Category Archives: hacking

U.S. investigating potential covert Russian plan to disrupt November elections

The Washington Post reports: U.S. intelligence and law enforcement agencies are investigating what they see as a broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions, intelligence and congressional officials said.

The aim is to understand the scope and intent of the Russian campaign, which incorporates cyber-tools to hack systems used in the political process, enhancing Russia’s ability to spread disinformation.

The effort to better understand Russia’s covert influence operations is being coordinated by James R. Clapper Jr., the director of national intelligence. “This is something of concern for the DNI,” said Charles Allen, a former longtime CIA officer who has been briefed on some of these issues. “It is being addressed.”

A Russian influence operation in the United States “is something we’re looking very closely at,” said one senior intelligence official who, like others interviewed, spoke on the condition of anonymity to discuss a sensitive matter. Officials also are examining potential disruptions to the election process, and the FBI has alerted state and local officials to potential cyberthreats.

The official cautioned that the intelligence community is not saying it has “definitive proof” of such tampering, or any Russian plans to do so. “But even the hint of something impacting the security of our election system would be of significant concern,” the official said. “It’s the key to our democracy, that people have confidence in the election system.”

The Kremlin’s intent may not be to sway the election in one direction or another, officials said, but to cause chaos and provide propaganda fodder to attack U.S. democracy-building policies around the world, particularly in the countries of the former Soviet Union. [Continue reading…]

Facebooktwittermail

Putin says DNC hack was a public service, Russia didn’t do it

Bloomberg reports: “There’s no need to distract the public’s attention from the essence of the problem by raising some minor issues connected with the search for who did it,” Putin said of the DNC breach. “But I want to tell you again, I don’t know anything about it, and on a state level Russia has never done this.”

The Federal Bureau of Investigation has high confidence that the government in Moscow was behind the theft at the DNC and other Democratic Party organizations seeking to propel Clinton to victory over Republican Donald Trump in November, a person familiar with the findings has said. Trump has praised Putin as a great leader and the billionaire’s former campaign chairman spent years working for the Kremlin ally who was ousted from Ukraine’s presidency in 2014.

In a two-hour conversation near Russia’s eastern fringe, Putin touched on subjects ranging from the war in Syria to oil prices and trade with China. It came just two days before Putin, Barack Obama and other world leaders gather at a Group of 20 meeting in Hangzhou.

An internal DNC probe by CrowdStrike Inc., a cybersecurity company, traced the DNC break-in to two groups it says are linked to Russian intelligence services. One, Cozy Bear, it says is affiliated with the Federal Security Service, the main successor to the KGB, while the other, Fancy Bear, it says is tied to the Main Intelligence Directorate, a branch of the Defense Ministry.
James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington, said Russia’s “track record” of state hacking goes back at least a decade, so Putin’s denials aren’t credible.

“Nice try, but no goal,” Lewis said.

The digital net cast by the hackers has widened almost weekly — security experts say it now includes congressional staffers, NATO generals, Washington think tanks and the Democratic Congressional Campaign Committee — adding another unpredictable element to a highly unusual election. The subsequent leaks have included the mobile number of House Minority Leader Nancy Pelosi, who said she was barraged with “obscene” calls within hours.

Putin also took a dig at the U.S. campaign and what he saw as an obvious party bias in favor of Clinton, saying he “couldn’t imagine” that the information leaked from the DNC would be newsworthy for “American society — specifically that the campaign headquarters worked in the interest of one of the candidates, in this case Mrs. Clinton, rather than equally for all of the Democratic party candidates. ”

Alexander Gostev, the chief expert at Kaspersky Lab, a Moscow-based software security firm, said of all the Russian-speaking hacking groups targeting governments, Fancy Bear “is the most notable.”

Malware linked to Fancy Bear was widely detected in Ukrainian government computers during the elections that were held after the country’s Kremlin-backed leader, Viktor Yanukovych, was deposed, Gostev said, adding that “six or seven” groups may be tied to the Russian government.

At the same time, Russia has come under attack by viruses linked to U.S. and U.K. intelligence services, Gostev said, adding that hacking efforts from China against Russian defense and nuclear agencies have intensified in the past year. [Continue reading…]

Facebooktwittermail

Forget software — now hackers are exploiting physics

Andy Greenberg reports: Practically every word we use to describe a computer is a metaphor. “File,” “window,” even “memory” all stand in for collections of ones and zeros that are themselves representations of an impossibly complex maze of wires, transistors and the electrons moving through them. But when hackers go beyond those abstractions of computer systems and attack their actual underlying physics, the metaphors break.

Over the last year and a half, security researchers have been doing exactly that: honing hacking techniques that break through the metaphor to the actual machine, exploiting the unexpected behavior not of operating systems or applications, but of computing hardware itself—in some cases targeting the actual electricity that comprises bits of data in computer memory. And at the Usenix security conference earlier this month, two teams of researchers presented attacks they developed that bring that new kind of hack closer to becoming a practical threat.

Both of those new attacks use a technique Google researchers first demonstrated last March called “Rowhammer.” The trick works by running a program on the target computer, which repeatedly overwrites a certain row of transistors in its DRAM flash memory, “hammering” it until a rare glitch occurs: Electric charge leaks from the hammered row of transistors into an adjacent row. The leaked charge then causes a certain bit in that adjacent row of the computer’s memory to flip from one to zero or vice versa. That bit flip gives you access to a privileged level of the computer’s operating system.

It’s messy. And mind-bending. And it works. [Continue reading…]

Facebooktwittermail

Russian hackers targeted Arizona election system

The Washington Post reports: Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state.

The bureau described the threat as “credible” and significant, “an eight on a scale of one to 10,” Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan (R), said Monday. As a result, Reagan shut down the state’s voter registration system for nearly a week.

It turned out that the hackers had not compromised the state system or even any county system. They had, however, stolen the username and password of a single election official in Gila County.

Roberts said FBI investigators did not specify whether the hackers were criminals or employed by the Russian government. Bureau officials on Monday declined to comment, except to say that they routinely advise private industry of cyberthreats detected in investigations. [Continue reading…]

Facebooktwittermail

Russia-backed DNC hackers strike Washington think tanks

Defense One reports: Last week, one of the Russia-backed hacker groups that attacked Democratic computer networks also attacked several Russia-focused think tanks in Washington, D.C., Defense One has learned.

The perpetrator is the group called COZY BEAR, or APT29, one of the two groups that cybersecurity company CrowdStrike blamed for the DNC hack, according to founder Dmitri Alperovitch. CrowdStrike discovered the attack on the DNC and provides security for the think tanks.

Alperovitch said fewer than five organizations and 10 staffers researching Russia were hit by the “highly targeted operation.” He declined to detail which think tanks and researchers were hit, out of concern for his clients’ interests and to avoid revealing tools and techniques or other data to hackers. CrowdStrike alerted the organizations immediately after the company detected the breaches and intruders were unable to exfiltrate any information, Alperovitch said.

Defense One reached out to several think tanks with programs in Russian research, one of which was the Center for Strategic and International Studies, or CSIS. “Last week we were under attack, but our small staff was very responsive. Beyond that, I’m not going to discuss the details because it is under active investigation,” the H. Andrew Schwartz, CSIS Senior Vice President for External Relations, said in an email. [Continue reading…]

Facebooktwittermail

FBI says foreign hackers penetrated state election systems

Michael Isikoff reports: The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections.

Those concerns prompted Homeland Security Secretary Jeh Johnson to convene a conference call with state election officials on Aug. 15, in which he offered his department’s help to make state voting systems more secure, including providing federal cyber security experts to scan for vulnerabilities, according to a “readout” of the call released by the department. [Continue reading…]

Facebooktwittermail

FBI investigates whether Russia hacked New York Times reporters

The Associated Press reports: The FBI is investigating cyber intrusions targeting reporters of the New York Times and is looking into whether Russian intelligence agencies are responsible for the acts, a US official said Tuesday.

The cyberattacks are believed to have targeted individual reporters, but investigators don’t believe the newspaper’s entire network was compromised, according to the official, who was briefed on the investigation but was not authorized to discuss the matter by name and spoke on condition of anonymity.

CNN first reported the FBI’s investigation.

It was not immediately clear how many reporters may have been affected, nor how many email accounts were targeted. [Continue reading…]

Facebooktwittermail

Outcome of U.S. election seen as ‘question of national security for Russia’ says Kremlin watcher

NPR reports: Investigative journalist Andrei Soldatov says the [Democratic National Committee] hack wasn’t necessarily the work of Russian intelligence services.

“It’s much more complicated than that,” says Soldatov, co-author of The Red Web: The Struggle Between Russia’s Digital Dictators and the New Online Revolutionaries. “We have non-government actors, and they’re really adventurous, really fast and they’re really, really good.”

He says mercenary hackers give the government a way to deny involvement.

Once the material had been stolen, though, [Mark] Galeotti thinks the Kremlin took over.

“The actual leak — the point where they did something with the information they gathered — now there’s no question that that would be regarded as a strategic move, and would need to have had Kremlin sanction,” he says.

Russia’s foreign minister, Sergei Lavrov, repeated this week that Russia doesn’t interfere in the affairs of other countries. Recently he said, “We have witnessed a volley of Russophobic hysteria.”

He called the accusations “ploys to support one candidate and smear another.”

DNC staffers charged that the publication of the emails was a Russian ploy to support the candidacy of Donald Trump. But “I think it’s not about Trump,” says Soldatov. “It’s all about Hillary Clinton.”

What might Russia hope to gain from influencing the American vote?

Soldatov says President Vladimir Putin believes Clinton is a Russia-hater who was behind anti-government demonstrations that took place in Russia in 2011 and 2012.

And Soldatov says this U.S. election is important for Moscow because America’s next leader could determine whether economic sanctions against Russia will be lifted. “And everybody in the Kremlin believes that if Hillary Clinton in the White House, it will be absolutely impossible to get the sanctions against Russia lifted. So in a way, it’s a question of national security for Russia.”

Galeotti thinks the key purpose with the DNC leaks is to divide Clinton’s political base by showing that top party officials worked to freeze out her primary opponent, Bernie Sanders.

The Kremlin’s idea, he says, is to create the impression that politics in the U.S. is manipulated just as much as in Russia. [Continue reading…]

Facebooktwittermail

Release of NSA hacking tools exposes risk of keeping software vulnerabilities secret

The Washington Post reports: To penetrate the computers of foreign targets, the National Security Agency relies on software flaws that have gone undetected in the pipes of the Internet. For years, security experts have pressed the agency to disclose these bugs so they can be fixed, but the agency hackers have often been reluctant.

Now with the mysterious release of a cache of NSA hacking tools over the weekend, the agency has lost an offensive advantage, experts say, and potentially placed at risk the security of countless large companies and government agencies worldwide.

Several of the tools exploited flaws in commercial firewalls that remain unpatched, and they are out on the Internet for all to see. Anyone from a basement hacker to a sophisticated foreign spy agency has access to them now, and until the flaws are fixed, many computer systems may be in jeopardy.

The revelation of the NSA cache, which dates to 2013 and has not been confirmed by the agency, also highlights the administration’s little-known process for figuring out which software errors to disclose and which to keep secret.

The hacker tools’ release “demonstrates the key risk of the U.S. government stockpiling computer vulnerabilities for its own use: Someone else might get a hold of them and use them against us,” said Kevin Bankston, director of New America’s Open Technology Institute.

“This is exactly why it should be U.S. government policy to disclose to software vendors the vulnerabilities it buys or discovers as soon as possible, so we can all better protect our own cybersecurity.” [Continue reading…]

Facebooktwittermail

Possible NSA hacking could signal warning shot from Russia

The New York Times reports: The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed.

Most outside experts who examined the posts, by a group calling itself the Shadow Brokers, said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the N.S.A.’s custom-built malware.

Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the N.S.A. to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.

According to these experts, the coding resembled a series of “products” developed inside the N.S.A.’s highly classified Tailored Access Operations unit, some of which were described in general terms in documents stolen three years ago by Edward J. Snowden, the former N.S.A. contractor now living in Russia.

But the code does not appear to have come from Mr. Snowden’s archive, which was mostly composed of PowerPoint files and other documents that described N.S.A. programs. The documents released by Mr. Snowden and his associates contained no actual source code used to break into the networks of foreign powers.

Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the N.S.A. or other servers around the world that the agency would have used to store the files. The code that was published on Monday dates to mid-2013, when, after Mr. Snowden’s disclosures, the agency shuttered many of its existing servers and moved code to new ones as a security measure.

By midday Tuesday Mr. Snowden himself, in a Twitter message from his exile in Moscow, declared that “circumstantial evidence and conventional wisdom indicates Russian responsibility” for publication, which he interpreted as a warning shot to the American government in case it was thinking of imposing sanctions against Russia in the cybertheft of documents from the Democratic National Committee. [Continue reading…]

Facebooktwittermail

U.S. considers sanctions against Russia in response to hacks of Democratic groups

The Wall Street Journal reports: U.S. officials are discussing whether to respond to computer breaches of Democratic Party organizations with economic sanctions against Russia, but they haven’t reached a decision about how to proceed, according to several people familiar with the matter.

Levying sanctions would require the White House to publicly accuse Russia, or Russian-backed hackers, of committing the breach and then leaking embarrassing information. The U.S. has frequently opted not to publicly release attribution for cyber-assaults, though Washington did openly accuse North Korea of carrying out an embarrassing breach of Sony Pictures Entertainment Inc. in 2014.

The Federal Bureau of Investigation and U.S. intelligence agencies have been studying the Democratic hacks, and several officials have signaled it was almost certainly carried out by Russian-affiliated hackers. Russia has denied any involvement, but several cybersecurity companies have also released reports tying the breach to Russian hackers.

On Thursday, House Minority Leader Nancy Pelosi (D., Calif.) told reporters, regarding a breach of the Democratic Congressional Campaign Committee, which spearheads the Democratic House campaigns: “I know for sure it is the Russians” and “we are assessing the damage.”

She added, “This is an electronic Watergate…The Russians broke in. Who did they give the information to? I don’t know. Who dumped it? I don’t know.” [Continue reading…]

Facebooktwittermail

Hack of Democrats’ accounts was wider than believed, officials say

The New York Times reports: A Russian cyberattack that targeted Democratic politicians was bigger than it first appeared and breached the private email accounts of more than 100 party officials and groups, officials with knowledge of the case said Wednesday.

The widening scope of the attack has prompted the F.B.I. to broaden its investigation, and agents have begun notifying a long list of Democratic officials that the Russians may have breached their personal accounts.

The main targets appear to have been the personal email accounts of Hillary Clinton’s campaign officials and party operatives, along with a number of party organizations.

Officials have acknowledged that the Russian hackers gained access to the Democratic Congressional Campaign Committee, which is the fund-raising arm for House Democrats, and to the Democratic National Committee, including a D.N.C. voter analytics program used by Mrs. Clinton’s presidential campaign.

But the hack now appears to have extended well beyond those groups, and organizations like the Democratic Governors’ Association may also have been affected, according to Democrats involved in the investigation. [Continue reading…]

Facebooktwittermail

DNC hacking puts Obama in tough spot with Russia

The Hill reports: Pressure is growing on the White House to respond to Russia’s apparent hack of the Democratic National Committee (DNC), placing President Obama in a delicate political position.

Evidence has mounted that the Russian government was behind the theft of tens of thousands of damaging internal emails from the DNC, leading prominent lawmakers from both sides of aisle to call for some form of response.

The ranking members of the House and Senate Intelligence committees and the chairman and ranking member of the Senate Judiciary Committee have all issued calls for Obama to “seek justice” for the alleged attack.

But should Obama publicly point the finger at the Kremlin, it could expose covert intelligence capabilities and damage already touchy discussions over Russia’s behavior in Syria and Ukraine, experts say.

That dynamic reflects one the central challenges the White House faces in responding to cyberattacks. Without any international rules of engagement, officials must weigh a response to each attack individually.

The FBI has opened an investigation into the hack, but because of the risks, experts say, the public is unlikely to ever know the results, even if it is able to prove Russia’s guilt beyond a shadow of a doubt.

Obama has a slate of possible responses at his disposal, but each carries its own set of problems.

“They are really in between a rock and a hard place. Everything they do has a downside,” said Herb Lin, a senior research scholar who studies cyber policy and security at Stanford. [Continue reading…]

Facebooktwittermail

For Putin, disinformation is power

Arkady Ostrovsky writes: Fifteen years ago, a few months into his presidency, Vladimir V. Putin told Larry King on CNN that his previous job as a K.G.B. officer had been like that of a journalist. “They have the same purpose of gathering information, synthesizing it and presenting it for the consumption of decision makers,” he said. Since then, he has excelled at using the media to consolidate power inside Russia and, increasingly, to wage an information war against the West.

So the apparent hacking by Russian security services of the Democratic National Committee emails, followed by their publication by WikiLeaks, should come as no great surprise to Americans. It is only the latest example of how Mr. Putin uses information as a weapon. And the Kremlin has cultivated ties with WikiLeaks for years.

It has also used disinformation in its annexation of Crimea and in its war in Ukraine, launched cyberattacks on Finland and the Baltic States, and planted hoax stories in Germany to embarrass Angela Merkel. During the Cold War, the Kremlin interfered in American politics for decades. The K.G.B.’s so-called active measures — subversion, media manipulations, forgery and the financing of some “peace” organizations — lay at the heart of Soviet intelligence.

Then as now, Russia exploited real grievances in the West — discontent with the war in Vietnam and racial tensions in the 1960s; anxiety and fear of Muslim immigrants today. Nevertheless, Mr. Putin’s support of the likes of Donald Trump in America, Brexiters in Britain or the right-wing Marine Le Pen in France does not mean they are his creations. [Continue reading…]

Facebooktwittermail

How hackers could destroy election day

Shane Harris writes: Stealing and leaking emails from the Democratic National Committee could be just the start. Hacking the presidential election itself could be next, a bipartisan group of former intelligence and security officials recently warned. Whoever was behind the DNC hack also could target voting machines and the systems for tabulating votes, which are dangerously insecure.

“Election officials at every level of government should take this lesson to heart: our electoral process could be a target for reckless foreign governments and terrorist groups,” wrote 31 members of the Aspen Institute Homeland Security Group, which includes a former director of the Central Intelligence Agency and a former secretary of Homeland Security.

That echoes warnings computer security experts have been sounding for more than a decade: that the system for casting and counting votes in this country is also ripe for mischief. [Continue reading…]

Facebooktwittermail

FBI said to have taken months to warn Democrats of suspected Russian role in hack

Reuters reports: The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters.

And in months of follow-up conversations about the DNC’s network security, the FBI did not warn party officials that the attack was being investigated as Russian espionage, the sources said.

The lack of full disclosure by the FBI prevented DNC staffers from taking steps that could have reduced the number of confidential emails and documents stolen, one of the sources said. Instead, Russian hackers whom security experts believe are affiliated with the Russian government continued to have access to Democratic Party computers for months during a crucial phase in the U.S. presidential campaign, the source said.

As late as June, hackers had access to DNC systems and the network used by the Democratic Congressional Campaign Committee, a group that raises money for Democratic candidates and shares an office with the DNC in Washington, people with knowledge of the cases have said. [Continue reading…]

Facebooktwittermail

Clinton campaign said to be hacked, apparently by Russians

The New York Times reports: Computer systems used by Hillary Clinton’s presidential campaign were hacked in an attack that appears to have come from Russia’s intelligence services, a federal law enforcement official said on Friday.

The apparent breach, coming after the disclosure last month that the Democratic National Committee’s computer system had been compromised, escalates an international episode in which Clinton campaign officials have suggested that Russia might be trying to sway the outcome of the election.

Mrs. Clinton’s campaign said in a statement that intruders had gained access to an analytics program used by the campaign and maintained by the national committee, but it said that it did not believe that the campaign’s own internal computer systems had been compromised.

The Democratic Congressional Campaign Committee, the fund-raising arm for House Democrats, also said on Friday that its systems had been hacked. Together, the databases of the national committee and the House organization contain some of the party’s most sensitive communications and voter and financial data.

Meredith Kelly, a spokeswoman for the congressional committee, said that after it discovered the breach, “we immediately took action and engaged with CrowdStrike, a leading forensic investigator, to assist us in addressing this incident.”

The attack on the congressional committee’s system appears to have come from an entity known as “Fancy Bear,” which is connected to the G.R.U., the Russian military intelligence service, according to an official involved in the forensic investigation. [Continue reading…]

Reuters reports: Several U.S. officials said the Obama administration has avoided publicly attributing the attacks to Russia as that might undermine Secretary of State John Kerry’s effort to win Russian cooperation in the war on Islamic State in Syria.

The officials said the administration fears Russian President Vladimir Putin might respond to a public move by escalating cyber attacks on U.S. targets, increasing military harassment of U.S. and allied aircraft and warships in the Baltic and Black Seas, and making more aggressive moves in Eastern Europe.

Some officials question the approach, arguing that responding more forcefully to Russia would be more effective than remaining silent.

The Obama administration announced in an April 2015 executive order that it could apply economic sanctions in response to cyber attacks. [Continue reading…]

Facebooktwittermail

How vulnerable to hacking is the U.S. election cyber infrastructure?

By Richard Forno, University of Maryland, Baltimore County

Following the hack of Democratic National Committee emails and reports of a new cyberattack against the Democratic Congressional Campaign Committee, worries abound that foreign nations may be clandestinely involved in the 2016 American presidential campaign. Allegations swirl that Russia, under the direction of President Vladimir Putin, is secretly working to undermine the U.S. Democratic Party. The apparent logic is that a Donald Trump presidency would result in more pro-Russian policies. At the moment, the FBI is investigating, but no U.S. government agency has yet made a formal accusation.

The Republican nominee added unprecedented fuel to the fire by encouraging Russia to “find” and release Hillary Clinton’s missing emails from her time as secretary of state. Trump’s comments drew sharp rebuke from the media and politicians on all sides. Some suggested that by soliciting a foreign power to intervene in domestic politics, his musings bordered on criminality or treason. Trump backtracked, saying his comments were “sarcastic,” implying they’re not to be taken seriously.

Of course, the desire to interfere with another country’s internal political processes is nothing new. Global powers routinely monitor their adversaries and, when deemed necessary, will try to clandestinely undermine or influence foreign domestic politics to their own benefit. For example, the Soviet Union’s foreign intelligence service engaged in so-called “active measures” designed to influence Western opinion. Among other efforts, it spread conspiracy theories about government officials and fabricated documents intended to exploit the social tensions of the 1960s. Similarly, U.S. intelligence services have conducted their own secret activities against foreign political systems – perhaps most notably its repeated attempts to help overthrow pro-communist Fidel Castro in Cuba.

Although the Cold War is over, intelligence services around the world continue to monitor other countries’ domestic political situations. Today’s “influence operations” are generally subtle and strategic. Intelligence services clandestinely try to sway the “hearts and minds” of the target country’s population toward a certain political outcome.

What has changed, however, is the ability of individuals, governments, militaries and criminal or terrorist organizations to use internet-based tools – commonly called cyberweapons – not only to gather information but also to generate influence within a target group.

So what are some of the technical vulnerabilities faced by nations during political elections, and what’s really at stake when foreign powers meddle in domestic political processes?

Continue reading

Facebooktwittermail