to find tech-savvy professionals ready and able to plunder just about any email account.

A journalist who visited his home was given a thumb drive containing emails that had apparently been stolen by hackers working for one of his clients.

On another occasion, at a meeting with a New York Times reporter at the Ararat Park Hyatt hotel in Moscow, Mr. Akhmetshin, by then an American citizen, informed the journalist he had recently been reading one of his emails: a note sent by the reporter to a Russian-American defense lawyer who had once worked for Mikhail Khodorkovsky, the anti-Kremlin oligarch.

In that instance, the reporter’s email had become public as part of a lawsuit. But the episode suggests Mr. Akhmetshin’s professional focus in the decades since he immigrated to the United States — and the experience that he brought to a meeting last June in New York with President Trump’s oldest son, Donald Trump Jr., his son-in-law, Jared Kushner, and the then-head of the Trump presidential campaign, Paul J. Manafort. [Continue reading…]

Facebooktwittermail

Trump team met Russian accused of international hacking conspiracy

The Daily Beast reports: The alleged former Soviet intelligence officer who attended the now-infamous meeting with Donald Trump Jr. and other top campaign officials last June was previously accused in federal and state courts of orchestrating an international hacking conspiracy.

Rinat Akhmetshin told the Associated Press on Friday he accompanied Russian lawyer Natalia Veselnitskaya to the June 9, 2016, meeting with Donald Trump Jr., Jared Kushner, and Paul Manafort. Trump’s attorney confirmed Akhmetshin’s attendance in a statement.

Akhmetshin’s presence at Trump Tower that day adds another layer of controversy to an episode that already provides the clearest indication of collusion between the Kremlin and the Trump campaign. In an email in the run-up to that rendezvous, Donald Trump Jr. was promised “very high level and sensitive information” on Hillary Clinton as “part of Russia and its government’s support for Mr. Trump.”

Akhmetshin had been hired by Veselnitskaya to help with pro-Russian lobbying efforts in Washington. He also met and lobbied Rep. Dana Rohrabacher, chairman of the Foreign Affairs Sub-Committee for Europe, in Berlin in April. [Continue reading…]

Facebooktwittermail

Kaspersky Lab has been working with Russian intelligence

Bloomberg reports: The previously unreported emails, from October 2009, are from a thread between Eugene Kaspersky and senior staff. In Russian, Kaspersky outlines a project undertaken in secret a year earlier “per a big request on the Lubyanka side,” a reference to the FSB offices. Kaspersky Lab confirmed the emails are authentic.

The software that the CEO was referring to had the stated purpose of protecting clients, including the Russian government, from distributed denial-of-service (DDoS) attacks, but its scope went further. Kaspersky Lab would also cooperate with internet hosting companies to locate bad actors and block their attacks, while assisting with “active countermeasures,” a capability so sensitive that Kaspersky advised his staff to keep it secret.

“The project includes both technology to protect against attacks (filters) as well as interaction with the hosters (‘spreading’ of sacrifice) and active countermeasures (about which, we keep quiet) and so on,” Kaspersky wrote in one of the emails.

“Active countermeasures” is a term of art among security professionals, often referring to hacking the hackers, or shutting down their computers with malware or other tricks. In this case, Kaspersky may have been referring to something even more rare in the security world. A person familiar with the company’s anti-DDoS system says it’s made up of two parts. The first consists of traditional defensive techniques, including rerouting malicious traffic to servers that can harmlessly absorb it. The second part is more unusual: Kaspersky provides the FSB with real-time intelligence on the hackers’ location and sends experts to accompany the FSB and Russian police when they conduct raids. That’s what Kaspersky was referring to in the emails, says the person familiar with the system. They weren’t just hacking the hackers; they were banging down the doors. [Continue reading…]

Facebooktwittermail

U.S. officials say Russian government hackers have penetrated energy and nuclear company business networks

The Washington Post reports: Russian government hackers were behind recent cyber-intrusions into the business systems of U.S. nuclear power and other energy companies in what appears to be an effort to assess their networks, according to U.S. government officials.

The U.S. officials said there is no evidence the hackers breached or disrupted the core systems controlling operations at the plants, so the public was not at risk. Rather, they said, the hackers broke into systems dealing with business and administrative tasks, such as personnel.

At the end of June, the FBI and the Department of Homeland Security sent a joint alert to the energy sector stating that “advanced, persistent threat actors” — a euphemism for sophisticated foreign hackers — were stealing network log-in and password information to gain a foothold in company networks. The agencies did not name Russia.

The campaign marks the first time Russian government hackers are known to have wormed their way into the networks of American nuclear power companies, several U.S. and industry officials said. And the penetration could be a sign that Russia is seeking to lay the groundwork for more damaging hacks. [Continue reading…]

Facebooktwittermail

Russians are suspects in nuclear site hackings, sources say

Bloomberg reports: Hackers working for a foreign government recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas, according to current and former U.S. officials, sparking concerns the attackers were searching for vulnerabilities in the electrical grid.

The rivals could be positioning themselves to eventually disrupt the nation’s power supply, warned the officials, who noted that a general alert was distributed to utilities a week ago. Adding to those concerns, hackers recently infiltrated an unidentified company that makes control systems for equipment used in the power industry, an attack that officials believe may be related.

The chief suspect is Russia, according to three people familiar with the continuing effort to eject the hackers from the computer networks. One of those networks belongs to an aging nuclear generating facility known as Wolf Creek — owned by Westar Energy Inc., Great Plains Energy Inc. and Kansas Electric Power Cooperative Inc. — on a lake shore near Burlington, Kansas.

The possibility of a Russia connection is particularly worrisome, former and current officials say, because Russian hackers have previously taken down parts of the electrical grid in Ukraine and appear to be testing increasingly advanced tools to disrupt power supplies. [Continue reading…]

Facebooktwittermail

Trump voter-fraud panel’s data request a gold mine for hackers, experts warn

Politico reports: Cybersecurity specialists are warning that President Donald Trump’s voter-fraud commission may unintentionally expose voter data to even more hacking and digital manipulation.

Their concerns stem from a letter the commission sent to every state this week, asking for full voter rolls and vowing to make the information “available to the public.” The requested information includes full names, addresses, birth dates, political party and, most notably, the last four digits of Social Security numbers. The commission is also seeking data such as voter history, felony convictions and military service records.

Digital security experts say the commission’s request would centralize and lay bare a valuable cache of information that cyber criminals could use for identity theft scams — or that foreign spies could leverage for disinformation schemes.

“It is beyond stupid,” said Nicholas Weaver, a computer science professor at the University of California at Berkeley.

“The bigger the purse, the more effort folks would spend to get at it,” said Joe Hall, chief technologist at the Center for Democracy and Technology, a digital advocacy group. “And in this case, this is such a high-profile and not-so-competent tech operation that we’re likely to see the hacktivists and pranksters take shots at it.”

Indeed, by Friday night, over 20 states — from California to Mississippi to Virginia — had indicated they would not comply with the request, with several citing privacy laws and expressing unease about aggregating voter data. [Continue reading…]

Facebooktwittermail

GOP activist who sought Clinton emails cited Trump campaign officials

The Wall Street Journal reports: A longtime Republican activist who led an operation hoping to obtain Hillary Clinton emails from hackers listed senior members of the Trump campaign, including some who now serve as top aides in the White House, in a recruitment document for his effort.

The activist, Peter W. Smith, named the officials in a section of the document marked “Trump Campaign.” The document was dated Sept. 7, 2016. That was around the time Mr. Smith said he started his search for 33,000 emails Mrs. Clinton deleted from the private server she used for official business while secretary of state. She said the deleted emails concerned personal matters. She turned over tens of thousands of other emails to the State Department.

As reported Thursday by The Wall Street Journal, Mr. Smith and people he recruited to his effort theorized the deleted emails might have been stolen by hackers and might contain matters that were politically damaging. He and his associates said they were in touch with several groups of hackers, including two from Russia they suspected were tied to the Moscow government, in a bid to find any stolen emails and potentially hurt Mrs. Clinton’s prospects.

Mr. Smith’s purpose in listing the officials isn’t clear. There is no indication in the document that he sought or received any coordination from the campaign officials or the campaign in general.

Mr. Smith died in mid-May at age 81, about 10 days after he spoke to the Journal. He said he operated independently of the Trump campaign.

Officials identified in the document include Steve Bannon, now chief strategist for President Donald Trump; Kellyanne Conway, former campaign manager and now White House counselor; Sam Clovis, a policy adviser to the Trump campaign and now a senior adviser at the Agriculture Department; and retired Lt. Gen. Mike Flynn, who was a campaign adviser and briefly was national security adviser in the Trump administration.

Mr. Bannon said he never met with Mr. Smith or anyone affiliated with a limited-liability company, KLS Research LLC, that the document said had been established for its mission. “Never heard of KLS Research or Peter Smith,” Mr. Bannon said.

Ms. Conway said she knew Mr. Smith from Republican politics but hadn’t spoken to him in years. “I never met with him” during the campaign, Ms. Conway said. “There were no calls, no meetings, no nothing.”

The White House didn’t immediately respond to a request for comment. Neither did the Agriculture Department, Mr. Clovis’s employer.

Mr. Flynn, his consulting firm Flynn Intel Group and his son Michael G. Flynn, who was chief of staff at Flynn Intel, were cited more extensively as Mr. Smith sought to recruit researchers, as well as in documents related to the effort that have been described to the Journal. Neither Mr. Flynn nor his son responded to requests for comment. [Continue reading…]

Facebooktwittermail

A plot, with apparent Russian backing, to use Clinton emails in the Trump campaign

Matt Tait, a former information security specialist for GCHQ and currently a security consultant who tweets as @pwnallthethings, was a source for the Wall Street Journal’s reporting on Peter Smith, his ties to the Trump campaign and his apparent communications with Russian intelligence. Tait writes: When he first contacted me, I did not know who Smith was, but his legitimate connections within the Republican party were apparent. My motive for initially speaking to him was that I wondered if the campaign was trying to urgently establish whether the claims that Russia had hacked the DNC was merely “spin” from the Clinton campaign, or instead something they would need to address before Trump went too far down the road of denying it. My guess was that maybe they wanted to contact someone who could provide them with impartial advice to understand whether the claims were real or just rhetoric.

Although it wasn’t initially clear to me how independent Smith’s operation was from Flynn or the Trump campaign, it was immediately apparent that Smith was both well connected within the top echelons of the campaign and he seemed to know both Lt. Gen. Flynn and his son well. Smith routinely talked about the goings on at the top of the Trump team, offering deep insights into the bizarre world at the top of the Trump campaign. Smith told of Flynn’s deep dislike of DNI Clapper, whom Flynn blamed for his dismissal by President Obama. Smith told of Flynn’s moves to position himself to become CIA Director under Trump, but also that Flynn had been persuaded that the Senate confirmation process would be prohibitively difficult. He would instead therefore become National Security Advisor should Trump win the election, Smith said. He also told of a deep sense of angst even among Trump loyalists in the campaign, saying “Trump often just repeats whatever he’s heard from the last person who spoke to him,” and expressing the view that this was especially dangerous when Trump was away.

Over the course of a few phone calls, initially with Smith and later with Smith and one of his associates—a man named John Szobocsan—I was asked about my observations on technical details buried in the State Department’s release of Secretary Clinton’s emails (such as noting a hack attempt in 2011, or how Clinton’s emails might have been intercepted by Russia due to lack of encryption). I was also asked about aspects of the DNC hack, such as why I thought the “Guccifer 2” persona really was in all likelihood operated by the Russian government, and how it wasn’t necessary to rely on CrowdStrike’s attribution as blind faith; noting that I had come to the same conclusion independently based on entirely public evidence, having been initially doubtful of CrowdStrike’s conclusions.

Towards the end of one of our conversations, Smith made his pitch. He said that his team had been contacted by someone on the “dark web”; that this person had the emails from Hillary Clinton’s private email server (which she had subsequently deleted), and that Smith wanted to establish if the emails were genuine. If so, he wanted to ensure that they became public prior to the election. What he wanted from me was to determine if the emails were genuine or not.

It is no overstatement to say that my conversations with Smith shocked me. Given the amount of media attention given at the time to the likely involvement of the Russian government in the DNC hack, it seemed mind-boggling for the Trump campaign—or for this offshoot of it—to be actively seeking those emails. To me this felt really wrong.

In my conversations with Smith and his colleague, I tried to stress this point: if this dark web contact is a front for the Russian government, you really don’t want to play this game. But they were not discouraged. They appeared to be convinced of the need to obtain Clinton’s private emails and make them public, and they had a reckless lack of interest in whether the emails came from a Russian cut-out. Indeed, they made it quite clear to me that it made no difference to them who hacked the emails or why they did so, only that the emails be found and made public before the election.

As I mentioned above, Smith and his associates’ knowledge of the inner workings of the campaign were insightful beyond what could be obtained by merely attending Republican events or watching large amounts of news coverage. But one thing I could not place, at least initially, was whether Smith was working on behalf of the campaign, or whether he was acting independently to help the campaign in his personal capacity.

Then, a few weeks into my interactions with Smith, he sent me a document, ostensibly a cover page for a dossier of opposition research to be compiled by Smith’s group, and which purported to clear up who was involved. The document was entitled “A Demonstrative Pedagogical Summary to be Developed and Released Prior to November 8, 2016,” and dated September 7. It detailed a company Smith and his colleagues had set up as a vehicle to conduct the research: “KLS Research”, set up as a Delaware LLC “to avoid campaign reporting,” and listing four groups who were involved in one way or another.

The first group, entitled “Trump Campaign (in coordination to the extent permitted as an independent expenditure)” listed a number of senior campaign officials: Steve Bannon, Kellyanne Conway, Sam Clovis, Lt. Gen. Flynn and Lisa Nelson.

The largest group named a number of “independent groups / organizations / individuals / resources to be deployed.” My name appears on this list. At the time, I didn’t recognize most of the others; however, several made headlines in the weeks immediately prior to the election.

My perception then was that the inclusion of Trump campaign officials on this document was not merely a name-dropping exercise. This document was about establishing a company to conduct opposition research on behalf of the campaign, but operating at a distance so as to avoid campaign reporting. Indeed, the document says as much in black and white.

The combination of Smith’s deep knowledge of the inner workings of the campaign, this document naming him in the “Trump campaign” group, and the multiple references to needing to avoid campaign reporting suggested to me that the group was formed with the blessing of the Trump campaign. [Continue reading…]

Facebooktwittermail

Ransomware attack strikes companies across Europe and U.S.

The Guardian reports: Victims of a major ransomware cyberattack that has spread through the US and Europe can no longer unlock their computers even if they pay the ransom.

The “Petya” ransomware has caused serious disruption at large firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft.

Infected computers display a message demanding a Bitcoin ransom worth $300. Those who pay are asked to send confirmation of payment to an email address. However, that email address has been shut down by the email provider.

“We do not tolerate any misuse of our platform,” said the German email provider Posteo in a blog post.

This means that there is no longer any way for people who decide to pay the ransom to contact the attacker for a decryption key to unlock their computer.

“This is not an experienced ransomware operator,” said Ryan Kalember, senior vice-president of cybersecurity strategy at Proofpoint.

The attack was first reported in Ukraine, where the government, banks, state power utility and Kiev’s airport and metro system were all affected. The radiation monitoring system at Chernobyl was taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone. [Continue reading…]

Facebooktwittermail

Evidence is mounting that Russia took four clear paths to meddle in the U.S. election

Business Insider reports: It was September 2015 when the FBI first noticed that Russian hackers had infiltrated a computer system belonging to the Democratic National Committee.

It was the first sign that Moscow was attempting to meddle in the presidential election.

Nearly a year later, further reporting and testimony from current and former intelligence officials have painted a portrait of Russia’s election interference as a multifaceted, well-planned, and coordinated campaign aimed at undermining the backbone of American democracy: free and fair elections.

Now, as FBI special counsel Robert Mueller and congressional intelligence committees continue to investigate Russia’s election interference, evidence is emerging that the hacking and disinformation campaign waged at the direction of Russian President Vladimir Putin took at least four separate but related paths.

The first involved establishing personal contact with Americans perceived as sympathetic to Moscow — such as former Defense Intelligence Agency chief Michael Flynn, former Trump campaign chairman Paul Manafort, and early Trump foreign-policy adviser Carter Page — and using them as a means to further Russia’s foreign-policy goals.

The second involved hacking the Democratic National Committee email servers and then giving the material to WikiLeaks, which leaked the emails in batches throughout the second half of 2016.

The third was to amplify the propaganda value of the leaked emails with a disinformation campaign waged predominantly on Facebook and Twitter, in an effort to use automated bots to spread fake news and pro-Trump agitprop.

And the fourth was to breach US voting systems in as many as 39 states leading up to the election, in an effort to steal registration data that officials say could be used to target and manipulate voters in future elections. [Continue reading…]

Facebooktwittermail

Obama’s secret struggle to punish Russia for Putin’s election assault

The Washington Post reports: Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks. [Continue reading…]

Facebooktwittermail

Election hackers altered voter rolls, stole private data, officials say

Time reports: The hacking of state and local election databases in 2016 was more extensive than previously reported, including at least one successful attempt to alter voter information, and the theft of thousands of voter records that contain private information like partial Social Security numbers, current and former officials tell TIME.

In one case, investigators found there had been a manipulation of voter data in a county database but the alterations were discovered and rectified, two sources familiar with the matter tell TIME. Investigators have not identified whether the hackers in that case were Russian agents.

The fact that private data was stolen from states is separately providing investigators a previously unreported line of inquiry in the probes into Russian attempts to influence the election. In Illinois, more than 90% of the nearly 90,000 records stolen by Russian state actors contained drivers license numbers, and a quarter contained the last four digits of voters’ Social Security numbers, according to Ken Menzel, the General Counsel of the State Board of Elections. [Continue reading…]

Facebooktwittermail

How an entire nation became Russia’s test lab for cyberwar

Wired reports: The clocks read zero when the lights went out.

It was a Saturday night last December, and Oleksii Yasinsky was sitting on the couch with his wife and teenage son in the living room of their Kiev apartment. The 40-year-old Ukrainian cybersecurity researcher and his family were an hour into Oliver Stone’s film Snowden when their building abruptly lost power.

“The hackers don’t want us to finish the movie,” Yasinsky’s wife joked. She was referring to an event that had occurred a year earlier, a cyberattack that had cut electricity to nearly a quarter-million Ukrainians two days before Christmas in 2015. Yasinsky, a chief forensic analyst at a Kiev digital security firm, didn’t laugh. He looked over at a portable clock on his desk: The time was 00:00. Precisely midnight.

Yasinsky’s television was plugged into a surge protector with a battery backup, so only the flicker of images onscreen lit the room now. The power strip started beeping plaintively. Yasinsky got up and switched it off to save its charge, leaving the room suddenly silent.

He went to the kitchen, pulled out a handful of candles and lit them. Then he stepped to the kitchen window. The thin, sandy-blond engineer looked out on a view of the city as he’d never seen it before: The entire skyline around his apartment building was dark. Only the gray glow of distant lights reflected off the clouded sky, outlining blackened hulks of modern condos and Soviet high-rises.

Noting the precise time and the date, almost exactly a year since the December 2015 grid attack, Yasinsky felt sure that this was no normal blackout. He thought of the cold outside—close to zero degrees Fahrenheit—the slowly sinking temperatures in thousands of homes, and the countdown until dead water pumps led to frozen pipes.

That’s when another paranoid thought began to work its way through his mind: For the past 14 months, Yasinsky had found himself at the center of an enveloping crisis. A growing roster of Ukrainian companies and government agencies had come to him to analyze a plague of cyberattacks that were hitting them in rapid, remorseless succession. A single group of hackers seemed to be behind all of it. Now he couldn’t suppress the sense that those same phantoms, whose fingerprints he had traced for more than a year, had reached back, out through the internet’s ether, into his home.

The Cyber-Cassandras said this would happen. For decades they warned that hackers would soon make the leap beyond purely digital mayhem and start to cause real, physical damage to the world. In 2009, when the NSA’s Stuxnet malware silently accelerated a few hundred Iranian nuclear centrifuges until they destroyed themselves, it seemed to offer a preview of this new era. “This has a whiff of August 1945,” Michael Hayden, former director of the NSA and the CIA, said in a speech. “Somebody just used a new weapon, and this weapon will not be put back in the box.”

Now, in Ukraine, the quintessential cyberwar scenario has come to life. Twice. On separate occasions, invisible saboteurs have turned off the electricity to hundreds of thousands of people. Each blackout lasted a matter of hours, only as long as it took for scrambling engineers to manually switch the power on again. But as proofs of concept, the attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality. [Continue reading…]

Facebooktwittermail

Trump’s silence on Russian hacking says how much he cares about democracy

Politico reports: Democrats are uniting behind a simple message about Russian hacking during the 2016 election: Donald Trump doesn’t care.

Even as the president lashes out at the series of Russia-related probes besieging his administration, Democrats say Trump has yet to express public concern about the underlying issue with striking implications for America’s democracy — the digital interference campaign that upended last year’s presidential race.

The president missed a self-imposed 90-day deadline for developing a plan to “aggressively combat and stop cyberattacks,” stayed silent after Moscow-linked hackers went after the French election and publicly renewed his own skepticism about the Kremlin’s role in the digital theft of Democratic Party emails during the presidential race. Privately, the president questioned a senior NSA official about the truthfulness of the conclusion from 17 intelligence agencies that Russia had interfered with the election, according to The Wall Street Journal. On Capitol Hill, Trump and his team have declined to support a Republican-backed effort to hit Russia with greater penalties for its digital belligerence.

And while the White House received bipartisan praise for a cybersecurity executive order Trump signed in May, administration officials said the directive is aimed at broadly upgrading the government’s digital defenses, not thwarting future Russian election hacking.

Instead, Trump tapped a commission led by Vice President Mike Pence to investigate an issue that elections experts call vastly overblown — voter fraud, something the the president has baselessly alleged resulted in millions of illegal voters casting ballots for Hillary Clinton in November. [Continue reading…]

Facebooktwittermail