Election hackers altered voter rolls, stole private data, officials say

Time reports: The hacking of state and local election databases in 2016 was more extensive than previously reported, including at least one successful attempt to alter voter information, and the theft of thousands of voter records that contain private information like partial Social Security numbers, current and former officials tell TIME.

In one case, investigators found there had been a manipulation of voter data in a county database but the alterations were discovered and rectified, two sources familiar with the matter tell TIME. Investigators have not identified whether the hackers in that case were Russian agents.

The fact that private data was stolen from states is separately providing investigators a previously unreported line of inquiry in the probes into Russian attempts to influence the election. In Illinois, more than 90% of the nearly 90,000 records stolen by Russian state actors contained drivers license numbers, and a quarter contained the last four digits of voters’ Social Security numbers, according to Ken Menzel, the General Counsel of the State Board of Elections. [Continue reading…]

Facebooktwittermail

How an entire nation became Russia’s test lab for cyberwar

Wired reports: The clocks read zero when the lights went out.

It was a Saturday night last December, and Oleksii Yasinsky was sitting on the couch with his wife and teenage son in the living room of their Kiev apartment. The 40-year-old Ukrainian cybersecurity researcher and his family were an hour into Oliver Stone’s film Snowden when their building abruptly lost power.

“The hackers don’t want us to finish the movie,” Yasinsky’s wife joked. She was referring to an event that had occurred a year earlier, a cyberattack that had cut electricity to nearly a quarter-million Ukrainians two days before Christmas in 2015. Yasinsky, a chief forensic analyst at a Kiev digital security firm, didn’t laugh. He looked over at a portable clock on his desk: The time was 00:00. Precisely midnight.

Yasinsky’s television was plugged into a surge protector with a battery backup, so only the flicker of images onscreen lit the room now. The power strip started beeping plaintively. Yasinsky got up and switched it off to save its charge, leaving the room suddenly silent.

He went to the kitchen, pulled out a handful of candles and lit them. Then he stepped to the kitchen window. The thin, sandy-blond engineer looked out on a view of the city as he’d never seen it before: The entire skyline around his apartment building was dark. Only the gray glow of distant lights reflected off the clouded sky, outlining blackened hulks of modern condos and Soviet high-rises.

Noting the precise time and the date, almost exactly a year since the December 2015 grid attack, Yasinsky felt sure that this was no normal blackout. He thought of the cold outside—close to zero degrees Fahrenheit—the slowly sinking temperatures in thousands of homes, and the countdown until dead water pumps led to frozen pipes.

That’s when another paranoid thought began to work its way through his mind: For the past 14 months, Yasinsky had found himself at the center of an enveloping crisis. A growing roster of Ukrainian companies and government agencies had come to him to analyze a plague of cyberattacks that were hitting them in rapid, remorseless succession. A single group of hackers seemed to be behind all of it. Now he couldn’t suppress the sense that those same phantoms, whose fingerprints he had traced for more than a year, had reached back, out through the internet’s ether, into his home.

The Cyber-Cassandras said this would happen. For decades they warned that hackers would soon make the leap beyond purely digital mayhem and start to cause real, physical damage to the world. In 2009, when the NSA’s Stuxnet malware silently accelerated a few hundred Iranian nuclear centrifuges until they destroyed themselves, it seemed to offer a preview of this new era. “This has a whiff of August 1945,” Michael Hayden, former director of the NSA and the CIA, said in a speech. “Somebody just used a new weapon, and this weapon will not be put back in the box.”

Now, in Ukraine, the quintessential cyberwar scenario has come to life. Twice. On separate occasions, invisible saboteurs have turned off the electricity to hundreds of thousands of people. Each blackout lasted a matter of hours, only as long as it took for scrambling engineers to manually switch the power on again. But as proofs of concept, the attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality. [Continue reading…]

Facebooktwittermail

Trump’s silence on Russian hacking says how much he cares about democracy

Politico reports: Democrats are uniting behind a simple message about Russian hacking during the 2016 election: Donald Trump doesn’t care.

Even as the president lashes out at the series of Russia-related probes besieging his administration, Democrats say Trump has yet to express public concern about the underlying issue with striking implications for America’s democracy — the digital interference campaign that upended last year’s presidential race.

The president missed a self-imposed 90-day deadline for developing a plan to “aggressively combat and stop cyberattacks,” stayed silent after Moscow-linked hackers went after the French election and publicly renewed his own skepticism about the Kremlin’s role in the digital theft of Democratic Party emails during the presidential race. Privately, the president questioned a senior NSA official about the truthfulness of the conclusion from 17 intelligence agencies that Russia had interfered with the election, according to The Wall Street Journal. On Capitol Hill, Trump and his team have declined to support a Republican-backed effort to hit Russia with greater penalties for its digital belligerence.

And while the White House received bipartisan praise for a cybersecurity executive order Trump signed in May, administration officials said the directive is aimed at broadly upgrading the government’s digital defenses, not thwarting future Russian election hacking.

Instead, Trump tapped a commission led by Vice President Mike Pence to investigate an issue that elections experts call vastly overblown — voter fraud, something the the president has baselessly alleged resulted in millions of illegal voters casting ballots for Hillary Clinton in November. [Continue reading…]

Facebooktwittermail

Reality Winner, accused NSA leaker, to enter not guilty plea

NPR reports: Reality Winner, the government contractor accused of leaking a secret NSA report to the media, plans to enter a plea of not guilty, her lawyer Titus Nichols tells NPR.

She hopes to be released on bond Thursday.

Winner, 25, works for a private contractor, Pluribus International Corp., in Augusta, Ga., and is an Air Force veteran who speaks three languages. She was arrested Saturday.

The federal government has charged her with “removing classified material from a government facility and mailing it to a news outlet.” That material, presumably because of the timing of Winner’s arrest, is an NSA report about efforts by Russian military intelligence to execute a cyberattack on an American election software company, as well as sending “spear-phishing” emails to local election officials, just before the presidential election. That leaked report was the basis of an article published Monday by The Intercept. [Continue reading…]

Facebooktwittermail

U.S. suspects Russian hackers planted fake news behind Qatar crisis

CNN reports: US investigators believe Russian hackers breached Qatar’s state news agency and planted a fake news report that contributed to a crisis among the US’ closest Gulf allies, according to US officials briefed on the investigation.

The FBI recently sent a team of investigators to Doha to help the Qatari government investigate the alleged hacking incident, Qatari and US government officials say.

Intelligence gathered by the US security agencies indicates that Russian hackers were behind the intrusion first reported by the Qatari government two weeks ago, US officials say. Qatar hosts one of the largest US military bases in the region.

The alleged involvement of Russian hackers intensifies concerns by US intelligence and law enforcement agencies that Russia continues to try some of the same cyber-hacking measures on US allies that intelligence agencies believe it used to meddle in the 2016 elections.

US officials say the Russian goal appears to be to cause rifts among the US and its allies. In recent months, suspected Russian cyber activities, including the use of fake news stories, have turned up amid elections in France, Germany and other countries.

It’s not yet clear whether the US has tracked the hackers in the Qatar incident to Russian criminal organizations or to the Russian security services blamed for the US election hacks. One official noted that based on past intelligence, “not much happens in that country without the blessing of the government.” [Continue reading…]

Facebooktwittermail

Top secret NSA report details Russian hacking effort days before 2016 election

The Intercept reports: Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:

Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.

This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU. [Continue reading…]

Facebooktwittermail

Putin hints at U.S. election meddling by ‘patriotically minded’ Russians

The New York Times reports: Shifting from his previous blanket denials, President Vladimir V. Putin of Russia said on Thursday that “patriotically minded” private Russian hackers could have been involved in cyberattacks last year to help the presidential campaign of Donald J. Trump.

While Mr. Putin continued to deny any state role, his comments to reporters in St. Petersburg were a departure from the Kremlin’s previous position: that Russia had played no role whatsoever in the hacking of the Democratic National Committee and that, after Mr. Trump’s victory, the country had become the victim of anti-Russia hysteria among crestfallen Democrats.

Raising the possibility of attacks by what he portrayed as free-spirited Russian patriots, Mr. Putin said that hackers “are like artists” who choose their targets depending how they feel “when they wake up in the morning.” [Continue reading…]

Facebooktwittermail

How alleged Russian hacker, ‘Guccifer 2.0,’ teamed up with Florida GOP operative and funneled data to Trump campaign

The Wall Street Journal reports: The hacking spree that upended the presidential election wasn’t limited to Democratic National Committee memos and Clinton-aide emails posted on websites. The hacker also privately sent Democratic voter-turnout analyses to a Republican political operative in Florida named Aaron Nevins.

Learning that hacker “Guccifer 2.0” had tapped into a Democratic committee that helps House candidates, Mr. Nevins wrote to the hacker to say: “Feel free to send any Florida based information.”

Ten days later, Mr. Nevins received 2.5 gigabytes of Democratic Congressional Campaign Committee documents, some of which he posted on a blog called HelloFLA.com that he ran using a pseudonym.

Soon after, the hacker sent a link to the blog article to Roger Stone, a longtime informal adviser to then-candidate Donald Trump, along with Mr. Nevins’ analysis of the hacked data.

Mr. Nevins confirmed his exchanges after The Wall Street Journal identified him first as the operator of the HelloFLA blog and then as the recipient of the stolen DCCC data. The Journal also reviewed copies of exchanges between the hacker and Mr. Nevins. That the obscure blog had received hacked Democratic documents was previously known, but not the extent of the trove or the blogger’s identity.

In hopes of a scoop, he said, he reached out to Guccifer 2.0 on Aug. 12 after seeing a newspaper article about a hack of the DCCC. The hacker using the Guccifer 2.0 name had invited journalists to send questions via Twitter direct messages, which Mr. Nevins did.

Seeing that some of what Guccifer 2.0 had was months old, Mr. Nevins advised the hacker that releasing fresher documents would have a lot more impact.

More impressed after studying the voter-turnout models, Mr. Nevins told the hacker, “Basically if this was a war, this is the map to where all the troops are deployed.” [Continue reading…]

Facebooktwittermail

Russian hackers are using ‘tainted’ leaks to sow disinformation

Andy Greenberg writes: Over the past year, the Kremlin’s strategy of weaponizing leaks to meddle with democracies around the world has become increasingly clear, first in the US and more recently in France. But a new report by a group of security researchers digs into another layer of those so-called influence operations: how Russian hackers alter documents within those releases of hacked material, planting disinformation alongside legitimate leaks.

A new report from researchers at the Citizen Lab group at the University of Toronto’s Munk School of Public Affairs documents a wide-ranging hacking campaign, with ties to known Russian hacker groups. The effort targeted more than 200 individuals, ranging from Russian media to a former Russian prime minister to Russian opposition groups, and assorted government and military personnel from Ukraine to Vietnam. Noteworthy among the leaks: A Russia-focused journalist and author whose emails were not only stolen but altered before their release. Once they appeared on a Russian hactivist site, Russian state media used the disinformation to concoct a CIA conspiracy.

The case could provide the clearest evidence yet that Russian hackers have evolved their tactics from merely releasing embarrassing true information to planting false leaks among those facts. “Russia has a long history of experience with disinformation,” says Ron Deibert, the political science professor who led Citizen Lab’s research into the newly uncovered hacking spree. “This is the first case of which I am aware that compares tainted documents to originals associated with a cyber espionage campaign.” [Continue reading…]

Facebooktwittermail

Top Russian officials discussed how to influence Trump aides last summer

The New York Times reports: American spies collected information last summer revealing that senior Russian intelligence and political officials were discussing how to exert influence over Donald J. Trump through his advisers, according to three current and former American officials familiar with the intelligence.

The conversations focused on Paul Manafort, the Trump campaign chairman at the time, and Michael T. Flynn, a retired general who was advising Mr. Trump, the officials said. Both men had indirect ties to Russian officials, who appeared confident that each could be used to help shape Mr. Trump’s opinions on Russia.

Some Russians boasted about how well they knew Mr. Flynn. Others discussed leveraging their ties to Viktor F. Yanukovych, the deposed president of Ukraine living in exile in Russia, who at one time had worked closely with Mr. Manafort.

The intelligence was among the clues — which also included information about direct communications between Mr. Trump’s advisers and Russian officials — that American officials received last year as they began investigating Russian attempts to disrupt the election and whether any of Mr. Trump’s associates were assisting Moscow in the effort. Details of the conversations, some of which have not been previously reported, add to an increasing understanding of the alarm inside the American government last year about the Russian disruption campaign. [Continue reading…]

CNN reports: Attorney General Jeff Sessions did not disclose meetings he had last year with Russian officials when he applied for his security clearance, the Justice Department told CNN Wednesday.

Sessions, who met with Russian Ambassador Sergey Kislyak at least two times last year, didn’t note those interactions on the form, which requires him to list “any contact” he or his family had with a “foreign government” or its “representatives” over the past seven years, officials said.

The new information from the Justice Department is the latest example of Sessions failing to disclose contacts he had with Russian officials. He has come under withering criticism from Democrats following revelations that he did not disclose the same contacts with Kislyak during his Senate confirmation hearings earlier this year. [Continue reading…]

ABC News reports: Even with the Senate Intelligence Committee focused this week on its investigation of Russia’s alleged meddling in last year’s presidential election, the committee met behind closed doors today for a classified briefing from senior FBI and Homeland Security officials over another alleged threat emanating from Moscow: a major software company whose products are used widely across the United States.

The visit from FBI and Homeland Security officials has long been planned. But congressional sources told ABC News that in recent days the agenda expanded to specifically include an update on U.S. intelligence about Kaspersky Lab, a Moscow-based firm that has become one of the world’s largest and most respected cybersecurity firms.

Current and former U.S. officials worry that state-sponsored hackers could try to exploit Kaspersky Lab’s anti-virus software to steal and manipulate users’ files, read private emails or attack critical infrastructure in the U.S. And they point to Kaspersky Lab executives with previous ties to Russian intelligence and military agencies. [Continue reading…]

Facebooktwittermail

Inside Russia’s social media cyberwar on America

Time reports: On March 2, a disturbing report hit the desks of U.S. counterintelligence officials in Washington. For months, American spy hunters had scrambled to uncover details of Russia’s influence operation against the 2016 presidential election. In offices in both D.C. and suburban Virginia, they had created massive wall charts to track the different players in Russia’s multipronged scheme. But the report in early March was something new.

It described how Russia had already moved on from the rudimentary email hacks against politicians it had used in 2016. Now the Russians were running a more sophisticated hack on Twitter. The report said the Russians had sent expertly tailored messages carrying malware to more than 10,000 Twitter users in the Defense Department. Depending on the interests of the targets, the messages offered links to stories on recent sporting events or the Oscars, which had taken place the previous weekend. When clicked, the links took users to a Russian-controlled server that downloaded a program allowing Moscow’s hackers to take control of the victim’s phone or computer–and Twitter account.

As they scrambled to contain the damage from the hack and regain control of any compromised devices, the spy hunters realized they faced a new kind of threat. In 2016, Russia had used thousands of covert human agents and robot computer programs to spread disinformation referencing the stolen campaign emails of Hillary Clinton, amplifying their effect. Now counterintelligence officials wondered: What chaos could Moscow unleash with thousands of Twitter handles that spoke in real time with the authority of the armed forces of the United States? At any given moment, perhaps during a natural disaster or a terrorist attack, Pentagon Twitter accounts might send out false information. As each tweet corroborated another, and covert Russian agents amplified the messages even further afield, the result could be panic and confusion.

For many Americans, Russian hacking remains a story about the 2016 election. But there is another story taking shape. Marrying a hundred years of expertise in influence operations to the new world of social media, Russia may finally have gained the ability it long sought but never fully achieved in the Cold War: to alter the course of events in the U.S. by manipulating public opinion. The vast openness and anonymity of social media has cleared a dangerous new route for antidemocratic forces. “Using these technologies, it is possible to undermine democratic government, and it’s becoming easier every day,” says Rand Waltzman of the Rand Corp., who ran a major Pentagon research program to understand the propaganda threats posed by social media technology. [Continue reading…]

Facebooktwittermail

How Trump exposes himself to foreign surveillance on a regular basis

ProPublica reports: Two weeks ago, on a sparkling spring morning, we went trawling along Florida’s coastal waterway. But not for fish.

We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.

A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation.

We have also visited two of President Donald Trump’s other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.

“Those networks all have to be crawling with foreign intruders, not just ProPublica,” said Dave Aitel, chief executive officer of Immunity, Inc., a digital security company, when we told him what we found. [Continue reading…]

Facebooktwittermail

NSA officials worried about the day its potent hacking tool would get loose. Then it did

The Washington Post reports: When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose.

Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue.

But for more than five years, the NSA kept using it — through a time period that has seen several serious security breaches — and now the officials’ worst fears have been realized. The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history. [Continue reading…]

Facebooktwittermail

How NSA secrets helped cybercriminals mount a worldwide attack

The Washington Post reports: Computers around the world are suffering an attack from malicious software. The compromised computers have been hit by “ransomware” — software that encrypts the computer’s hard drive so that all the information on it is unavailable, and refuses to release it until a ransom is paid in Bitcoin, an online currency that is difficult to trace. Among the victims are FedEx, Britain’s National Health Service and computers belonging to Russia’s Ministry for the Interior.

Ransomware attacks have happened before. What is unusual is how quickly this attack is compromising large numbers of critical computers. It has been so successful because it has made use of a so-called “zero-day exploit” — a previously unknown flaw in Windows software that makes it easy to take control of vulnerable systems. This zero day exploit became publicly known last month, when it was released as part of a treasure trove of NSA data by the “Shadow Brokers,” a shadowy group of hackers who many believe are associated with Russian intelligence. Criminal hackers appear to have combined this exploit with ransomware tools to mount a worldwide campaign. Here’s what you need to know to understand what happened. [Continue reading…]

The Guardian reports: An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.

The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software.

The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

“I saw it wasn’t registered and thought, ‘I think I’ll have that’,” he is reported as saying. The purchase cost him $10.69. Immediately, the domain name was registering thousands of connections every second.

“They get the accidental hero award of the day,” said Proofpoint’s Ryan Kalember. “They didn’t realize how much it probably slowed down the spread of this ransomware.”

The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember. [Continue reading…]

Facebooktwittermail

Hackers came, but the French were prepared

The New York Times reports: Everyone saw the hackers coming.

The National Security Agency in Washington picked up the signs. So did Emmanuel Macron’s bare-bones technology team. And mindful of what happened in the American presidential campaign, the team created dozens of false email accounts, complete with phony documents, to confuse the attackers.

The Russians, for their part, were rushed and a bit sloppy, leaving a trail of evidence that was not enough to prove for certain they were working for the government of President Vladimir V. Putin but which strongly suggested they were part of his broader “information warfare” campaign.

The story told by American officials, cyberexperts and Mr. Macron’s own campaign aides of how a hacking attack intended to disrupt the most consequential election in France in decades ended up a dud was a useful reminder that as effective as cyberattacks can be in disabling Iranian nuclear plants, or Ukrainian power grids, they are no silver bullet. The kind of information warfare favored by Russia can be defeated by early warning and rapid exposure.

But that outcome was hardly assured on Friday night, when what was described as a “massive” hacking attack suddenly put Mr. Macron’s electoral chances in jeopardy. To French and American officials, however, it was hardly a surprise.

Testifying in front of the Senate Armed Services Committee in Washington on Tuesday, Adm. Michael S. Rogers, the director of the National Security Agency, said American intelligence agencies had seen the attack unfolding, telling their French counterparts, “Look, we’re watching the Russians. We’re seeing them penetrate some of your infrastructure. Here’s what we’ve seen. What can we do to try to assist?”

But the staff at Mr. Macron’s makeshift headquarters in the 15th Arrondissement at the edge of Paris didn’t need the N.S.A. to tell them they were being targeted: In December, after the former investment banker and finance minister had emerged as easily the most anti-Russian, pro-NATO and pro-European Union candidate in the presidential race, they began receiving phishing emails.

The phishing mails were “high quality,” said Mr. Macron’s digital director, Mounir Mahjoubi: They included the actual names of members of the campaign staff, and at first glance appeared to come from them. Typical was the very last one the campaign received, several days before the election on Sunday, which purported to have come from Mr. Mahjoubi himself.

“It was almost like a joke, like giving us all the finger,” Mr. Mahjoubi said in interview on Tuesday. The final email enjoined recipients to download several files “to protect yourself.”

Even before then, the Macron campaign had begun looking for ways to make life a little harder for the Russians, showing a level of skill and ingenuity that was missing in Hillary Clinton’s presidential campaign and at the Democratic National Committee, which had minimal security protections and for months ignored F.B.I. warnings that its computer system had been penetrated. [Continue reading…]

Facebooktwittermail

Here’s how easy it is to get Trump officials to click on a fake link in email

Gizmodo reports: Even technology experts can be insecure on the internet, as last week’s “Google Docs” phishing attack demonstrated. An array of Gmail users, including BuzzFeed tech reporter Joe Bernstein, readily handed over access to their email to a bogus app. Politicians should be especially wary of suspicious emails given recent events, yet a security test run by the Special Projects Desk found that a selection of key Trump Administration members and associates would click on a link from a fake address.

The Trump camp has talked a lot about cybersecurity—or “the cyber”—particularly to criticize Hillary Clinton for the risks posed by her private email server and to savor the damage done by hacks against the Democratic National Committee and Clinton campaign chairman John Podesta. Its own record, however, is less than sterling—in January, notably, after Trump named Rudolph Giuliani as a cybersecurity advisor, experts promptly discovered that the Giuliani Security corporate website was riddled with known vulnerabilities.

So, three weeks ago, Gizmodo Media Group’s Special Projects Desk launched a security preparedness test directed at Giuliani and 14 other people associated with the Trump Administration. We sent them an email that mimicked an invitation to view a spreadsheet in Google Docs. The emails came from the address security.test@gizmodomedia.com, but the sender name each one displayed was that of someone who might plausibly email the recipient, such as a colleague, friend, or family member.

The link in the document would take them to what looked like a Google sign-in page, asking them to submit their Google credentials. The url of the page included the word “test.” The page was not set up to actually record or retain the text of their passwords, just to register who had attempted to submit login information.

Some of the Trump Administration people completely ignored our email, the right move. But it appears that more than half the recipients clicked the link: Eight different unique devices visited the site, one of them multiple times. There’s no way to tell for sure if the recipients themselves did all the clicking (as opposed to, say, an IT specialist they’d forwarded it to), but seven of the connections occurred within 10 minutes of the emails being sent.

At least the recipients didn’t go farther. Our testing setup—which included disclaimers for careful readers at each step—did not induce anyone to go all the way and try to hand over their credentials.

Two of the people we reached—informal presidential advisor Newt Gingrich and FBI director James Comey—replied to the emails they’d gotten, apparently taking the sender’s identity at face value. Comey, apparently believing that he was writing to his friend, Lawfareblog.com editor-in-chief Ben Wittes, wrote: “Don’t want to open without care. What is it?” And Gingrich, apparently under the impression he was responding to an email from his wife, Callista, wrote: “What is this?”

In both cases, we didn’t respond. In an actual phishing attack, the replies could have given the sender a chance to more aggressively put their targets at ease and lure them in. [Continue reading…]

Facebooktwittermail

Trump’s silence on French hacks troubles cyber experts

Politico reports: The Trump administration is so far ignoring pleas from both on and off Capitol Hill to denounce the suspected Russian-backed digital assault that appeared aimed to tilt Sunday’s French presidential election toward nationalist candidate Marine Le Pen.

The White House’s failure to mention the attack on one of America’s oldest allies has worried Democrats, cyber policy specialists and former White House officials, who say the omission reveals a troubling inability to call out Russia over its digital aggression.

“This is an issue that should provoke grave concern in both parties,” Senate Minority Leader Chuck Schumer said on the floor Monday afternoon. “It should compel us, Democrats and Republicans, to take proactive actions against this new threat.”

In the hack — which some researchers have linked to Russian intelligence — tens of thousands of internal documents and emails appeared online late Friday after being pilfered from the political party of centrist candidate Emmanuel Macron. The dump came less than two days before Macron’s resounding victory on Sunday.

The White House’s lack of comment on the incident comes just over a week after President Donald Trump publicly renewed his own skepticism about Russia’s role in the hacking of Democratic Party emails during the U.S. presidential race, despite the U.S. intelligence community’s forceful conclusion that senior Kremlin officials personally orchestrated the campaign with the aim of undermining Hillary Clinton.

“The silence is just a sign of how unprepared we are to deal with these things,” said James Lewis, a cyber expert at the Center for Strategic and International Studies. [Continue reading…]

Trump’s silence is most likely even more indicative of this: that the Faustian bargain he made with Putin was that his presidency could be the beneficiary of Russian hacking with the understanding that sooner or later it could also become a target.

It is highly implausible that the Trump campaign and Trump presidency have not been the targets of damaging hacking attacks due to their mastery of information security. Much more likely, Russia holds a trove of damning information on Trump that at any time of its choosing it could release in order to destroy a president who turned out to have proved himself unworthy of protection.

Trump’s silence is a sign of his obedience.

Facebooktwittermail

Evidence suggests Russia behind hack of French president-elect

Ars Technica reports: Late on May 5 as the two final candidates for the French presidency were about to enter a press blackout in advance of the May 7 election, nine gigabytes of data allegedly from the campaign of Emmanuel Macron were posted on the Internet in torrents and archives. The files, which were initially distributed via links posted on 4Chan and then by WikiLeaks, had forensic metadata suggesting that Russians were behind the breach—and that a Russian government contract employee may have falsified some of the dumped documents.

Even WikiLeaks, which initially publicized the breach and defended its integrity on the organization’s Twitter account, has since acknowledged that some of the metadata pointed directly to a Russian company with ties to the government:


Evrika (“Eureka”) ZAO is a large information technology company in St. Petersburg that does some work for the Russian government, and the group includes the Federal Security Service of the Russian Federation (FSB) among its acknowledged customers (as noted in this job listing). The company is a systems integrator, and it builds its own computer equipment and provides “integrated information security systems.” The metadata in some Microsoft Office files shows the last person to have edited the files to be “Roshka Georgiy Petrovich,” a current or former Evrika ZAO employee. [Continue reading…]

Facebooktwittermail

In France, a hack falls flat

Isaac Stanley-Becker and Ellen Nakashima write: In France, few people even knew what was in the Macron team’s emails. The blanket ban on campaigning meant that far-right candidate Marine Le Pen and her National Front couldn’t mention them, though a deputy leader of her party did tweet early Saturday, “Will #Macronleaks teach us something that investigative journalism has deliberately killed?”

The answer was no. Most media chose to heed a request from the France’s electoral commission not to reproduce the emails’ contents. Le Monde, the major French daily, said in a statement that it had seen part of the documents but would not publish their details before the election, due to the volume of the dump and because the release had “the clear goal of harming the validity of the ballot.”

The paper’s editor, Jerome Fénoglio, said in an interview that the documents would have been leaked earlier if they had contained damaging information. As it was, he said, “the best hope was to make noise.”

He said the response of the media in France carried lessons for journalists elsewhere, including those in the United States who rushed to reproduce pre-election leaks without thoroughly investigating their origins.

“Hiding information is not the same thing as refusing to be manipulated by those who diffuse the information,” Fénoglio said. [Continue reading…]

Facebooktwittermail