RFE/RL reports: Ukrainian hackers claim to have broken into a second e-mail account linked to Vladislav Surkov, a senior aide to Russian President Vladimir Putin, releasing documents they say add to mounting evidence of the Kremlin meddling in Kyiv’s affairs.
The new e-mails were obtained by RFE/RL from the hackers in advance of their public release on November 3. If authentic, they provide detail about the extent to which Surkov’s office worked to set up separatist enclaves in eastern Ukraine in 2014.
The e-mails include plans that ostensibly show how associates of Surkov plotted to destabilize Ukraine’s eastern Kharkiv region, researched Ukrainian politicians who openly supported weakening central power in a bid to exploit the country’s political divisions, and helped establish the leadership of separatist groups in the Donetsk and Luhansk regions.
They indicate that, in one case, a draft law on an economic zone in eastern Ukraine purportedly written by Surkov himself was sent to the office of an opposition lawmaker and later introduced in the Ukrainian parliament.
The new release comes one week after an initial batch of e-mails from an inbox allegedly associated with Surkov, a longtime Putin aide who is the point man for Ukraine in his administration. [Continue reading…]
The Associated Press reports: A group of Ukrainian hackers has released thousands of emails from an account used by a senior Kremlin official that appear to show close financial and political ties between Moscow and separatist rebels in Eastern Ukraine.
The cache published by the Ukrainian group CyberHunta reveals contacts between President Vladimir Putin’s adviser Vladislav Surkov and the pro-Russia rebels fighting Ukrainian forces.
Ukraine’s National Security Service said Wednesday the emails were real, although they added the files may have been tampered with. Putin’s spokesman Dmitry Peskov dismissed the published emails as a sham, saying Wednesday that Surkov doesn’t use email.
Russian journalist Svetlana Babaeva told The Associated Press emails from her in the cache were genuine. “I sent those emails,” Babaeva said, referring to three emails in the leak discussing arrangements for an off-the-record meeting between Surkov and editors at her publication.
Russian businessmen Evgeny Chichivarkin, who lives in London, said in a Facebook post Wednesday that emails attributed to him in the cache were genuine too. [Continue reading…]
The Guardian reports: Sanctioned and thus banned from travel to the EU for his role in the Kremlin’s Ukraine policy, the 52-year-old Surkov nevertheless popped up at recent four-way negotiations in Berlin over Ukraine, sitting at the round table next to Putin, and just one seat across from Angela Merkel. It was a very visible signal of Surkov’s importance to the Kremlin’s controversial Ukraine policy.
Several sources have told the Guardian that Surkov has on occasion made secret trips to Donetsk, technically still part of Ukraine, to bring local separatist politicians into line and tell them what is expected of them if they are to continue to receive Russian funding and support. More regularly, emissaries from east Ukraine come to Moscow to meet with Surkov. [Continue reading…]
Chris Zappone writes: The timing of the hack and the target, Vladislav Surkov, suggest that this could be a form of retaliation for the purported Russian hacking of the US election.
The group, called Kiberkhunta (or Cyber Junta) posted 2000 emails from Surkov dating from between September 2013 and November 2014.
Coming against the backdrop of the Russian cyber campaign against the US during the current presidential election year, at least one analyst sees the possibility of a connection to those events.
“It is possible that we are seeing the first example of mutually assured doxing,” said Kenneth Geers, Kiev-based Senior Research Scientist at COMODO, referring to the practice of hacking and publishing private emails.
‘Mutually assured doxing’ is a play on the Cold War concept of Mutually Assured Destruction – the permanent nuclear stand-off between Russia and the US which dissuaded either side from starting a war.
“We should usually assume there is some political goal behind every leak,” he said.
Geers, who is also an ambassador for the NATO Cyber Centre, said the Surkov leak may hint at an emerging behavioural norm between nation states.
“We may see a doxing escalation ladder materialise: how far do you want me to go, all the way to the top?” said Geers.
“As painful as it is today, doxing serves a long-term historical role in reducing corruption.” [Continue reading…]
NBC News reports: Andrew Komarov of InfoArmor told NBC News he didn’t see any sign of Russian involvement at all, whether state or private [in the “denial of service,” or DDoS, attacks that caused massive internet outages across the U.S. on Friday]. He noted that the botnet used in the attack, “Mirai,” was developed by an English speaker and that he had found no link between “Mirai” and the Russians, who have their own much more sophisticated methods.
He said the attacks seemed more consistent with the methods used by the hacking group known as Lizard Squad, two of whose members, both teens, were arrested earlier this month in the U.S. and the Netherlands and charged in connection with DDoS attacks.
Said Komarov, “We have some context, that because of similar victims, using Dyn, and also tactics, tools and procedures by threat actors, it may be a revenge for the past arrests of DDoS’ers in the underground, happened several weeks ago.”
Dmitri Alperovitch of Crowdstrike also expressed doubt about a link to the Russian government, and speculated the attacks might have to do with a recent interview that cybersecurity expert Brian Krebs did with Dyn mentioning Russian organized crime. Alperovitch said use of a botnet bears the hallmark of a criminal rather than state attack, and the target may simply have been Dyn, not the U.S.
Flashpoint, a private cybersecurity and intelligence firm, noted that the Krebs site was attacked in September by a Mirai botnet, and the Krebs site was among those attacked Friday. The hacker who attacked Krebs in September released the source code on the web earlier this month, and hackers have copied the code to create their own botnets.
Flashpoint said it had concluded that the Friday attacks were not mounted by hacktivists, a political group or a state actor. [Continue reading…]
TechCrunch reports: In the past few weeks, hackers have upped the DDoS stakes in a big way. Starting with the attack on KrebsonSecurity.com and increasing in severity from there, hundreds of thousands of devices have been used to perpetrate these actions. A number that dwarfs previous attacks by orders of magnitude.
While it isn’t yet confirmed, evidence points to the attack that we saw on Friday morning following this same playbook, but being perpetrated on a much larger scale, relying on Internet of Things (IoT) devices rather than computers and servers to carry out an attack.
In fact, in all likelihood an army of surveillance cameras attacked Dyn. Why surveillance cameras? Because many of the security cameras used in homes and business around the world typically run the same or similar firmware produced by just a few companies.
This firmware is now known to contain a vulnerability that can easily be exploited, allowing the devices to have their sights trained on targets like Dyn. What’s more, many still operate with default credentials — making them a simple, but powerful target for hackers.
Why is this significant? The ability to enslave these video cameras has made it easier and far cheaper to create botnets at a scale that the world has never seen before. If someone wants to launch a DDoS attack, they no longer have to purchase a botnet—they can create their own using a program that was dumped on the internet just a few weeks ago. [Continue reading…]
The New York Times reports: Dale Drew, chief security officer at Level 3, an internet service provider, found evidence that roughly 10 percent of all devices co-opted by Mirai were being used to attack Dyn’s servers. Just one week ago, Level 3 found that 493,000 devices had been infected with Mirai malware, nearly double the number infected last month.
Mr. Allen added that Dyn was collaborating with law enforcement and other internet service providers to deal with the attacks.
In a recent report, Verisign, a registrar for many internet sites that has a unique perspective into this type of attack activity, reported a 75 percent increase in such attacks from April through June of this year, compared with the same period last year.
The attacks were not only more frequent, they were bigger and more sophisticated. The typical attack more than doubled in size. What is more, the attackers were simultaneously using different methods to attack the company’s servers, making them harder to stop.
The most frequent targets were businesses that provide internet infrastructure services like Dyn. [Continue reading…]
Brian Krebs reports: The attack on DYN comes just hours after DYN researcher Doug Madory presented a talk on DDoS attacks in Dallas, Texas at a meeting of the North American Network Operators Group (NANOG). Madory’s talk — available here on Youtube.com — delved deeper into research that he and I teamed up on to produce the data behind the story DDoS Mitigation Firm Has History of Hijacks.
That story (as well as one published earlier this week, Spreading the DDoS Disease and Selling the Cure) examined the sometimes blurry lines between certain DDoS mitigation firms and the cybercriminals apparently involved in launching some of the largest DDoS attacks the Internet has ever seen. Indeed, the record 620 Gbps DDoS against KrebsOnSecurity.com came just hours after I published the story on which Madory and I collaborated.
The record-sized attack that hit my site last month was quickly superseded by a DDoS against OVH, a French hosting firm that reported being targeted by a DDoS that was roughly twice the size of the assault on KrebsOnSecurity. As I noted in The Democratization of Censorship — the first story published after bringing my site back up under the protection of Google’s Project Shield — DDoS mitigation firms simply did not count on the size of these attacks increasing so quickly overnight, and are now scrambling to secure far greater capacity to handle much larger attacks concurrently. [Continue reading…]
Thomas Rid writes: On an April afternoon earlier this year, Russian president Vladimir Putin headlined a gathering of some four hundred journalists, bloggers, and media executives in St. Petersburg. Dressed in a sleek navy suit, Putin looked relaxed, even comfortable, as he took questions. About an hour into the forum, a young blogger in a navy zip sweater took the microphone and asked Putin what he thought of the “so-called Panama Papers.”
The blogger was referring to a cache of more than eleven million computer files that had been stolen from Mossack Fonseca, a Panamanian law firm. The leak was the largest in history, involving 2.6 terabytes of data, enough to fill more than five hundred DVDs. On April 3, four days before the St. Petersburg forum, a group of international news outlets published the first in a series of stories based on the leak, which had taken them more than a year to investigate. The series revealed corruption on a massive scale: Mossack Fonseca’s legal maneuverings had been used to hide billions of dollars. A central theme of the group’s reporting was the matryoshka doll of secret shell companies and proxies, worth a reported $2 billion, that belonged to Putin’s inner circle and were presumed to shelter some of the Russian president’s vast personal wealth.
When Putin heard the blogger’s question, his face lit up with a familiar smirk. He nodded slowly and confidently before reciting a litany of humiliations that the United States had inflicted on Russia. Putin reminded his audience about the sidelining of Russia during the 1998 war in Kosovo and what he saw as American meddling in Ukraine more recently. Returning to the Panama Papers, Putin cited WikiLeaks to insist that “officials and state agencies in the United States are behind all this.” The Americans’ aim, he said, was to weaken Russia from within: “to spread distrust for the ruling authorities and the bodies of power within society.”
Though a narrow interpretation of Putin’s accusation was defensible—as WikiLeaks had pointed out, one of the members of the Panama Papers consortium had received financial support from USAID, a federal agency—his swaggering assurance about America’s activities has a more plausible explanation: Putin’s own government had been preparing a vast, covert, and unprecedented campaign of political sabotage against the United States and its allies for more than a year.
The Russian campaign burst into public view only this past June, when The Washington Post reported that “Russian government hackers” had penetrated the servers of the Democratic National Committee. The hackers, hiding behind ominous aliases like Guccifer 2.0 and DC Leaks, claimed their first victim in July, in the person of Debbie Wasserman Schultz, the DNC chair, whose private emails were published by WikiLeaks in the days leading up to the Democratic convention. By August, the hackers had learned to use the language of Americans frustrated with Washington to create doubt about the integrity of the electoral system: “As you see the U. S. presidential elections are becoming a farce,” they wrote from Russia.
The attacks against political organizations and individuals absorbed much of the media’s attention this year. But in many ways, the DNC hack was merely a prelude to what many security researchers see as a still more audacious feat: the hacking of America’s most secretive intelligence agency, the NSA.
Russian spies did not, of course, wait until the summer of 2015 to start hacking the United States. This past fall, in fact, marked the twentieth anniversary of the world’s first major campaign of state-on-state digital espionage. In 1996, five years after the end of the USSR, the Pentagon began to detect high-volume network breaches from Russia. The campaign was an intelligence-gathering operation: Whenever the intruders from Moscow found their way into a U. S. government computer, they binged, stealing copies of every file they could.
By 1998, when the FBI code-named the hacking campaign Moonlight Maze, the Russians were commandeering foreign computers and using them as staging hubs. At a time when a 56 kbps dial-up connection was more than sufficient to get the best of Pets.com and AltaVista, Russian operators extracted several gigabytes of data from a U. S. Navy computer in a single session. With the unwitting help of proxy machines—including a Navy supercomputer in Virginia Beach, a server at a London nonprofit, and a computer lab at a public library in Colorado—that accomplishment was repeated hundreds of times over. Eventually, the Russians stole the equivalent, as an Air Intelligence Agency estimate later had it, of “a stack of printed copier paper three times the height of the Washington Monument.” [Continue reading…]
Politico reports: Donald Trump angrily insisted on Wednesday night that he is not Vladimir Putin’s “puppet.”
But at a minimum, in recent months he has often sounded like the Russian president’s lawyer—defending Putin against a variety of specific charges, from political killings to the 2014 downing of a passenger jet over Ukraine, despite the weight of intelligence, legal findings and expert opinion.
Wednesday, for instance, Trump dismissed Hillary Clinton’s assertion that Russia was behind the recent hacking of Democratic Party and Clinton campaign emails.
“She has no idea whether it’s Russia or China or anybody else,” Trump retorted. “Our country has no idea.”
As Clinton tried to explain that the Russian role is the finding of 17 military and civilian intelligence agencies, Trump cut her off: “I doubt it.”
On Oct. 7, the Department of Homeland Security and the Office of the Director of National Intelligence released a joint statement saying that the U.S. intelligence community “is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.” That finding has also been relayed directly to Trump in the classified national security briefings he receives as a major party nominee. [Continue reading…]
Motherboard reports: On March 19 of this year, Hillary Clinton’s campaign chairman John Podesta received an alarming email that appeared to come from Google.
The email, however, didn’t come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the US government, believe are spies working for the Russian government. At the time, however, Podesta didn’t know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account.
Months later, on October 9, WikiLeaks began publishing thousands of Podesta’s hacked emails. Almost everyone immediately pointed the finger at Russia, who is suspected of being behind a long and sophisticated hacking campaign that has the apparent goal of influencing the upcoming US elections. But there was no public evidence proving the same group that targeted the Democratic National Committee was behind the hack on Podesta — until now.
The data linking a group of Russian hackers — known as Fancy Bear, APT28, or Sofacy — to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell’s emails; and the Podesta leak, which was publicized on WikiLeaks.
All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that’s tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. [Continue reading…]
The Wall Street Journal reports: With the hacking of Hillary Clinton’s campaign and the Democratic National Committee, U.S. officials say Russia has unleashed a strengthened cyberwarfare weapon to sow uncertainty about the U.S. democratic process.
In doing so, Russia has transformed state-sponsored hackers known as Fancy Bear and Cozy Bear from internet spies to political tools with the power to target the country’s adversaries, according to U.S. officials and cybersecurity experts.
The attacks are the harder side of parallel campaigns in the Kremlin’s English-language media, which broadcast negative news about Western institutions and alliances and focus on issues that demonstrate or stoke instability in the West, such as Brexit. Moscow seeks particularly to weaken the North Atlantic Treaty Organization, which has expanded its defense against Russia.
“The underlying philosophy of a lot of these attacks is about establishing information as a weapon,” said Alexander Klimburg, a cyber expert at the Hague Center for Strategic Studies. “Hacking for them is literally about controlling information.”
President Vladimir Putin denies Russian involvement in the hacking, but in a way that telegraphs glee about the potential chaos being sown in the U.S. democratic process.
“Everyone is talking about who did it, but is it so important who did it?” Mr. Putin said. “What is important is the content of this information.”
Former Central Intelligence Agency Director Michael Hayden said the Kremlin doesn’t appear to be trying to influence the election’s outcome, noting Russian involvement has provided fodder for both Republicans and Democrats. “They are not trying to pick a winner,” he said Tuesday at a cybersecurity conference in Washington. Rather, Russia is likely unleashing the emails “to mess with our heads.”
Pro-Kremlin commentators in Russia have seized on the DNC leaks to cast doubt on the American democratic process and argue that Washington has no right to criticize Moscow. They have said the hacked DNC emails, which showed party officials working to undermine primary runner-up Bernie Sanders, prove Americans are hypocritical when they malign Mr. Putin’s authoritarianism. [Continue reading…]
Reuters reports: Czech police have detained a Russian man wanted in connection with hacking attacks on targets in the United States, the police said, without giving further details.
The arrest was carried out in cooperation with the U.S. Federal Bureau of Investigation, Czech police said on their website on Tuesday evening. Interpol had issued a so-called Red Notice for the man, seeking his arrest, they added. [Continue reading…]
NBC News reports: The Obama administration is contemplating an unprecedented cyber covert action against Russia in retaliation for alleged Russian interference in the American presidential election, U.S. intelligence officials told NBC News.
Current and former officials with direct knowledge of the situation say the CIA has been asked to deliver options to the White House for a wide-ranging “clandestine” cyber operation designed to harass and “embarrass” the Kremlin leadership.
The sources did not elaborate on the exact measures the CIA was considering, but said the agency had already begun opening cyber doors, selecting targets and making other preparations for an operation. Former intelligence officers told NBC News that the agency had gathered reams of documents that could expose unsavory tactics by Russian President Vladimir Putin.
Vice President Joe Biden told “Meet the Press” moderator Chuck Todd on Friday that “we’re sending a message” to Putin and that “it will be at the time of our choosing, and under the circumstances that will have the greatest impact.”
When asked if the American public will know a message was sent, the vice president replied, “Hope not.”
Retired Admiral James Stavridis told NBC News’ Cynthia McFadden that the U.S. should attack Russia’s ability to censor its internal internet traffic and expose the financial dealings of Putin and his associates. [Continue reading…]
And what better way to expose such information than by providing it to Wikileaks. Julian Assange can then demonstrate that he’s not a puppet of Putin’s — or risk being outed if it turns out his organization chooses not to release such material.
Wouldn’t that turn Wikileaks into a puppet of the U.S. government? Kind of — except Assange’s position is that it’s not his job to pass judgment on the motives of his sources. His commitment is to protect his sources and publish secrets.
Geof Wheelwright writes: It could have been a cold war drama. The world watched this week as accusations and counter-accusations were thrown by the American and Russian governments about documents stolen during a hack of the Democratic National Committee and the email account of Hillary Clinton’s campaign chair John Podesta.
The notion that public figures have any right to privacy appears to have been lost in the furore surrounding the story, stolen correspondence being bandied around in attempts to influence the outcome of one of the nastiest, most vitriolic US presidential campaigns in history.
Some have argued that as secretary of state, Hillary Clinton’s emails were fair game for hacking because had they not been held on a private server, they would have been subject to freedom of information requests and available to the general public.
There may be some truth to that, but it doesn’t change the fact that correspondence between public figures has allegedly been hacked by those acting under the direction of a foreign government and released for everyone to peruse, with little opportunity for the authors to offer context or even confirm that the contents of the leaks are accurate.
The hacks have created a dilemma for American voters, according to Rob Guidry, CEO of social media analytics company Sc2 and a former special adviser to US Central Command. He says voters seem to want the information that has been leaked by the hackers but don’t feel entirely comfortable with the hacks that have brought the information to light. [Continue reading…]
Politico reports: White House Press Secretary Josh Earnest promised on Tuesday that the U.S. would deliver a “proportional” response to Russia’s alleged hacking of American computer systems.
In addition to pledging that the U.S. “will ensure that our response is proportional,” Earnest told reporters flying on Air Force One that “it is unlikely that our response would be announced in advance.”
“The president has talked before about the significant capabilities that the U.S. government has to both defend our systems in the United States but also carry out offensive operations in other countries,” he said as the press corps traveled with the president to a Hillary Clinton campaign event in North Carolina. “So there are a range of responses that are available to the president and he will consider a response that is proportional.” [Continue reading…]
Kurt Eichenwald writes: I am Sidney Blumenthal. At least, that is what Vladimir Putin — and, somehow, Donald Trump — seem to believe. And that should raise concerns about not only Moscow’s attempts to manipulate this election but also how Trump came to push Russian disinformation to American voters.
An email from Blumenthal — a confidant of Hillary Clinton and a man, second only to George Soros, at the center of conservative conspiracy theories — turned up in the recent document dump by WikiLeaks. At a time when American intelligence believes Russian hackers are trying to interfere with the presidential election, records have been fed recently to WikiLeaks out of multiple organizations of the Democratic Party, raising concerns that the self-proclaimed whistleblower group has become a tool of Putin’s government. But now that I have been brought into the whole mess — and transformed into Blumenthal — there is even more proof that the Russians are not only orchestrating this act of cyberwar but also really, really dumb.
The evidence emerged thanks to the incompetence of Sputnik, the Russian online news and radio service established by the government-controlled news agency, Rossiya Segodnya.
The documents that WikiLeaks has unloaded recently have been emails out of the account of John Podesta, the chairman of Clinton’s election campaign. Almost as soon as the pilfered documents emerged, Sputnik was all over them and rapidly found (or probably already knew about before the WikiLeaks dump) a purportedly incriminating email from Blumenthal.
The email was amazing — it linked Boogie Man Blumenthal, Podesta and the topic of conservative political fever dreams, Benghazi. This, it seemed, was the smoking gun finally proving Clinton bore total responsibility for the attack on the American outpost in Libya in 2012. Sputnik even declared that the email might be the “October surprise” that could undermine Clinton’s campaign. [Continue reading…]