Soviet veteran who met with Trump Jr. is a master of the dark arts

The New York Times reports: Rinat Akhmetshin, the Russian-American lobbyist who met with Donald Trump Jr. at Trump Tower in June 2016, had one consistent message for the journalists who met him over the years at the luxury hotels where he stayed in Moscow, London and Paris, or at his home on a leafy street in Washington: Never use email to convey information that needed to be kept secret.

While not, he insisted, an expert in the technical aspects of hacking nor, a spy, Mr. Akhmetshin talked openly about how he had worked with a counterintelligence unit while serving with the Red Army after its 1979 invasion of Afghanistan and how easy it was to find tech-savvy professionals ready and able to plunder just about any email account.

A journalist who visited his home was given a thumb drive containing emails that had apparently been stolen by hackers working for one of his clients.

On another occasion, at a meeting with a New York Times reporter at the Ararat Park Hyatt hotel in Moscow, Mr. Akhmetshin, by then an American citizen, informed the journalist he had recently been reading one of his emails: a note sent by the reporter to a Russian-American defense lawyer who had once worked for Mikhail Khodorkovsky, the anti-Kremlin oligarch.

In that instance, the reporter’s email had become public as part of a lawsuit. But the episode suggests Mr. Akhmetshin’s professional focus in the decades since he immigrated to the United States — and the experience that he brought to a meeting last June in New York with President Trump’s oldest son, Donald Trump Jr., his son-in-law, Jared Kushner, and the then-head of the Trump presidential campaign, Paul J. Manafort. [Continue reading…]

Facebooktwittermail

Trump team met Russian accused of international hacking conspiracy

The Daily Beast reports: The alleged former Soviet intelligence officer who attended the now-infamous meeting with Donald Trump Jr. and other top campaign officials last June was previously accused in federal and state courts of orchestrating an international hacking conspiracy.

Rinat Akhmetshin told the Associated Press on Friday he accompanied Russian lawyer Natalia Veselnitskaya to the June 9, 2016, meeting with Donald Trump Jr., Jared Kushner, and Paul Manafort. Trump’s attorney confirmed Akhmetshin’s attendance in a statement.

Akhmetshin’s presence at Trump Tower that day adds another layer of controversy to an episode that already provides the clearest indication of collusion between the Kremlin and the Trump campaign. In an email in the run-up to that rendezvous, Donald Trump Jr. was promised “very high level and sensitive information” on Hillary Clinton as “part of Russia and its government’s support for Mr. Trump.”

Akhmetshin had been hired by Veselnitskaya to help with pro-Russian lobbying efforts in Washington. He also met and lobbied Rep. Dana Rohrabacher, chairman of the Foreign Affairs Sub-Committee for Europe, in Berlin in April. [Continue reading…]

Facebooktwittermail

Kaspersky Lab has been working with Russian intelligence

Bloomberg reports: The previously unreported emails, from October 2009, are from a thread between Eugene Kaspersky and senior staff. In Russian, Kaspersky outlines a project undertaken in secret a year earlier “per a big request on the Lubyanka side,” a reference to the FSB offices. Kaspersky Lab confirmed the emails are authentic.

The software that the CEO was referring to had the stated purpose of protecting clients, including the Russian government, from distributed denial-of-service (DDoS) attacks, but its scope went further. Kaspersky Lab would also cooperate with internet hosting companies to locate bad actors and block their attacks, while assisting with “active countermeasures,” a capability so sensitive that Kaspersky advised his staff to keep it secret.

“The project includes both technology to protect against attacks (filters) as well as interaction with the hosters (‘spreading’ of sacrifice) and active countermeasures (about which, we keep quiet) and so on,” Kaspersky wrote in one of the emails.

“Active countermeasures” is a term of art among security professionals, often referring to hacking the hackers, or shutting down their computers with malware or other tricks. In this case, Kaspersky may have been referring to something even more rare in the security world. A person familiar with the company’s anti-DDoS system says it’s made up of two parts. The first consists of traditional defensive techniques, including rerouting malicious traffic to servers that can harmlessly absorb it. The second part is more unusual: Kaspersky provides the FSB with real-time intelligence on the hackers’ location and sends experts to accompany the FSB and Russian police when they conduct raids. That’s what Kaspersky was referring to in the emails, says the person familiar with the system. They weren’t just hacking the hackers; they were banging down the doors. [Continue reading…]

Facebooktwittermail

U.S. officials say Russian government hackers have penetrated energy and nuclear company business networks

The Washington Post reports: Russian government hackers were behind recent cyber-intrusions into the business systems of U.S. nuclear power and other energy companies in what appears to be an effort to assess their networks, according to U.S. government officials.

The U.S. officials said there is no evidence the hackers breached or disrupted the core systems controlling operations at the plants, so the public was not at risk. Rather, they said, the hackers broke into systems dealing with business and administrative tasks, such as personnel.

At the end of June, the FBI and the Department of Homeland Security sent a joint alert to the energy sector stating that “advanced, persistent threat actors” — a euphemism for sophisticated foreign hackers — were stealing network log-in and password information to gain a foothold in company networks. The agencies did not name Russia.

The campaign marks the first time Russian government hackers are known to have wormed their way into the networks of American nuclear power companies, several U.S. and industry officials said. And the penetration could be a sign that Russia is seeking to lay the groundwork for more damaging hacks. [Continue reading…]

Facebooktwittermail

Russians are suspects in nuclear site hackings, sources say

Bloomberg reports: Hackers working for a foreign government recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas, according to current and former U.S. officials, sparking concerns the attackers were searching for vulnerabilities in the electrical grid.

The rivals could be positioning themselves to eventually disrupt the nation’s power supply, warned the officials, who noted that a general alert was distributed to utilities a week ago. Adding to those concerns, hackers recently infiltrated an unidentified company that makes control systems for equipment used in the power industry, an attack that officials believe may be related.

The chief suspect is Russia, according to three people familiar with the continuing effort to eject the hackers from the computer networks. One of those networks belongs to an aging nuclear generating facility known as Wolf Creek — owned by Westar Energy Inc., Great Plains Energy Inc. and Kansas Electric Power Cooperative Inc. — on a lake shore near Burlington, Kansas.

The possibility of a Russia connection is particularly worrisome, former and current officials say, because Russian hackers have previously taken down parts of the electrical grid in Ukraine and appear to be testing increasingly advanced tools to disrupt power supplies. [Continue reading…]

Facebooktwittermail

Trump voter-fraud panel’s data request a gold mine for hackers, experts warn

Politico reports: Cybersecurity specialists are warning that President Donald Trump’s voter-fraud commission may unintentionally expose voter data to even more hacking and digital manipulation.

Their concerns stem from a letter the commission sent to every state this week, asking for full voter rolls and vowing to make the information “available to the public.” The requested information includes full names, addresses, birth dates, political party and, most notably, the last four digits of Social Security numbers. The commission is also seeking data such as voter history, felony convictions and military service records.

Digital security experts say the commission’s request would centralize and lay bare a valuable cache of information that cyber criminals could use for identity theft scams — or that foreign spies could leverage for disinformation schemes.

“It is beyond stupid,” said Nicholas Weaver, a computer science professor at the University of California at Berkeley.

“The bigger the purse, the more effort folks would spend to get at it,” said Joe Hall, chief technologist at the Center for Democracy and Technology, a digital advocacy group. “And in this case, this is such a high-profile and not-so-competent tech operation that we’re likely to see the hacktivists and pranksters take shots at it.”

Indeed, by Friday night, over 20 states — from California to Mississippi to Virginia — had indicated they would not comply with the request, with several citing privacy laws and expressing unease about aggregating voter data. [Continue reading…]

Facebooktwittermail

GOP activist who sought Clinton emails cited Trump campaign officials

The Wall Street Journal reports: A longtime Republican activist who led an operation hoping to obtain Hillary Clinton emails from hackers listed senior members of the Trump campaign, including some who now serve as top aides in the White House, in a recruitment document for his effort.

The activist, Peter W. Smith, named the officials in a section of the document marked “Trump Campaign.” The document was dated Sept. 7, 2016. That was around the time Mr. Smith said he started his search for 33,000 emails Mrs. Clinton deleted from the private server she used for official business while secretary of state. She said the deleted emails concerned personal matters. She turned over tens of thousands of other emails to the State Department.

As reported Thursday by The Wall Street Journal, Mr. Smith and people he recruited to his effort theorized the deleted emails might have been stolen by hackers and might contain matters that were politically damaging. He and his associates said they were in touch with several groups of hackers, including two from Russia they suspected were tied to the Moscow government, in a bid to find any stolen emails and potentially hurt Mrs. Clinton’s prospects.

Mr. Smith’s purpose in listing the officials isn’t clear. There is no indication in the document that he sought or received any coordination from the campaign officials or the campaign in general.

Mr. Smith died in mid-May at age 81, about 10 days after he spoke to the Journal. He said he operated independently of the Trump campaign.

Officials identified in the document include Steve Bannon, now chief strategist for President Donald Trump; Kellyanne Conway, former campaign manager and now White House counselor; Sam Clovis, a policy adviser to the Trump campaign and now a senior adviser at the Agriculture Department; and retired Lt. Gen. Mike Flynn, who was a campaign adviser and briefly was national security adviser in the Trump administration.

Mr. Bannon said he never met with Mr. Smith or anyone affiliated with a limited-liability company, KLS Research LLC, that the document said had been established for its mission. “Never heard of KLS Research or Peter Smith,” Mr. Bannon said.

Ms. Conway said she knew Mr. Smith from Republican politics but hadn’t spoken to him in years. “I never met with him” during the campaign, Ms. Conway said. “There were no calls, no meetings, no nothing.”

The White House didn’t immediately respond to a request for comment. Neither did the Agriculture Department, Mr. Clovis’s employer.

Mr. Flynn, his consulting firm Flynn Intel Group and his son Michael G. Flynn, who was chief of staff at Flynn Intel, were cited more extensively as Mr. Smith sought to recruit researchers, as well as in documents related to the effort that have been described to the Journal. Neither Mr. Flynn nor his son responded to requests for comment. [Continue reading…]

Facebooktwittermail

A plot, with apparent Russian backing, to use Clinton emails in the Trump campaign

Matt Tait, a former information security specialist for GCHQ and currently a security consultant who tweets as @pwnallthethings, was a source for the Wall Street Journal’s reporting on Peter Smith, his ties to the Trump campaign and his apparent communications with Russian intelligence. Tait writes: When he first contacted me, I did not know who Smith was, but his legitimate connections within the Republican party were apparent. My motive for initially speaking to him was that I wondered if the campaign was trying to urgently establish whether the claims that Russia had hacked the DNC was merely “spin” from the Clinton campaign, or instead something they would need to address before Trump went too far down the road of denying it. My guess was that maybe they wanted to contact someone who could provide them with impartial advice to understand whether the claims were real or just rhetoric.

Although it wasn’t initially clear to me how independent Smith’s operation was from Flynn or the Trump campaign, it was immediately apparent that Smith was both well connected within the top echelons of the campaign and he seemed to know both Lt. Gen. Flynn and his son well. Smith routinely talked about the goings on at the top of the Trump team, offering deep insights into the bizarre world at the top of the Trump campaign. Smith told of Flynn’s deep dislike of DNI Clapper, whom Flynn blamed for his dismissal by President Obama. Smith told of Flynn’s moves to position himself to become CIA Director under Trump, but also that Flynn had been persuaded that the Senate confirmation process would be prohibitively difficult. He would instead therefore become National Security Advisor should Trump win the election, Smith said. He also told of a deep sense of angst even among Trump loyalists in the campaign, saying “Trump often just repeats whatever he’s heard from the last person who spoke to him,” and expressing the view that this was especially dangerous when Trump was away.

Over the course of a few phone calls, initially with Smith and later with Smith and one of his associates—a man named John Szobocsan—I was asked about my observations on technical details buried in the State Department’s release of Secretary Clinton’s emails (such as noting a hack attempt in 2011, or how Clinton’s emails might have been intercepted by Russia due to lack of encryption). I was also asked about aspects of the DNC hack, such as why I thought the “Guccifer 2” persona really was in all likelihood operated by the Russian government, and how it wasn’t necessary to rely on CrowdStrike’s attribution as blind faith; noting that I had come to the same conclusion independently based on entirely public evidence, having been initially doubtful of CrowdStrike’s conclusions.

Towards the end of one of our conversations, Smith made his pitch. He said that his team had been contacted by someone on the “dark web”; that this person had the emails from Hillary Clinton’s private email server (which she had subsequently deleted), and that Smith wanted to establish if the emails were genuine. If so, he wanted to ensure that they became public prior to the election. What he wanted from me was to determine if the emails were genuine or not.

It is no overstatement to say that my conversations with Smith shocked me. Given the amount of media attention given at the time to the likely involvement of the Russian government in the DNC hack, it seemed mind-boggling for the Trump campaign—or for this offshoot of it—to be actively seeking those emails. To me this felt really wrong.

In my conversations with Smith and his colleague, I tried to stress this point: if this dark web contact is a front for the Russian government, you really don’t want to play this game. But they were not discouraged. They appeared to be convinced of the need to obtain Clinton’s private emails and make them public, and they had a reckless lack of interest in whether the emails came from a Russian cut-out. Indeed, they made it quite clear to me that it made no difference to them who hacked the emails or why they did so, only that the emails be found and made public before the election.

As I mentioned above, Smith and his associates’ knowledge of the inner workings of the campaign were insightful beyond what could be obtained by merely attending Republican events or watching large amounts of news coverage. But one thing I could not place, at least initially, was whether Smith was working on behalf of the campaign, or whether he was acting independently to help the campaign in his personal capacity.

Then, a few weeks into my interactions with Smith, he sent me a document, ostensibly a cover page for a dossier of opposition research to be compiled by Smith’s group, and which purported to clear up who was involved. The document was entitled “A Demonstrative Pedagogical Summary to be Developed and Released Prior to November 8, 2016,” and dated September 7. It detailed a company Smith and his colleagues had set up as a vehicle to conduct the research: “KLS Research”, set up as a Delaware LLC “to avoid campaign reporting,” and listing four groups who were involved in one way or another.

The first group, entitled “Trump Campaign (in coordination to the extent permitted as an independent expenditure)” listed a number of senior campaign officials: Steve Bannon, Kellyanne Conway, Sam Clovis, Lt. Gen. Flynn and Lisa Nelson.

The largest group named a number of “independent groups / organizations / individuals / resources to be deployed.” My name appears on this list. At the time, I didn’t recognize most of the others; however, several made headlines in the weeks immediately prior to the election.

My perception then was that the inclusion of Trump campaign officials on this document was not merely a name-dropping exercise. This document was about establishing a company to conduct opposition research on behalf of the campaign, but operating at a distance so as to avoid campaign reporting. Indeed, the document says as much in black and white.

The combination of Smith’s deep knowledge of the inner workings of the campaign, this document naming him in the “Trump campaign” group, and the multiple references to needing to avoid campaign reporting suggested to me that the group was formed with the blessing of the Trump campaign. [Continue reading…]

Facebooktwittermail

Ransomware attack strikes companies across Europe and U.S.

The Guardian reports: Victims of a major ransomware cyberattack that has spread through the US and Europe can no longer unlock their computers even if they pay the ransom.

The “Petya” ransomware has caused serious disruption at large firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft.

Infected computers display a message demanding a Bitcoin ransom worth $300. Those who pay are asked to send confirmation of payment to an email address. However, that email address has been shut down by the email provider.

“We do not tolerate any misuse of our platform,” said the German email provider Posteo in a blog post.

This means that there is no longer any way for people who decide to pay the ransom to contact the attacker for a decryption key to unlock their computer.

“This is not an experienced ransomware operator,” said Ryan Kalember, senior vice-president of cybersecurity strategy at Proofpoint.

The attack was first reported in Ukraine, where the government, banks, state power utility and Kiev’s airport and metro system were all affected. The radiation monitoring system at Chernobyl was taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone. [Continue reading…]

Facebooktwittermail

Evidence is mounting that Russia took four clear paths to meddle in the U.S. election

Business Insider reports: It was September 2015 when the FBI first noticed that Russian hackers had infiltrated a computer system belonging to the Democratic National Committee.

It was the first sign that Moscow was attempting to meddle in the presidential election.

Nearly a year later, further reporting and testimony from current and former intelligence officials have painted a portrait of Russia’s election interference as a multifaceted, well-planned, and coordinated campaign aimed at undermining the backbone of American democracy: free and fair elections.

Now, as FBI special counsel Robert Mueller and congressional intelligence committees continue to investigate Russia’s election interference, evidence is emerging that the hacking and disinformation campaign waged at the direction of Russian President Vladimir Putin took at least four separate but related paths.

The first involved establishing personal contact with Americans perceived as sympathetic to Moscow — such as former Defense Intelligence Agency chief Michael Flynn, former Trump campaign chairman Paul Manafort, and early Trump foreign-policy adviser Carter Page — and using them as a means to further Russia’s foreign-policy goals.

The second involved hacking the Democratic National Committee email servers and then giving the material to WikiLeaks, which leaked the emails in batches throughout the second half of 2016.

The third was to amplify the propaganda value of the leaked emails with a disinformation campaign waged predominantly on Facebook and Twitter, in an effort to use automated bots to spread fake news and pro-Trump agitprop.

And the fourth was to breach US voting systems in as many as 39 states leading up to the election, in an effort to steal registration data that officials say could be used to target and manipulate voters in future elections. [Continue reading…]

Facebooktwittermail

Obama’s secret struggle to punish Russia for Putin’s election assault

The Washington Post reports: Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks. [Continue reading…]

Facebooktwittermail

Election hackers altered voter rolls, stole private data, officials say

Time reports: The hacking of state and local election databases in 2016 was more extensive than previously reported, including at least one successful attempt to alter voter information, and the theft of thousands of voter records that contain private information like partial Social Security numbers, current and former officials tell TIME.

In one case, investigators found there had been a manipulation of voter data in a county database but the alterations were discovered and rectified, two sources familiar with the matter tell TIME. Investigators have not identified whether the hackers in that case were Russian agents.

The fact that private data was stolen from states is separately providing investigators a previously unreported line of inquiry in the probes into Russian attempts to influence the election. In Illinois, more than 90% of the nearly 90,000 records stolen by Russian state actors contained drivers license numbers, and a quarter contained the last four digits of voters’ Social Security numbers, according to Ken Menzel, the General Counsel of the State Board of Elections. [Continue reading…]

Facebooktwittermail

How an entire nation became Russia’s test lab for cyberwar

Wired reports: The clocks read zero when the lights went out.

It was a Saturday night last December, and Oleksii Yasinsky was sitting on the couch with his wife and teenage son in the living room of their Kiev apartment. The 40-year-old Ukrainian cybersecurity researcher and his family were an hour into Oliver Stone’s film Snowden when their building abruptly lost power.

“The hackers don’t want us to finish the movie,” Yasinsky’s wife joked. She was referring to an event that had occurred a year earlier, a cyberattack that had cut electricity to nearly a quarter-million Ukrainians two days before Christmas in 2015. Yasinsky, a chief forensic analyst at a Kiev digital security firm, didn’t laugh. He looked over at a portable clock on his desk: The time was 00:00. Precisely midnight.

Yasinsky’s television was plugged into a surge protector with a battery backup, so only the flicker of images onscreen lit the room now. The power strip started beeping plaintively. Yasinsky got up and switched it off to save its charge, leaving the room suddenly silent.

He went to the kitchen, pulled out a handful of candles and lit them. Then he stepped to the kitchen window. The thin, sandy-blond engineer looked out on a view of the city as he’d never seen it before: The entire skyline around his apartment building was dark. Only the gray glow of distant lights reflected off the clouded sky, outlining blackened hulks of modern condos and Soviet high-rises.

Noting the precise time and the date, almost exactly a year since the December 2015 grid attack, Yasinsky felt sure that this was no normal blackout. He thought of the cold outside—close to zero degrees Fahrenheit—the slowly sinking temperatures in thousands of homes, and the countdown until dead water pumps led to frozen pipes.

That’s when another paranoid thought began to work its way through his mind: For the past 14 months, Yasinsky had found himself at the center of an enveloping crisis. A growing roster of Ukrainian companies and government agencies had come to him to analyze a plague of cyberattacks that were hitting them in rapid, remorseless succession. A single group of hackers seemed to be behind all of it. Now he couldn’t suppress the sense that those same phantoms, whose fingerprints he had traced for more than a year, had reached back, out through the internet’s ether, into his home.

The Cyber-Cassandras said this would happen. For decades they warned that hackers would soon make the leap beyond purely digital mayhem and start to cause real, physical damage to the world. In 2009, when the NSA’s Stuxnet malware silently accelerated a few hundred Iranian nuclear centrifuges until they destroyed themselves, it seemed to offer a preview of this new era. “This has a whiff of August 1945,” Michael Hayden, former director of the NSA and the CIA, said in a speech. “Somebody just used a new weapon, and this weapon will not be put back in the box.”

Now, in Ukraine, the quintessential cyberwar scenario has come to life. Twice. On separate occasions, invisible saboteurs have turned off the electricity to hundreds of thousands of people. Each blackout lasted a matter of hours, only as long as it took for scrambling engineers to manually switch the power on again. But as proofs of concept, the attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality. [Continue reading…]

Facebooktwittermail

Trump’s silence on Russian hacking says how much he cares about democracy

Politico reports: Democrats are uniting behind a simple message about Russian hacking during the 2016 election: Donald Trump doesn’t care.

Even as the president lashes out at the series of Russia-related probes besieging his administration, Democrats say Trump has yet to express public concern about the underlying issue with striking implications for America’s democracy — the digital interference campaign that upended last year’s presidential race.

The president missed a self-imposed 90-day deadline for developing a plan to “aggressively combat and stop cyberattacks,” stayed silent after Moscow-linked hackers went after the French election and publicly renewed his own skepticism about the Kremlin’s role in the digital theft of Democratic Party emails during the presidential race. Privately, the president questioned a senior NSA official about the truthfulness of the conclusion from 17 intelligence agencies that Russia had interfered with the election, according to The Wall Street Journal. On Capitol Hill, Trump and his team have declined to support a Republican-backed effort to hit Russia with greater penalties for its digital belligerence.

And while the White House received bipartisan praise for a cybersecurity executive order Trump signed in May, administration officials said the directive is aimed at broadly upgrading the government’s digital defenses, not thwarting future Russian election hacking.

Instead, Trump tapped a commission led by Vice President Mike Pence to investigate an issue that elections experts call vastly overblown — voter fraud, something the the president has baselessly alleged resulted in millions of illegal voters casting ballots for Hillary Clinton in November. [Continue reading…]

Facebooktwittermail

Reality Winner, accused NSA leaker, to enter not guilty plea

NPR reports: Reality Winner, the government contractor accused of leaking a secret NSA report to the media, plans to enter a plea of not guilty, her lawyer Titus Nichols tells NPR.

She hopes to be released on bond Thursday.

Winner, 25, works for a private contractor, Pluribus International Corp., in Augusta, Ga., and is an Air Force veteran who speaks three languages. She was arrested Saturday.

The federal government has charged her with “removing classified material from a government facility and mailing it to a news outlet.” That material, presumably because of the timing of Winner’s arrest, is an NSA report about efforts by Russian military intelligence to execute a cyberattack on an American election software company, as well as sending “spear-phishing” emails to local election officials, just before the presidential election. That leaked report was the basis of an article published Monday by The Intercept. [Continue reading…]

Facebooktwittermail

U.S. suspects Russian hackers planted fake news behind Qatar crisis

CNN reports: US investigators believe Russian hackers breached Qatar’s state news agency and planted a fake news report that contributed to a crisis among the US’ closest Gulf allies, according to US officials briefed on the investigation.

The FBI recently sent a team of investigators to Doha to help the Qatari government investigate the alleged hacking incident, Qatari and US government officials say.

Intelligence gathered by the US security agencies indicates that Russian hackers were behind the intrusion first reported by the Qatari government two weeks ago, US officials say. Qatar hosts one of the largest US military bases in the region.

The alleged involvement of Russian hackers intensifies concerns by US intelligence and law enforcement agencies that Russia continues to try some of the same cyber-hacking measures on US allies that intelligence agencies believe it used to meddle in the 2016 elections.

US officials say the Russian goal appears to be to cause rifts among the US and its allies. In recent months, suspected Russian cyber activities, including the use of fake news stories, have turned up amid elections in France, Germany and other countries.

It’s not yet clear whether the US has tracked the hackers in the Qatar incident to Russian criminal organizations or to the Russian security services blamed for the US election hacks. One official noted that based on past intelligence, “not much happens in that country without the blessing of the government.” [Continue reading…]

Facebooktwittermail

Top secret NSA report details Russian hacking effort days before 2016 election

The Intercept reports: Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:

Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.

This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU. [Continue reading…]

Facebooktwittermail