21 states told they were targeted by Russian hackers during 2016 election

The Washington Post reports: The Department of Homeland Security contacted election officials in 21 states Friday to notify them that they had been targeted by Russian government hackers during the 2016 election.

Three months ago, DHS officials said that people connected to the Russian government tried to hack voting registration files or public election sites in 21 states, but Friday was the first time that government officials contacted individual state election officials to let them know they were targeted.

Officials said DHS told officials in all 50 states whether they were hacked or not.

“We heard feedback from the secretaries of state that this was an important piece of information,” said Bob Kolasky, acting deputy undersecretary for DHS’s National Protection and Programs Directorate. “We agreed that this information would help election officials make security decisions.”

He said it was important that the states shore up their systems now “rather than a few weeks before” the 2018 midterm elections. [Continue reading…]

Facebooktwittermail

WikiLeaks turned down leaks on Russian government during U.S. presidential campaign

Foreign Policy reports: In the summer of 2016, as WikiLeaks was publishing documents from Democratic operatives allegedly obtained by Kremlin-directed hackers, Julian Assange turned down a large cache of documents related to the Russian government, according to chat messages and a source who provided the records.

WikiLeaks declined to publish a wide-ranging trove of documents — at least 68 gigabytes of data — that came from inside the Russian Interior Ministry, according to partial chat logs reviewed by Foreign Policy.

The logs, which were provided to FP, only included WikiLeaks’s side of the conversation.

“As far as we recall these are already public,” WikiLeaks wrote at the time.

“WikiLeaks rejects all submissions that it cannot verify. WikiLeaks rejects submissions that have already been published elsewhere or which are likely to be considered insignificant. WikiLeaks has never rejected a submission due to its country of origin,” the organization wrote in a Twitter direct message when contacted by FP about the Russian cache.

(The account is widely believed to be operated solely by Assange, the group’s founder, but in a Twitter message to FP, the organization said it is maintained by “staff.”)

In 2014, the BBC and other news outlets reported on the cache, which revealed details about Russian military and intelligence involvement in Ukraine. However, the information from that hack was less than half the data that later became available in 2016, when Assange turned it down.

“We had several leaks sent to Wikileaks, including the Russian hack. It would have exposed Russian activities and shown WikiLeaks was not controlled by Russian security services,” the source who provided the messages wrote to FP. “Many Wikileaks staff and volunteers or their families suffered at the hands of Russian corruption and cruelty, we were sure Wikileaks would release it. Assange gave excuse after excuse.”

The Russian cache was eventually quietly published online elsewhere, to almost no attention or scrutiny. [Continue reading…]

Facebooktwittermail

In Ukraine, a malware expert who could blow the whistle on Russian hacking

The New York Times reports: The hacker, known only by his online alias “Profexer,” kept a low profile. He wrote computer code alone in an apartment and quietly sold his handiwork on the anonymous portion of the internet known as the Dark Web. Last winter, he suddenly went dark entirely.

Profexer’s posts, already accessible only to a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in the hacking of the Democratic National Committee.

But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I.

“I don’t know what will happen,” he wrote in one of his last messages posted on a restricted-access website before going to the police. “It won’t be pleasant. But I’m still alive.”

It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the D.N.C. hack and the heated debate it has stirred. The Ukrainian police declined to divulge the man’s name or other details, other than that he is living in Ukraine and has not been arrested. [Continue reading…]

Facebooktwittermail

A guide to Russia’s high tech tool box for subverting U.S. democracy

Garrett M Graff writes: A dead dog in Moscow. A dead dissident in London. Twitter trolls run by the Kremlin’s Internet Research Agency. Denial of service attacks and ransomware deployed across Ukraine. News reports from the DC offices of Sputnik and RT. Spies hidden in the heart of Wall Street. The hacking of John Podesta’s creamy risotto recipe. And a century-old fabricated staple of anti-Semitic hate literature.

At first glance these disparate phenomena might seem only vaguely connected. Sure, they can all be traced back to Russia. But is there any method to their badness? The definitive answer, according to Russia experts inside and outside the US government, is most certainly yes. In fact, they are part of an increasingly digital intelligence playbook known as “active measures,” a wide-ranging set of techniques and strategies that Russian military and intelligence services deploy to influence the affairs of nations across the globe.

As the investigation into Russia’s influence on the 2016 election—and the Trump campaign’s potential participation in that effort—has intensified this summer, the Putin regime’s systematic effort to undermine and destabilize democracies has become the subject of urgent focus in the West. According to interviews with more than a dozen US and European intelligence officials and diplomats, Russian active measures represent perhaps the biggest challenge to the Western order since the fall of the Berlin Wall. The consensus: Vladimir Putin, playing a poor hand economically and demographically at home, is seeking to destabilize the multilateral institutions, partnerships, and Western democracies that have kept the peace during the past seven decades.

The coordinated and multifaceted Russia efforts in the 2016 election—from the attacks on the DNC and John Podesta’s email to a meeting between a Russian lawyer and Donald Trump Jr. that bears all the hallmarks of an intelligence mission—likely involved every major Russian intelligence service: the foreign intelligence service (known as the SVR) as well as the state security service (the FSB, the successor to the KGB), and the military intelligence (the GRU), both of which separately penetrated servers at the DNC.

Understanding just how extensive and coordinated Russia’s operations against the West are represents the first step in confronting—and defeating—Putin’s increased aggression, particularly as it becomes clear that the 2016 election interference was just a starting point. “If there has ever been a clarion call for vigilance and action against a threat to the very foundation of our democratic political system, this episode is it,” former director of national intelligence James Clapper said this spring. “I hope the American people recognize the severity of this threat and that we collectively counter it before it further erodes the fabric of our democracy.”

Indeed, Western intelligence leaders have warned throughout the spring that they expect Russia to use similar tricks in German parliamentary election this fall, as well as in the 2018 US congressional midterms and the 2020 presidential race. “Russia is not constrained by a rule of law or a sense of ethics—same with ISIS, same with China,” says Chris Donnelly, director of the UK-based Institute for Statecraft. “They’re trying to change the rules of the game, which they’ve seen us set in our favor.” [Continue reading…]

Facebooktwittermail

The hacking wars are going to get much worse

Adam Segal writes: Reports this month that the United Arab Emirates orchestrated the hacking of a Qatari news agency, helping to incite a crisis in the Middle East, are as unsurprising as they are unwelcome. For years, countries — in particular Russia — have used cyberattacks and the dissemination of disinformation through social media and news outlets to provoke protests, sway elections and undermine trust in institutions. It was only a matter of time before smaller states tried their hand at these tactics.

With few accepted rules of behavior in cyberspace, countries as big as China or as small as Bahrain can be expected to use these kinds of attacks. And they may eventually spill over into real-world military conflicts.

The hacking attacks in the Gulf seem to follow a typical pattern of going after the media and the email accounts of prominent individuals. According to American intelligence officials, in late May, hackers supported by the United Arab Emirates infiltrated Qatari government news and social media sites. The attackers planted quotations falsely attributed to Sheikh Tamim bin Hamad al-Thani, Qatar’s leader, praising Iran, Hamas and Israel. [Continue reading…]

Facebooktwittermail

In cyberwarfare, everyone is a combatant

The Wall Street Journal reports: This is already a banner year for hacks, breaches and cyberwarfare, but the past week was exceptional.

South Carolina reported hackers attempted to access the state’s voter-registration system 150,000 times on Election Day last November—part of what former Homeland Security Secretary Jeh Johnson alleges is a 21-state attack perpetrated by Russia. And U.S. intelligence officials alleged that agents working for the United Arab Emirates planted false information in Qatari news outlets and social media, leading to sanctions and a rift with Qatar’s allies. Meanwhile, Lloyd’s of London declared that the takedown of a significant cloud service could lead to monetary damages on par with those of Hurricane Katrina.

Threats to the real world from the cyberworld are worse than ever, and the situation continues to deteriorate. A new kind of war is upon us, one characterized by coercion rather than the use of force, says former State Department official James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies.

Businesses and individuals now are directly affected in ways that were impossible in the first Cold War. In another age, the threat of nuclear annihilation loomed over everyone’s heads, but the cloak-and-dagger doings of global powers remained distinct from the day-to-day operations of businesses. Now, they are hopelessly entangled. The often unfathomable priorities of terrorists, cybercriminals and state-affiliated hackers only make things worse.

The current climate of cyberattacks is “crazy,” says Christopher Ahlberg of Recorded Future, a private intelligence firm that specializes in cyberthreats. “It’s like a science-fiction book. If you told anybody 10 years ago about what’s going on now, they wouldn’t believe it.”

In the first Cold War, the U.S., China and the Soviet Union fought proxy wars rather than confront one another directly. In Cold War 2.0, we still have those—Syria and whatever is brewing in North Korea come to mind—but much of the proxy fighting now happens online.

The result is significant collateral damage for businesses that aren’t even a party to the conflicts, says Corey Thomas, chief executive of cybersecurity firm Rapid 7. Recent ransomware attacks that some analysts attribute to Russia might have been aimed at Ukraine but resulted in the shutdown of computer systems at businesses and governments around the world. Russia has denied involvement in these attacks. Botnets made of internet-connected devices, stitched together by an unknown hacker for unknown reasons, caused countless internet services and websites to become unavailable in October 2016. [Continue reading…]

Facebooktwittermail

Putin’s hackers now under attack — from Microsoft

The Daily Beast reports: A new offensive by Microsoft has been making inroads against the Russian government hackers behind last year’s election meddling, identifying over 120 new targets of the Kremlin’s cyber spying, and control-alt-deleting segments of Putin’s hacking apparatus.

How are they doing it? It turns out Microsoft has something even more formidable than Moscow’s malware: Lawyers.

Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft’s trademarks. The action, though, is not about dragging the hackers into court. The lawsuit is a tool for Microsoft to target what it calls “the most vulnerable point” in Fancy Bear’s espionage operations: the command-and-control servers the hackers use to covertly direct malware on victim computers. These servers can be thought of as the spymasters in Russia’s cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents. [Continue reading…]

Facebooktwittermail

UAE orchestrated hacking of Qatari sites, sparking regional upheaval, according to U.S. intel officials

The Washington Post reports: The United Arab Emirates orchestrated the hacking of Qatari government news and social media sites in order to post incendiary false quotes attributed to Qatar’s emir, Sheikh Tamim Bin Hamad al-Thani, in late May that sparked the ongoing upheaval between Qatar and its neighbors, according to U.S. intelligence officials.

Officials became aware last week that newly analyzed information gathered by U.S. intelligence agencies confirmed that on May 23, senior members of the UAE government discussed the plan and its implementation. The officials said it remains unclear whether the UAE carried out the hacks itself or contracted to have them done. The false reports said that the emir, among other things, had called Iran an “Islamic power” and praised Hamas.

The hacks and posting took place on May 24, shortly after President Trump completed a lengthy counterterrorism meeting with Persian Gulf leaders in neighboring Saudi Arabia and declared them unified. [Continue reading…]

Facebooktwittermail

Soviet veteran who met with Trump Jr. is a master of the dark arts

The New York Times reports: Rinat Akhmetshin, the Russian-American lobbyist who met with Donald Trump Jr. at Trump Tower in June 2016, had one consistent message for the journalists who met him over the years at the luxury hotels where he stayed in Moscow, London and Paris, or at his home on a leafy street in Washington: Never use email to convey information that needed to be kept secret.

While not, he insisted, an expert in the technical aspects of hacking nor, a spy, Mr. Akhmetshin talked openly about how he had worked with a counterintelligence unit while serving with the Red Army after its 1979 invasion of Afghanistan and how easy it was to find tech-savvy professionals ready and able to plunder just about any email account.

A journalist who visited his home was given a thumb drive containing emails that had apparently been stolen by hackers working for one of his clients.

On another occasion, at a meeting with a New York Times reporter at the Ararat Park Hyatt hotel in Moscow, Mr. Akhmetshin, by then an American citizen, informed the journalist he had recently been reading one of his emails: a note sent by the reporter to a Russian-American defense lawyer who had once worked for Mikhail Khodorkovsky, the anti-Kremlin oligarch.

In that instance, the reporter’s email had become public as part of a lawsuit. But the episode suggests Mr. Akhmetshin’s professional focus in the decades since he immigrated to the United States — and the experience that he brought to a meeting last June in New York with President Trump’s oldest son, Donald Trump Jr., his son-in-law, Jared Kushner, and the then-head of the Trump presidential campaign, Paul J. Manafort. [Continue reading…]

Facebooktwittermail

Trump team met Russian accused of international hacking conspiracy

The Daily Beast reports: The alleged former Soviet intelligence officer who attended the now-infamous meeting with Donald Trump Jr. and other top campaign officials last June was previously accused in federal and state courts of orchestrating an international hacking conspiracy.

Rinat Akhmetshin told the Associated Press on Friday he accompanied Russian lawyer Natalia Veselnitskaya to the June 9, 2016, meeting with Donald Trump Jr., Jared Kushner, and Paul Manafort. Trump’s attorney confirmed Akhmetshin’s attendance in a statement.

Akhmetshin’s presence at Trump Tower that day adds another layer of controversy to an episode that already provides the clearest indication of collusion between the Kremlin and the Trump campaign. In an email in the run-up to that rendezvous, Donald Trump Jr. was promised “very high level and sensitive information” on Hillary Clinton as “part of Russia and its government’s support for Mr. Trump.”

Akhmetshin had been hired by Veselnitskaya to help with pro-Russian lobbying efforts in Washington. He also met and lobbied Rep. Dana Rohrabacher, chairman of the Foreign Affairs Sub-Committee for Europe, in Berlin in April. [Continue reading…]

Facebooktwittermail

Kaspersky Lab has been working with Russian intelligence

Bloomberg reports: The previously unreported emails, from October 2009, are from a thread between Eugene Kaspersky and senior staff. In Russian, Kaspersky outlines a project undertaken in secret a year earlier “per a big request on the Lubyanka side,” a reference to the FSB offices. Kaspersky Lab confirmed the emails are authentic.

The software that the CEO was referring to had the stated purpose of protecting clients, including the Russian government, from distributed denial-of-service (DDoS) attacks, but its scope went further. Kaspersky Lab would also cooperate with internet hosting companies to locate bad actors and block their attacks, while assisting with “active countermeasures,” a capability so sensitive that Kaspersky advised his staff to keep it secret.

“The project includes both technology to protect against attacks (filters) as well as interaction with the hosters (‘spreading’ of sacrifice) and active countermeasures (about which, we keep quiet) and so on,” Kaspersky wrote in one of the emails.

“Active countermeasures” is a term of art among security professionals, often referring to hacking the hackers, or shutting down their computers with malware or other tricks. In this case, Kaspersky may have been referring to something even more rare in the security world. A person familiar with the company’s anti-DDoS system says it’s made up of two parts. The first consists of traditional defensive techniques, including rerouting malicious traffic to servers that can harmlessly absorb it. The second part is more unusual: Kaspersky provides the FSB with real-time intelligence on the hackers’ location and sends experts to accompany the FSB and Russian police when they conduct raids. That’s what Kaspersky was referring to in the emails, says the person familiar with the system. They weren’t just hacking the hackers; they were banging down the doors. [Continue reading…]

Facebooktwittermail

U.S. officials say Russian government hackers have penetrated energy and nuclear company business networks

The Washington Post reports: Russian government hackers were behind recent cyber-intrusions into the business systems of U.S. nuclear power and other energy companies in what appears to be an effort to assess their networks, according to U.S. government officials.

The U.S. officials said there is no evidence the hackers breached or disrupted the core systems controlling operations at the plants, so the public was not at risk. Rather, they said, the hackers broke into systems dealing with business and administrative tasks, such as personnel.

At the end of June, the FBI and the Department of Homeland Security sent a joint alert to the energy sector stating that “advanced, persistent threat actors” — a euphemism for sophisticated foreign hackers — were stealing network log-in and password information to gain a foothold in company networks. The agencies did not name Russia.

The campaign marks the first time Russian government hackers are known to have wormed their way into the networks of American nuclear power companies, several U.S. and industry officials said. And the penetration could be a sign that Russia is seeking to lay the groundwork for more damaging hacks. [Continue reading…]

Facebooktwittermail

Russians are suspects in nuclear site hackings, sources say

Bloomberg reports: Hackers working for a foreign government recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas, according to current and former U.S. officials, sparking concerns the attackers were searching for vulnerabilities in the electrical grid.

The rivals could be positioning themselves to eventually disrupt the nation’s power supply, warned the officials, who noted that a general alert was distributed to utilities a week ago. Adding to those concerns, hackers recently infiltrated an unidentified company that makes control systems for equipment used in the power industry, an attack that officials believe may be related.

The chief suspect is Russia, according to three people familiar with the continuing effort to eject the hackers from the computer networks. One of those networks belongs to an aging nuclear generating facility known as Wolf Creek — owned by Westar Energy Inc., Great Plains Energy Inc. and Kansas Electric Power Cooperative Inc. — on a lake shore near Burlington, Kansas.

The possibility of a Russia connection is particularly worrisome, former and current officials say, because Russian hackers have previously taken down parts of the electrical grid in Ukraine and appear to be testing increasingly advanced tools to disrupt power supplies. [Continue reading…]

Facebooktwittermail

Trump voter-fraud panel’s data request a gold mine for hackers, experts warn

Politico reports: Cybersecurity specialists are warning that President Donald Trump’s voter-fraud commission may unintentionally expose voter data to even more hacking and digital manipulation.

Their concerns stem from a letter the commission sent to every state this week, asking for full voter rolls and vowing to make the information “available to the public.” The requested information includes full names, addresses, birth dates, political party and, most notably, the last four digits of Social Security numbers. The commission is also seeking data such as voter history, felony convictions and military service records.

Digital security experts say the commission’s request would centralize and lay bare a valuable cache of information that cyber criminals could use for identity theft scams — or that foreign spies could leverage for disinformation schemes.

“It is beyond stupid,” said Nicholas Weaver, a computer science professor at the University of California at Berkeley.

“The bigger the purse, the more effort folks would spend to get at it,” said Joe Hall, chief technologist at the Center for Democracy and Technology, a digital advocacy group. “And in this case, this is such a high-profile and not-so-competent tech operation that we’re likely to see the hacktivists and pranksters take shots at it.”

Indeed, by Friday night, over 20 states — from California to Mississippi to Virginia — had indicated they would not comply with the request, with several citing privacy laws and expressing unease about aggregating voter data. [Continue reading…]

Facebooktwittermail

GOP activist who sought Clinton emails cited Trump campaign officials

The Wall Street Journal reports: A longtime Republican activist who led an operation hoping to obtain Hillary Clinton emails from hackers listed senior members of the Trump campaign, including some who now serve as top aides in the White House, in a recruitment document for his effort.

The activist, Peter W. Smith, named the officials in a section of the document marked “Trump Campaign.” The document was dated Sept. 7, 2016. That was around the time Mr. Smith said he started his search for 33,000 emails Mrs. Clinton deleted from the private server she used for official business while secretary of state. She said the deleted emails concerned personal matters. She turned over tens of thousands of other emails to the State Department.

As reported Thursday by The Wall Street Journal, Mr. Smith and people he recruited to his effort theorized the deleted emails might have been stolen by hackers and might contain matters that were politically damaging. He and his associates said they were in touch with several groups of hackers, including two from Russia they suspected were tied to the Moscow government, in a bid to find any stolen emails and potentially hurt Mrs. Clinton’s prospects.

Mr. Smith’s purpose in listing the officials isn’t clear. There is no indication in the document that he sought or received any coordination from the campaign officials or the campaign in general.

Mr. Smith died in mid-May at age 81, about 10 days after he spoke to the Journal. He said he operated independently of the Trump campaign.

Officials identified in the document include Steve Bannon, now chief strategist for President Donald Trump; Kellyanne Conway, former campaign manager and now White House counselor; Sam Clovis, a policy adviser to the Trump campaign and now a senior adviser at the Agriculture Department; and retired Lt. Gen. Mike Flynn, who was a campaign adviser and briefly was national security adviser in the Trump administration.

Mr. Bannon said he never met with Mr. Smith or anyone affiliated with a limited-liability company, KLS Research LLC, that the document said had been established for its mission. “Never heard of KLS Research or Peter Smith,” Mr. Bannon said.

Ms. Conway said she knew Mr. Smith from Republican politics but hadn’t spoken to him in years. “I never met with him” during the campaign, Ms. Conway said. “There were no calls, no meetings, no nothing.”

The White House didn’t immediately respond to a request for comment. Neither did the Agriculture Department, Mr. Clovis’s employer.

Mr. Flynn, his consulting firm Flynn Intel Group and his son Michael G. Flynn, who was chief of staff at Flynn Intel, were cited more extensively as Mr. Smith sought to recruit researchers, as well as in documents related to the effort that have been described to the Journal. Neither Mr. Flynn nor his son responded to requests for comment. [Continue reading…]

Facebooktwittermail

A plot, with apparent Russian backing, to use Clinton emails in the Trump campaign

Matt Tait, a former information security specialist for GCHQ and currently a security consultant who tweets as @pwnallthethings, was a source for the Wall Street Journal’s reporting on Peter Smith, his ties to the Trump campaign and his apparent communications with Russian intelligence. Tait writes: When he first contacted me, I did not know who Smith was, but his legitimate connections within the Republican party were apparent. My motive for initially speaking to him was that I wondered if the campaign was trying to urgently establish whether the claims that Russia had hacked the DNC was merely “spin” from the Clinton campaign, or instead something they would need to address before Trump went too far down the road of denying it. My guess was that maybe they wanted to contact someone who could provide them with impartial advice to understand whether the claims were real or just rhetoric.

Although it wasn’t initially clear to me how independent Smith’s operation was from Flynn or the Trump campaign, it was immediately apparent that Smith was both well connected within the top echelons of the campaign and he seemed to know both Lt. Gen. Flynn and his son well. Smith routinely talked about the goings on at the top of the Trump team, offering deep insights into the bizarre world at the top of the Trump campaign. Smith told of Flynn’s deep dislike of DNI Clapper, whom Flynn blamed for his dismissal by President Obama. Smith told of Flynn’s moves to position himself to become CIA Director under Trump, but also that Flynn had been persuaded that the Senate confirmation process would be prohibitively difficult. He would instead therefore become National Security Advisor should Trump win the election, Smith said. He also told of a deep sense of angst even among Trump loyalists in the campaign, saying “Trump often just repeats whatever he’s heard from the last person who spoke to him,” and expressing the view that this was especially dangerous when Trump was away.

Over the course of a few phone calls, initially with Smith and later with Smith and one of his associates—a man named John Szobocsan—I was asked about my observations on technical details buried in the State Department’s release of Secretary Clinton’s emails (such as noting a hack attempt in 2011, or how Clinton’s emails might have been intercepted by Russia due to lack of encryption). I was also asked about aspects of the DNC hack, such as why I thought the “Guccifer 2” persona really was in all likelihood operated by the Russian government, and how it wasn’t necessary to rely on CrowdStrike’s attribution as blind faith; noting that I had come to the same conclusion independently based on entirely public evidence, having been initially doubtful of CrowdStrike’s conclusions.

Towards the end of one of our conversations, Smith made his pitch. He said that his team had been contacted by someone on the “dark web”; that this person had the emails from Hillary Clinton’s private email server (which she had subsequently deleted), and that Smith wanted to establish if the emails were genuine. If so, he wanted to ensure that they became public prior to the election. What he wanted from me was to determine if the emails were genuine or not.

It is no overstatement to say that my conversations with Smith shocked me. Given the amount of media attention given at the time to the likely involvement of the Russian government in the DNC hack, it seemed mind-boggling for the Trump campaign—or for this offshoot of it—to be actively seeking those emails. To me this felt really wrong.

In my conversations with Smith and his colleague, I tried to stress this point: if this dark web contact is a front for the Russian government, you really don’t want to play this game. But they were not discouraged. They appeared to be convinced of the need to obtain Clinton’s private emails and make them public, and they had a reckless lack of interest in whether the emails came from a Russian cut-out. Indeed, they made it quite clear to me that it made no difference to them who hacked the emails or why they did so, only that the emails be found and made public before the election.

As I mentioned above, Smith and his associates’ knowledge of the inner workings of the campaign were insightful beyond what could be obtained by merely attending Republican events or watching large amounts of news coverage. But one thing I could not place, at least initially, was whether Smith was working on behalf of the campaign, or whether he was acting independently to help the campaign in his personal capacity.

Then, a few weeks into my interactions with Smith, he sent me a document, ostensibly a cover page for a dossier of opposition research to be compiled by Smith’s group, and which purported to clear up who was involved. The document was entitled “A Demonstrative Pedagogical Summary to be Developed and Released Prior to November 8, 2016,” and dated September 7. It detailed a company Smith and his colleagues had set up as a vehicle to conduct the research: “KLS Research”, set up as a Delaware LLC “to avoid campaign reporting,” and listing four groups who were involved in one way or another.

The first group, entitled “Trump Campaign (in coordination to the extent permitted as an independent expenditure)” listed a number of senior campaign officials: Steve Bannon, Kellyanne Conway, Sam Clovis, Lt. Gen. Flynn and Lisa Nelson.

The largest group named a number of “independent groups / organizations / individuals / resources to be deployed.” My name appears on this list. At the time, I didn’t recognize most of the others; however, several made headlines in the weeks immediately prior to the election.

My perception then was that the inclusion of Trump campaign officials on this document was not merely a name-dropping exercise. This document was about establishing a company to conduct opposition research on behalf of the campaign, but operating at a distance so as to avoid campaign reporting. Indeed, the document says as much in black and white.

The combination of Smith’s deep knowledge of the inner workings of the campaign, this document naming him in the “Trump campaign” group, and the multiple references to needing to avoid campaign reporting suggested to me that the group was formed with the blessing of the Trump campaign. [Continue reading…]

Facebooktwittermail

Ransomware attack strikes companies across Europe and U.S.

The Guardian reports: Victims of a major ransomware cyberattack that has spread through the US and Europe can no longer unlock their computers even if they pay the ransom.

The “Petya” ransomware has caused serious disruption at large firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft.

Infected computers display a message demanding a Bitcoin ransom worth $300. Those who pay are asked to send confirmation of payment to an email address. However, that email address has been shut down by the email provider.

“We do not tolerate any misuse of our platform,” said the German email provider Posteo in a blog post.

This means that there is no longer any way for people who decide to pay the ransom to contact the attacker for a decryption key to unlock their computer.

“This is not an experienced ransomware operator,” said Ryan Kalember, senior vice-president of cybersecurity strategy at Proofpoint.

The attack was first reported in Ukraine, where the government, banks, state power utility and Kiev’s airport and metro system were all affected. The radiation monitoring system at Chernobyl was taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone. [Continue reading…]

Facebooktwittermail

Evidence is mounting that Russia took four clear paths to meddle in the U.S. election

Business Insider reports: It was September 2015 when the FBI first noticed that Russian hackers had infiltrated a computer system belonging to the Democratic National Committee.

It was the first sign that Moscow was attempting to meddle in the presidential election.

Nearly a year later, further reporting and testimony from current and former intelligence officials have painted a portrait of Russia’s election interference as a multifaceted, well-planned, and coordinated campaign aimed at undermining the backbone of American democracy: free and fair elections.

Now, as FBI special counsel Robert Mueller and congressional intelligence committees continue to investigate Russia’s election interference, evidence is emerging that the hacking and disinformation campaign waged at the direction of Russian President Vladimir Putin took at least four separate but related paths.

The first involved establishing personal contact with Americans perceived as sympathetic to Moscow — such as former Defense Intelligence Agency chief Michael Flynn, former Trump campaign chairman Paul Manafort, and early Trump foreign-policy adviser Carter Page — and using them as a means to further Russia’s foreign-policy goals.

The second involved hacking the Democratic National Committee email servers and then giving the material to WikiLeaks, which leaked the emails in batches throughout the second half of 2016.

The third was to amplify the propaganda value of the leaked emails with a disinformation campaign waged predominantly on Facebook and Twitter, in an effort to use automated bots to spread fake news and pro-Trump agitprop.

And the fourth was to breach US voting systems in as many as 39 states leading up to the election, in an effort to steal registration data that officials say could be used to target and manipulate voters in future elections. [Continue reading…]

Facebooktwittermail

Obama’s secret struggle to punish Russia for Putin’s election assault

The Washington Post reports: Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks. [Continue reading…]

Facebooktwittermail