Category Archives: hacking

McCain calls for committee to investigate Russia hacking: ‘There’s no doubt’ of interference

The Washington Post reports: Sen. John McCain (R-Ariz.) on Sunday again decried Russia’s alleged interference in the 2016 presidential race and called for a select Senate committee to investigate the country’s cyber activities during the election.

On CNN’s “State of the Union,” McCain told host Jake Tapper that there was “no doubt” Russia interfered with the election.

“We need to get to the bottom of this,” he said. “There’s no doubt they were interfering. There’s no doubt. The question is now, how much and what damage? And what should the United States of America do?” [Continue reading…]

 

The Guardian reports: The former CIA director and defense secretary Robert Gates has criticised the Obama administration and congressional leaders of both parties for a “somewhat laid back” response to the discovery of Russian interference in the US presidential election.

Speaking to NBC’s Meet the Press on Sunday, Gates said a “thinly disguised” operation by Russia had aimed to undermine the credibility of the American election and was to weaken Hillary Clinton.

“Given the unprecedented nature of it and the magnitude of the effort, I think people seem to have been somewhat laid back about it,” he said. [Continue reading…]

Facebooktwittermail

Russia’s fear of Hillary Clinton eclipsed any affection for Donald Trump

Max Fisher writes: Russia’s unprecedented intervention in the United States election came amid more than United States-Russia tension and Donald J. Trump’s praise of Vladimir V. Putin, the Russian president. It also coincided with a growing belief, in Moscow, that Russia faced an imminent threat in Hillary Clinton’s candidacy.

Mrs. Clinton is viewed in Moscow as innately hostile to Russia. Widely held conspiracy theories portray her as seeking to foment unrest that will return Russia to the chaos and depression of the 1990s. Even many government technocrats view her with suspicion that at times verges on paranoia.

She referred to these views at an event on Thursday, telling donors that Mr. Putin’s “personal beef” with her had driven Russia’s intervention in the American election.

Mark Galeotti, a Russia expert at the Institute of International Relations, based in Prague, said the Kremlin was consumed by something more urgent than petty revenge: self-preservation.

“It’s not just they didn’t like Clinton, but they actually thought that she represented a threat,” he said, describing Russia’s actions as a matter of “policy, not pique.”

No one factor can fully explain Russia’s decision to hack and pass on Democratic emails, analysts say, and intelligence agencies appear divided on assessing Russian motives. But, in Moscow, fear of Mrs. Clinton has loomed as large or larger than any warmth for Mr. Trump. [Continue reading…]

Facebooktwittermail

FBI backs CIA view that Russia intervened to help Trump win election

The Washington Post reports: FBI Director James B. Comey and Director of National Intelligence James R. Clapper Jr. are in agreement with a CIA assessment that Russia intervened in the 2016 election in part to help Donald Trump win the presidency, according to U.S. officials.

Comey’s support for the CIA’s conclusion reflects the fact that the leaders of the three agencies have always been in agreement on Russian intentions, officals said, contrary to suggestions by some lawmakers that the FBI disagreed with the CIA.

“Earlier this week, I met separately with (Director) FBI James Comey and DNI Jim Clapper, and there is strong consensus among us on the scope, nature, and intent of Russian interference in our presidential election,” CIA Director John Brennan said in a message to the agency’s workforce, according to U.S. officials who have seen the message.

“The three of us also agree that our organizations, along with others, need to focus on completing the thorough review of this issue that has been directed by President Obama and which is being led by the DNI,” Brennan’s message read. [Continue reading…]

Facebooktwittermail

Donald Trump’s rigged election

The New York Times reports: President Obama said on Thursday that the United States would retaliate for Russia’s efforts to influence the presidential election, asserting that “we need to take action,” and “we will.”

The comments, in an interview with NPR, indicate that Mr. Obama, in his remaining weeks in office, will pursue either economic sanctions against Russia or perhaps some kind of response in cyberspace.

Mr. Obama spoke as President-elect Donald J. Trump on Thursday again refused to accept Moscow’s culpability, asking on Twitter why the administration had waited “so long to act” if Russia “or some other entity” had carried out cyberattacks.

The president discussed the potential for American retaliation with Steve Inskeep of NPR for an interview to air on Friday morning. “I think there is no doubt that when any foreign government tries to impact the integrity of our election,” Mr. Obama said, “we need to take action. And we will — at the time and place of our choosing.”

The White House strongly suggested before the election that Mr. Obama would make use of sanctions authority for cyberattacks that he had given to himself by executive order. But he did not, in part out of concern that action before the election could lead to an escalated conflict.

If Mr. Obama invokes sanctions on Russian individuals or organizations, Mr. Trump could reverse them. But that would be politically difficult, as his critics argue that he is blind to Russian behavior. [Continue reading…]

NBC News reports: [In this tweet] Trump was no longer disputing, as he has for months, that Russia was involved. And his top transition aide, Anthony Scaramucci, went even further Wednesday night in an interview with MSNBC’s Brian Williams.

“I don’t think anybody thinks that you’re wrong,” he said of the NBC News report. “Our position right now is that we’re waiting for more information. We reject the notion that people would cyber attack our institutions. We are very upset about it.”

Scaramucci went on to suggest that Trump needed time to digest the intelligence.

“I wonder whether the tweet the president-elect sent out today is the beginning of his pivot, the beginning of his acknowledgement of the intelligence that Russia has been hacking our institutions,” said Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee.

In an exclusive report Wednesday, U.S. intelligence officials told NBC News they now believe with “a high level of confidence” that Putin became personally involved in the covert Russian campaign in October.

Two senior officials with direct access to the information say new intelligence shows that Putin personally directed how hacked material from Democrats was leaked and otherwise used. The intelligence came from diplomatic sources and spies working for U.S. allies, the officials said. [Continue reading…]

The New York Times reports: It remains to be seen whether Mr. Trump’s stated doubts about Russia’s involvement will subside after Monday’s Electoral College vote. He and his allies have been concerned that the reports of Russian hacking have been intended to peel away votes from him, although even Democrats have not gone so far as to say the election was illegitimate.

“Right now, certain elements of the media, certain elements of the intelligence community and certain politicians are really doing the work of the Russians — they’re creating this uncertainty over the election,” Representative Peter T. King, Republican of New York, told reporters on Thursday after meeting with Mr. Trump.

But many other Republicans, including Senator Mitch McConnell of Kentucky, the majority leader, and Senator John McCain of Arizona, have publicly argued that the evidence leads straight to Russia. They have called for a full investigation, and Senator Dianne Feinstein, Democrat of California, who sits on the Senate Intelligence Committee, urged Mr. Obama on Thursday to complete an administration review quickly.

Mr. Trump’s Twitter post was his latest move to accuse the intelligence agencies he will soon control of acting with a political agenda and to dispute the well-documented conclusion that Moscow carried out a meticulously planned series of attacks and releases of information to interfere in the presidential race.

But as he repeated his doubts, Mr. Trump seized on emerging questions about the Obama administration’s response: Why did it take months after the breaches had been discovered for the administration to name Moscow publicly as the culprit? And why did Mr. Obama initially opt not to openly retaliate, through sanctions or other measures?

White House officials have said that the warning to Mr. Putin at the September summit meeting in China constituted the primary American response so far. When the administration decided to go public with its conclusion a month later, it did so in a statement from the director of national intelligence and the Homeland Security secretary, not in a prominent presidential appearance.

Officials said they were worried that any larger public response would have raised doubts about the election’s integrity, something Mr. Trump was already seeking to do during the campaign when he insisted the election was “rigged.” [Continue reading…]

 

Facebooktwittermail

U.S. faces tall hurdles in detaining or deterring Russian hackers

The New York Times reports: When a suspected Russian cybercriminal named Dmitry Ukrainsky was arrested in a Thai resort town last summer, the American authorities hoped they could whisk him back to New York for trial and put at least a temporary dent in Russia’s arsenal of computer hackers.

But the Russian authorities moved quickly to persuade Thailand not to extradite him, saying that he should be prosecuted at home. American officials knew what that meant. If Mr. Ukrainsky got on a plane to Moscow, they concluded, he would soon be back at work in front of a computer.

“The American authorities continue the unacceptable practice of ‘hunting’ for Russians all over the world, ignoring the norms of international laws and twisting other states’ arms,” the Russian Foreign Ministry said.

The dispute over Mr. Ukrainsky, whose case remains in limbo, highlights the difficulties — and at times impossibilities — that the United States faces in combating Russian hackers, including those behind the recent attacks on the Democratic National Committee. That hack influenced the course, if not the outcome, of a presidential campaign and was the culmination of years of increasingly brazen digital assaults on American infrastructure.

The United States has few options for responding to such hacks. Russia does not extradite its citizens and has shown that it will not easily be deterred through public shaming. At times, the American authorities have enlisted local police officials to arrest suspects when they leave Russia — for vacation in the Maldives, for example. But more often than not, the F.B.I. and Justice Department investigate and compile accusations and evidence against people who will almost certainly never stand trial. [Continue reading…]

Facebooktwittermail

U.S. officials: Putin personally involved in U.S. election hack

NBC News reports: U.S. intelligence officials now believe with “a high level of confidence” that Russian President Vladimir Putin became personally involved in the covert Russian campaign to interfere in the U.S. presidential election, senior U.S. intelligence officials told NBC News.

Two senior officials with direct access to the information say new intelligence shows that Putin personally directed how hacked material from Democrats was leaked and otherwise used. The intelligence came from diplomatic sources and spies working for U.S. allies, the officials said.

Putin’s objectives were multifaceted, a high-level intelligence source told NBC News. What began as a “vendetta” against Hillary Clinton morphed into an effort to show corruption in American politics and to “split off key American allies by creating the image that [other countries] couldn’t depend on the U.S. to be a credible global leader anymore,” the official said.

Ultimately, the CIA has assessed, the Russian government wanted to elect Donald Trump. The FBI and other agencies don’t fully endorse that view, but few officials would dispute that the Russian operation was intended to harm Clinton’s candidacy by leaking embarrassing emails about Democrats.

The latest intelligence said to show Putin’s involvement goes much further than the information the U.S. was relying on in October, when all 17 intelligence agencies signed onto a statement attributing the Democratic National Committee hack to Russia. [Continue reading…]

Facebooktwittermail

The perfect weapon: How Russian cyberpower invaded the U.S.

The New York Times reports: When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.

Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

“I had no way of differentiating the call I just received from a prank call,” Mr. Tamene wrote in an internal memo, obtained by The New York Times, that detailed his contact with the F.B.I.

It was the cryptic first sign of a cyberespionage and information-warfare campaign devised to disrupt the 2016 presidential election, the first such attempt by a foreign power in American history. What started as an information-gathering operation, intelligence officials believe, ultimately morphed into an effort to harm one candidate, Hillary Clinton, and tip the election to her opponent, Donald J. Trump.

Like another famous American election scandal, it started with a break-in at the D.N.C. The first time, 44 years ago at the committee’s old offices in the Watergate complex, the burglars planted listening devices and jimmied a filing cabinet. This time, the burglary was conducted from afar, directed by the Kremlin, with spear-phishing emails and zeros and ones. [Continue reading…]

Facebooktwittermail

Want to know if the election was hacked? Look at the ballots

J. Alex Halderman writes: You may have read at NYMag that I’ve been in discussions with the Clinton campaign about whether it might wish to seek recounts in critical states. That article, which includes somebody else’s description of my views, incorrectly describes the reasons manually checking ballots is an essential security safeguard (and includes some incorrect numbers, to boot). Let me set the record straight about what I and other leading election security experts have actually been saying to the campaign and everyone else who’s willing to listen.

How might a foreign government hack America’s voting machines to change the outcome of a presidential election? Here’s one possible scenario. First, the attackers would probe election offices well in advance in order to find ways to break into their computers. Closer to the election, when it was clear from polling data which states would have close electoral margins, the attackers might spread malware into voting machines in some of these states, rigging the machines to shift a few percent of the vote to favor their desired candidate. This malware would likely be designed to remain inactive during pre-election tests, do its dirty business during the election, then erase itself when the polls close. A skilled attacker’s work might leave no visible signs  —  though the country might be surprised when results in several close states were off from pre-election polls.

Could anyone be brazen enough to try such an attack? A few years ago, I might have said that sounds like science fiction, but 2016 has seen unprecedented cyberattacks aimed at interfering with the election. This summer, attackers broke into the email system of the Democratic National Committee and, separately, into the email account of John Podesta, Hillary Clinton’s campaign chairman, and leaked private messages. Attackers infiltrated the voter registration systems of two states, Illinois and Arizona, and stole voter data. And there’s evidence that hackers attempted to breach election offices in several other states. [Continue reading…]

Facebooktwittermail

Days before election, U.S. used secret hotline to ask Russia to halt cyber interventions

David Ignatius writes: The White House sent a secret “hotline”-style message to Russia on Oct. 31 to warn against any further cyber-meddling in the U.S. election process. Russia didn’t escalate its tactics as Election Day approached, but U.S. officials aren’t ready to say deterrence worked.

The previously undisclosed message was part of the high-stakes game of cyber-brinkmanship that has been going on this year between Moscow and Washington. How to stabilize this relationship without appearing to capitulate to Russian pressure tactics is among the biggest challenges facing President-elect Donald Trump.

The message was sent on a special channel created in 2013 as part of the Nuclear Risk Reduction Center, using a template designed for crisis communication. “It was a very clear statement to the Russians and asked them to stop their activity,” a senior administration official said, adding: “The fact that we used this channel was part of the messaging.”

According to several other high-level sources, President Obama also personally contacted Russian President Vladimir Putin last month to caution him about the disruptive cyberattacks. The senior administration official wouldn’t comment on these reports.

The private warnings followed a public statement Oct. 7 by Director of National Intelligence James Clapper and Secretary of Homeland Security Jeh Johnson charging that “Russia’s senior-most officials” had authorized cyberattacks that were “intended to interfere with the U.S. election process.” [Continue reading…]

Facebooktwittermail

Lindsey Graham calls for Senate investigation into whether Russia hacked DNC

Huffington Post reports: Sen. Lindsey Graham (R-S.C.) on Tuesday said he wants Senate hearings to investigate whether Russian President Vladimir Putin interfered in the U.S. election, casting doubts on President-elect Donald Trump’s desire to improve relations with Russia.

“Assuming for a moment that we do believe that the Russian government was controlling outside organizations that hacked into our election, they should be punished,” Graham told reporters on Capitol Hill. “Putin should be punished.”

U.S. officials have said the Kremlin was responsible for hacking into Democratic National Committee computers over the summer and releasing information that damaged Democratic nominee Hillary Clinton’s campaign.

Graham, who was defeated by Trump during the primary, urged fellow Republicans to not “let allegations against a foreign government interfering in our election process go unanswered because it may have been beneficial to our cause.”

He said congressional hearings would include “Russia’s misadventure throughout the world,” including its military aggression in Eastern Europe and whether it committed war crimes in Syria.

Trump has repeatedly expressed a desire to cozy up to Russia. During the campaign, he called for closer relations with Russia in fighting the Islamic State and praised Putin for being a “stronger leader” than President Barack Obama. [Continue reading…]

Facebooktwittermail

President Obama’s responsibility to fully inform the American people about Russia’s role in the election of Donald Trump

On October 7, the Director of National Intelligence released a Joint DHS and ODNI Election Security Statement saying:

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process.

President Obama has 73 days left in office and during this time he has a responsibility to act on this finding.

It may be pointless and arguably counterproductive to start formulating and enacting a strategic response to Russia’s interference in the election — especially given the likelihood that this plan would be set aside by the incoming Trump administration and given the cozy relationship that Trump and Putin are already developing.

Obama’s primary responsibility is to go to the greatest lengths possible in informing the public about what the intelligence services already know and what further information can be established and revealed in the coming weeks.

What is called for is substance to add to the assertion of confidence that has already been made.

In the absence of clear evidence, the assertions about Russia have thus far been tainted by the appearance of being politically partisan — all the more reason why Trump will easily be able to sweep away the issue. Even before the election, he had already dismissed the intelligence finding.

There is a glaring irony in this situation.

On the one hand the FBI just directly intervened in a presidential election — an intervention that was strongly criticized from many quarters and that arguably tipped the result in Trump’s favor. On the other hand, if Obama adopts the traditional caretaker role of an outgoing president, he will likely end up effectively burying evidence that the Russian government not only interfered but helped determine the outcome of a U.S. election.

As much as there might now be a common desire to heal the divisions in America, the public has a right to know and fully understand what just happened.

Facebooktwittermail

A muted alarm bell over Russian election hacking

Liz Spayd, Public Editor for the New York Times, writes: Last winter, as primary voters in Iowa and New Hampshire headed to the polls, a covert and cunning Russian plot was underway to disrupt the American political process. With aliases like Guccifer 2.0 and Fancy Bear, Russian hackers were targeting critical computer systems.

In June, they struck, hitting the Democratic Party, and by July its chairman was ousted in the fallout. Soon embarrassing emails were spilling from the computers of Hillary Clinton and her staff. Republican officials were hit, too. So was the National Security Agency. Now, hackers are meddling with the voting systems in several states, leaving local officials on high alert. Come Election Day, they’ll find out what, if anything, the cyberspies have in store.

This is an act of foreign interference in an American election on a scale we’ve never seen, yet on most days it has been the also-ran of media coverage, including at The New York Times.

The emails themselves — exposing the underside of the Democratic political machinery, and the conflicts, misjudgments and embarrassing communications of its top ranks — have received bountiful attention. What rarely makes the main narrative is the spy-versus-spy cyberwarfare: the tactics, the players and the government efforts to tame it. In a calamitous campaign unlike any in memory, it’s not surprising that other story lines get squeezed out. But one of the most chilling chapters of this election is the role of Russian intelligence and the growing threat of digital espionage. With days to go, readers have been shortchanged on this part of history. [Continue reading…]

Facebooktwittermail

Hacked emails include evidence of Russia drafting laws for Ukraine parliament

RFE/RL reports: Ukrainian hackers claim to have broken into a second e-mail account linked to Vladislav Surkov, a senior aide to Russian President Vladimir Putin, releasing documents they say add to mounting evidence of the Kremlin meddling in Kyiv’s affairs.

The new e-mails were obtained by RFE/RL from the hackers in advance of their public release on November 3. If authentic, they provide detail about the extent to which Surkov’s office worked to set up separatist enclaves in eastern Ukraine in 2014.

The e-mails include plans that ostensibly show how associates of Surkov plotted to destabilize Ukraine’s eastern Kharkiv region, researched Ukrainian politicians who openly supported weakening central power in a bid to exploit the country’s political divisions, and helped establish the leadership of separatist groups in the Donetsk and Luhansk regions.

They indicate that, in one case, a draft law on an economic zone in eastern Ukraine purportedly written by Surkov himself was sent to the office of an opposition lawmaker and later introduced in the Ukrainian parliament.

The new release comes one week after an initial batch of e-mails from an inbox allegedly associated with Surkov, a longtime Putin aide who is the point man for Ukraine in his administration. [Continue reading…]

Facebooktwittermail

Hacked emails reveal ties between Kremlin and Ukraine rebels

The Associated Press reports: A group of Ukrainian hackers has released thousands of emails from an account used by a senior Kremlin official that appear to show close financial and political ties between Moscow and separatist rebels in Eastern Ukraine.

The cache published by the Ukrainian group CyberHunta reveals contacts between President Vladimir Putin’s adviser Vladislav Surkov and the pro-Russia rebels fighting Ukrainian forces.

Ukraine’s National Security Service said Wednesday the emails were real, although they added the files may have been tampered with. Putin’s spokesman Dmitry Peskov dismissed the published emails as a sham, saying Wednesday that Surkov doesn’t use email.

Russian journalist Svetlana Babaeva told The Associated Press emails from her in the cache were genuine. “I sent those emails,” Babaeva said, referring to three emails in the leak discussing arrangements for an off-the-record meeting between Surkov and editors at her publication.

Russian businessmen Evgeny Chichivarkin, who lives in London, said in a Facebook post Wednesday that emails attributed to him in the cache were genuine too. [Continue reading…]

The Guardian reports: Sanctioned and thus banned from travel to the EU for his role in the Kremlin’s Ukraine policy, the 52-year-old Surkov nevertheless popped up at recent four-way negotiations in Berlin over Ukraine, sitting at the round table next to Putin, and just one seat across from Angela Merkel. It was a very visible signal of Surkov’s importance to the Kremlin’s controversial Ukraine policy.

Several sources have told the Guardian that Surkov has on occasion made secret trips to Donetsk, technically still part of Ukraine, to bring local separatist politicians into line and tell them what is expected of them if they are to continue to receive Russian funding and support. More regularly, emissaries from east Ukraine come to Moscow to meet with Surkov. [Continue reading…]

Chris Zappone writes: The timing of the hack and the target, Vladislav Surkov, suggest that this could be a form of retaliation for the purported Russian hacking of the US election.

The group, called Kiberkhunta (or Cyber Junta) posted 2000 emails from Surkov dating from between September 2013 and November 2014.

Coming against the backdrop of the Russian cyber campaign against the US during the current presidential election year, at least one analyst sees the possibility of a connection to those events.

“It is possible that we are seeing the first example of mutually assured doxing,” said Kenneth Geers, Kiev-based Senior Research Scientist at COMODO, referring to the practice of hacking and publishing private emails.

‘Mutually assured doxing’ is a play on the Cold War concept of Mutually Assured Destruction – the permanent nuclear stand-off between Russia and the US which dissuaded either side from starting a war.

“We should usually assume there is some political goal behind every leak,” he said.

Geers, who is also an ambassador for the NATO Cyber Centre, said the Surkov leak may hint at an emerging behavioural norm between nation states.

“We may see a doxing escalation ladder materialise: how far do you want me to go, all the way to the top?” said Geers.

“As painful as it is today, doxing serves a long-term historical role in reducing corruption.” [Continue reading…]

Facebooktwittermail

How massive DDoS attacks are undermining the Internet

NBC News reports: Andrew Komarov of InfoArmor told NBC News he didn’t see any sign of Russian involvement at all, whether state or private [in the “denial of service,” or DDoS, attacks that caused massive internet outages across the U.S. on Friday]. He noted that the botnet used in the attack, “Mirai,” was developed by an English speaker and that he had found no link between “Mirai” and the Russians, who have their own much more sophisticated methods.

He said the attacks seemed more consistent with the methods used by the hacking group known as Lizard Squad, two of whose members, both teens, were arrested earlier this month in the U.S. and the Netherlands and charged in connection with DDoS attacks.

Said Komarov, “We have some context, that because of similar victims, using Dyn, and also tactics, tools and procedures by threat actors, it may be a revenge for the past arrests of DDoS’ers in the underground, happened several weeks ago.”

Dmitri Alperovitch of Crowdstrike also expressed doubt about a link to the Russian government, and speculated the attacks might have to do with a recent interview that cybersecurity expert Brian Krebs did with Dyn mentioning Russian organized crime. Alperovitch said use of a botnet bears the hallmark of a criminal rather than state attack, and the target may simply have been Dyn, not the U.S.

Flashpoint, a private cybersecurity and intelligence firm, noted that the Krebs site was attacked in September by a Mirai botnet, and the Krebs site was among those attacked Friday. The hacker who attacked Krebs in September released the source code on the web earlier this month, and hackers have copied the code to create their own botnets.

Flashpoint said it had concluded that the Friday attacks were not mounted by hacktivists, a political group or a state actor. [Continue reading…]

TechCrunch reports: In the past few weeks, hackers have upped the DDoS stakes in a big way. Starting with the attack on KrebsonSecurity.com and increasing in severity from there, hundreds of thousands of devices have been used to perpetrate these actions. A number that dwarfs previous attacks by orders of magnitude.

While it isn’t yet confirmed, evidence points to the attack that we saw on Friday morning following this same playbook, but being perpetrated on a much larger scale, relying on Internet of Things (IoT) devices rather than computers and servers to carry out an attack.

In fact, in all likelihood an army of surveillance cameras attacked Dyn. Why surveillance cameras? Because many of the security cameras used in homes and business around the world typically run the same or similar firmware produced by just a few companies.

This firmware is now known to contain a vulnerability that can easily be exploited, allowing the devices to have their sights trained on targets like Dyn. What’s more, many still operate with default credentials — making them a simple, but powerful target for hackers.

Why is this significant? The ability to enslave these video cameras has made it easier and far cheaper to create botnets at a scale that the world has never seen before. If someone wants to launch a DDoS attack, they no longer have to purchase a botnet—they can create their own using a program that was dumped on the internet just a few weeks ago. [Continue reading…]

The New York Times reports: Dale Drew, chief security officer at Level 3, an internet service provider, found evidence that roughly 10 percent of all devices co-opted by Mirai were being used to attack Dyn’s servers. Just one week ago, Level 3 found that 493,000 devices had been infected with Mirai malware, nearly double the number infected last month.

Mr. Allen added that Dyn was collaborating with law enforcement and other internet service providers to deal with the attacks.

In a recent report, Verisign, a registrar for many internet sites that has a unique perspective into this type of attack activity, reported a 75 percent increase in such attacks from April through June of this year, compared with the same period last year.

The attacks were not only more frequent, they were bigger and more sophisticated. The typical attack more than doubled in size. What is more, the attackers were simultaneously using different methods to attack the company’s servers, making them harder to stop.

The most frequent targets were businesses that provide internet infrastructure services like Dyn. [Continue reading…]

Brian Krebs reports: The attack on DYN comes just hours after DYN researcher Doug Madory presented a talk on DDoS attacks in Dallas, Texas at a meeting of the North American Network Operators Group (NANOG). Madory’s talk — available here on Youtube.com — delved deeper into research that he and I teamed up on to produce the data behind the story DDoS Mitigation Firm Has History of Hijacks.

That story (as well as one published earlier this week, Spreading the DDoS Disease and Selling the Cure) examined the sometimes blurry lines between certain DDoS mitigation firms and the cybercriminals apparently involved in launching some of the largest DDoS attacks the Internet has ever seen. Indeed, the record 620 Gbps DDoS against KrebsOnSecurity.com came just hours after I published the story on which Madory and I collaborated.

The record-sized attack that hit my site last month was quickly superseded by a DDoS against OVH, a French hosting firm that reported being targeted by a DDoS that was roughly twice the size of the assault on KrebsOnSecurity. As I noted in The Democratization of Censorship — the first story published after bringing my site back up under the protection of Google’s Project Shield — DDoS mitigation firms simply did not count on the size of these attacks increasing so quickly overnight, and are now scrambling to secure far greater capacity to handle much larger attacks concurrently. [Continue reading…]

Facebooktwittermail

How Russia pulled off the biggest election hack in U.S. history

putin

Thomas Rid writes: On an April afternoon earlier this year, Russian president Vladimir Putin headlined a gathering of some four hundred journalists, bloggers, and media executives in St. Petersburg. Dressed in a sleek navy suit, Putin looked relaxed, even comfortable, as he took questions. About an hour into the forum, a young blogger in a navy zip sweater took the microphone and asked Putin what he thought of the “so-called Panama Papers.”

The blogger was referring to a cache of more than eleven million computer files that had been stolen from Mossack Fonseca, a Panamanian law firm. The leak was the largest in history, involving 2.6 terabytes of data, enough to fill more than five hundred DVDs. On April 3, four days before the St. Petersburg forum, a group of international news outlets published the first in a series of stories based on the leak, which had taken them more than a year to investigate. The series revealed corruption on a massive scale: Mossack Fonseca’s legal maneuverings had been used to hide billions of dollars. A central theme of the group’s reporting was the matryoshka doll of secret shell companies and proxies, worth a reported $2 billion, that belonged to Putin’s inner circle and were presumed to shelter some of the Russian president’s vast personal wealth.

When Putin heard the blogger’s question, his face lit up with a familiar smirk. He nodded slowly and confidently before reciting a litany of humiliations that the United States had inflicted on Russia. Putin reminded his audience about the sidelining of Russia during the 1998 war in Kosovo and what he saw as American meddling in Ukraine more recently. Returning to the Panama Papers, Putin cited WikiLeaks to insist that “officials and state agencies in the United States are behind all this.” The Americans’ aim, he said, was to weaken Russia from within: “to spread distrust for the ruling authorities and the bodies of power within society.”

Though a narrow interpretation of Putin’s accusation was defensible—as WikiLeaks had pointed out, one of the members of the Panama Papers consortium had received financial support from USAID, a federal agency—his swaggering assurance about America’s activities has a more plausible explanation: Putin’s own government had been preparing a vast, covert, and unprecedented campaign of political sabotage against the United States and its allies for more than a year.

The Russian campaign burst into public view only this past June, when The Washington Post reported that “Russian government hackers” had penetrated the servers of the Democratic National Committee. The hackers, hiding behind ominous aliases like Guccifer 2.0 and DC Leaks, claimed their first victim in July, in the person of Debbie Wasserman Schultz, the DNC chair, whose private emails were published by WikiLeaks in the days leading up to the Democratic convention. By August, the hackers had learned to use the language of Americans frustrated with Washington to create doubt about the integrity of the electoral system: “As you see the U. S. presidential elections are becoming a farce,” they wrote from Russia.

The attacks against political organizations and individuals absorbed much of the media’s attention this year. But in many ways, the DNC hack was merely a prelude to what many security researchers see as a still more audacious feat: the hacking of America’s most secretive intelligence agency, the NSA.

Russian spies did not, of course, wait until the summer of 2015 to start hacking the United States. This past fall, in fact, marked the twentieth anniversary of the world’s first major campaign of state-on-state digital espionage. In 1996, five years after the end of the USSR, the Pentagon began to detect high-volume network breaches from Russia. The campaign was an intelligence-gathering operation: Whenever the intruders from Moscow found their way into a U. S. government computer, they binged, stealing copies of every file they could.

By 1998, when the FBI code-named the hacking campaign Moonlight Maze, the Russians were commandeering foreign computers and using them as staging hubs. At a time when a 56 kbps dial-up connection was more than sufficient to get the best of Pets.com and AltaVista, Russian operators extracted several gigabytes of data from a U. S. Navy computer in a single session. With the unwitting help of proxy machines—including a Navy supercomputer in Virginia Beach, a server at a London nonprofit, and a computer lab at a public library in Colorado—that accomplishment was repeated hundreds of times over. Eventually, the Russians stole the equivalent, as an Air Intelligence Agency estimate later had it, of “a stack of printed copier paper three times the height of the Washington Monument.” [Continue reading…]

Facebooktwittermail

Trump sides with Putin over U.S. intelligence

Politico reports: Donald Trump angrily insisted on Wednesday night that he is not Vladimir Putin’s “puppet.”

But at a minimum, in recent months he has often sounded like the Russian president’s lawyer—defending Putin against a variety of specific charges, from political killings to the 2014 downing of a passenger jet over Ukraine, despite the weight of intelligence, legal findings and expert opinion.

Wednesday, for instance, Trump dismissed Hillary Clinton’s assertion that Russia was behind the recent hacking of Democratic Party and Clinton campaign emails.

“She has no idea whether it’s Russia or China or anybody else,” Trump retorted. “Our country has no idea.”

As Clinton tried to explain that the Russian role is the finding of 17 military and civilian intelligence agencies, Trump cut her off: “I doubt it.”

On Oct. 7, the Department of Homeland Security and the Office of the Director of National Intelligence released a joint statement saying that the U.S. intelligence community “is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.” That finding has also been relayed directly to Trump in the classified national security briefings he receives as a major party nominee. [Continue reading…]

Facebooktwittermail

How hackers broke into John Podesta and Colin Powell’s Gmail accounts

Motherboard reports: On March 19 of this year, Hillary Clinton’s campaign chairman John Podesta received an alarming email that appeared to come from Google.

The email, however, didn’t come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the US government, believe are spies working for the Russian government. At the time, however, Podesta didn’t know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account.

Months later, on October 9, WikiLeaks began publishing thousands of Podesta’s hacked emails. Almost everyone immediately pointed the finger at Russia, who is suspected of being behind a long and sophisticated hacking campaign that has the apparent goal of influencing the upcoming US elections. But there was no public evidence proving the same group that targeted the Democratic National Committee was behind the hack on Podesta — until now.

The data linking a group of Russian hackers — known as Fancy Bear, APT28, or Sofacy — to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell’s emails; and the Podesta leak, which was publicized on WikiLeaks.

All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that’s tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. [Continue reading…]

Facebooktwittermail