Category Archives: Cyber Issues

Cybersecurity firm finds evidence that Russian military unit was behind DNC hack

The Washington Post reports: A cybersecurity firm has uncovered strong proof of the tie between the group that hacked the Democratic National Committee and Russia’s military intelligence arm — the primary agency behind the Kremlin’s interference in the 2016 election.

The firm CrowdStrike linked malware used in the DNC intrusion to malware used to hack and track an Android phone app used by the Ukrainian army in its battle against pro-Russia separatists in eastern Ukraine from late 2014 through 2016.

While CrowdStrike, which was hired by the DNC to investigate the intrusions and whose findings are described in a new report, had always suspected that one of the two hacker groups that struck the DNC was the GRU, Russia’s military intelligence agency, it had only medium confidence.

Now, said CrowdStrike co-founder Dmitri Alperovitch, “we have high confidence” it was a unit of the GRU. CrowdStrike had dubbed that unit “Fancy Bear.”

The FBI, which has been investigating Russia’s hacks of political, government, academic and other organizations for several years, privately has concluded the same. But the bureau has not publicly drawn the link to the GRU. [Continue reading…]

Facebooktwittermail

McCain calls for committee to investigate Russia hacking: ‘There’s no doubt’ of interference

The Washington Post reports: Sen. John McCain (R-Ariz.) on Sunday again decried Russia’s alleged interference in the 2016 presidential race and called for a select Senate committee to investigate the country’s cyber activities during the election.

On CNN’s “State of the Union,” McCain told host Jake Tapper that there was “no doubt” Russia interfered with the election.

“We need to get to the bottom of this,” he said. “There’s no doubt they were interfering. There’s no doubt. The question is now, how much and what damage? And what should the United States of America do?” [Continue reading…]

 

The Guardian reports: The former CIA director and defense secretary Robert Gates has criticised the Obama administration and congressional leaders of both parties for a “somewhat laid back” response to the discovery of Russian interference in the US presidential election.

Speaking to NBC’s Meet the Press on Sunday, Gates said a “thinly disguised” operation by Russia had aimed to undermine the credibility of the American election and was to weaken Hillary Clinton.

“Given the unprecedented nature of it and the magnitude of the effort, I think people seem to have been somewhat laid back about it,” he said. [Continue reading…]

Facebooktwittermail

Russia’s fear of Hillary Clinton eclipsed any affection for Donald Trump

Max Fisher writes: Russia’s unprecedented intervention in the United States election came amid more than United States-Russia tension and Donald J. Trump’s praise of Vladimir V. Putin, the Russian president. It also coincided with a growing belief, in Moscow, that Russia faced an imminent threat in Hillary Clinton’s candidacy.

Mrs. Clinton is viewed in Moscow as innately hostile to Russia. Widely held conspiracy theories portray her as seeking to foment unrest that will return Russia to the chaos and depression of the 1990s. Even many government technocrats view her with suspicion that at times verges on paranoia.

She referred to these views at an event on Thursday, telling donors that Mr. Putin’s “personal beef” with her had driven Russia’s intervention in the American election.

Mark Galeotti, a Russia expert at the Institute of International Relations, based in Prague, said the Kremlin was consumed by something more urgent than petty revenge: self-preservation.

“It’s not just they didn’t like Clinton, but they actually thought that she represented a threat,” he said, describing Russia’s actions as a matter of “policy, not pique.”

No one factor can fully explain Russia’s decision to hack and pass on Democratic emails, analysts say, and intelligence agencies appear divided on assessing Russian motives. But, in Moscow, fear of Mrs. Clinton has loomed as large or larger than any warmth for Mr. Trump. [Continue reading…]

Facebooktwittermail

FBI backs CIA view that Russia intervened to help Trump win election

The Washington Post reports: FBI Director James B. Comey and Director of National Intelligence James R. Clapper Jr. are in agreement with a CIA assessment that Russia intervened in the 2016 election in part to help Donald Trump win the presidency, according to U.S. officials.

Comey’s support for the CIA’s conclusion reflects the fact that the leaders of the three agencies have always been in agreement on Russian intentions, officals said, contrary to suggestions by some lawmakers that the FBI disagreed with the CIA.

“Earlier this week, I met separately with (Director) FBI James Comey and DNI Jim Clapper, and there is strong consensus among us on the scope, nature, and intent of Russian interference in our presidential election,” CIA Director John Brennan said in a message to the agency’s workforce, according to U.S. officials who have seen the message.

“The three of us also agree that our organizations, along with others, need to focus on completing the thorough review of this issue that has been directed by President Obama and which is being led by the DNI,” Brennan’s message read. [Continue reading…]

Facebooktwittermail

Donald Trump’s rigged election

The New York Times reports: President Obama said on Thursday that the United States would retaliate for Russia’s efforts to influence the presidential election, asserting that “we need to take action,” and “we will.”

The comments, in an interview with NPR, indicate that Mr. Obama, in his remaining weeks in office, will pursue either economic sanctions against Russia or perhaps some kind of response in cyberspace.

Mr. Obama spoke as President-elect Donald J. Trump on Thursday again refused to accept Moscow’s culpability, asking on Twitter why the administration had waited “so long to act” if Russia “or some other entity” had carried out cyberattacks.

The president discussed the potential for American retaliation with Steve Inskeep of NPR for an interview to air on Friday morning. “I think there is no doubt that when any foreign government tries to impact the integrity of our election,” Mr. Obama said, “we need to take action. And we will — at the time and place of our choosing.”

The White House strongly suggested before the election that Mr. Obama would make use of sanctions authority for cyberattacks that he had given to himself by executive order. But he did not, in part out of concern that action before the election could lead to an escalated conflict.

If Mr. Obama invokes sanctions on Russian individuals or organizations, Mr. Trump could reverse them. But that would be politically difficult, as his critics argue that he is blind to Russian behavior. [Continue reading…]

NBC News reports: [In this tweet] Trump was no longer disputing, as he has for months, that Russia was involved. And his top transition aide, Anthony Scaramucci, went even further Wednesday night in an interview with MSNBC’s Brian Williams.

“I don’t think anybody thinks that you’re wrong,” he said of the NBC News report. “Our position right now is that we’re waiting for more information. We reject the notion that people would cyber attack our institutions. We are very upset about it.”

Scaramucci went on to suggest that Trump needed time to digest the intelligence.

“I wonder whether the tweet the president-elect sent out today is the beginning of his pivot, the beginning of his acknowledgement of the intelligence that Russia has been hacking our institutions,” said Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee.

In an exclusive report Wednesday, U.S. intelligence officials told NBC News they now believe with “a high level of confidence” that Putin became personally involved in the covert Russian campaign in October.

Two senior officials with direct access to the information say new intelligence shows that Putin personally directed how hacked material from Democrats was leaked and otherwise used. The intelligence came from diplomatic sources and spies working for U.S. allies, the officials said. [Continue reading…]

The New York Times reports: It remains to be seen whether Mr. Trump’s stated doubts about Russia’s involvement will subside after Monday’s Electoral College vote. He and his allies have been concerned that the reports of Russian hacking have been intended to peel away votes from him, although even Democrats have not gone so far as to say the election was illegitimate.

“Right now, certain elements of the media, certain elements of the intelligence community and certain politicians are really doing the work of the Russians — they’re creating this uncertainty over the election,” Representative Peter T. King, Republican of New York, told reporters on Thursday after meeting with Mr. Trump.

But many other Republicans, including Senator Mitch McConnell of Kentucky, the majority leader, and Senator John McCain of Arizona, have publicly argued that the evidence leads straight to Russia. They have called for a full investigation, and Senator Dianne Feinstein, Democrat of California, who sits on the Senate Intelligence Committee, urged Mr. Obama on Thursday to complete an administration review quickly.

Mr. Trump’s Twitter post was his latest move to accuse the intelligence agencies he will soon control of acting with a political agenda and to dispute the well-documented conclusion that Moscow carried out a meticulously planned series of attacks and releases of information to interfere in the presidential race.

But as he repeated his doubts, Mr. Trump seized on emerging questions about the Obama administration’s response: Why did it take months after the breaches had been discovered for the administration to name Moscow publicly as the culprit? And why did Mr. Obama initially opt not to openly retaliate, through sanctions or other measures?

White House officials have said that the warning to Mr. Putin at the September summit meeting in China constituted the primary American response so far. When the administration decided to go public with its conclusion a month later, it did so in a statement from the director of national intelligence and the Homeland Security secretary, not in a prominent presidential appearance.

Officials said they were worried that any larger public response would have raised doubts about the election’s integrity, something Mr. Trump was already seeking to do during the campaign when he insisted the election was “rigged.” [Continue reading…]

 

Facebooktwittermail

U.S. faces tall hurdles in detaining or deterring Russian hackers

The New York Times reports: When a suspected Russian cybercriminal named Dmitry Ukrainsky was arrested in a Thai resort town last summer, the American authorities hoped they could whisk him back to New York for trial and put at least a temporary dent in Russia’s arsenal of computer hackers.

But the Russian authorities moved quickly to persuade Thailand not to extradite him, saying that he should be prosecuted at home. American officials knew what that meant. If Mr. Ukrainsky got on a plane to Moscow, they concluded, he would soon be back at work in front of a computer.

“The American authorities continue the unacceptable practice of ‘hunting’ for Russians all over the world, ignoring the norms of international laws and twisting other states’ arms,” the Russian Foreign Ministry said.

The dispute over Mr. Ukrainsky, whose case remains in limbo, highlights the difficulties — and at times impossibilities — that the United States faces in combating Russian hackers, including those behind the recent attacks on the Democratic National Committee. That hack influenced the course, if not the outcome, of a presidential campaign and was the culmination of years of increasingly brazen digital assaults on American infrastructure.

The United States has few options for responding to such hacks. Russia does not extradite its citizens and has shown that it will not easily be deterred through public shaming. At times, the American authorities have enlisted local police officials to arrest suspects when they leave Russia — for vacation in the Maldives, for example. But more often than not, the F.B.I. and Justice Department investigate and compile accusations and evidence against people who will almost certainly never stand trial. [Continue reading…]

Facebooktwittermail

U.S. officials: Putin personally involved in U.S. election hack

NBC News reports: U.S. intelligence officials now believe with “a high level of confidence” that Russian President Vladimir Putin became personally involved in the covert Russian campaign to interfere in the U.S. presidential election, senior U.S. intelligence officials told NBC News.

Two senior officials with direct access to the information say new intelligence shows that Putin personally directed how hacked material from Democrats was leaked and otherwise used. The intelligence came from diplomatic sources and spies working for U.S. allies, the officials said.

Putin’s objectives were multifaceted, a high-level intelligence source told NBC News. What began as a “vendetta” against Hillary Clinton morphed into an effort to show corruption in American politics and to “split off key American allies by creating the image that [other countries] couldn’t depend on the U.S. to be a credible global leader anymore,” the official said.

Ultimately, the CIA has assessed, the Russian government wanted to elect Donald Trump. The FBI and other agencies don’t fully endorse that view, but few officials would dispute that the Russian operation was intended to harm Clinton’s candidacy by leaking embarrassing emails about Democrats.

The latest intelligence said to show Putin’s involvement goes much further than the information the U.S. was relying on in October, when all 17 intelligence agencies signed onto a statement attributing the Democratic National Committee hack to Russia. [Continue reading…]

Facebooktwittermail

The perfect weapon: How Russian cyberpower invaded the U.S.

The New York Times reports: When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.

Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

“I had no way of differentiating the call I just received from a prank call,” Mr. Tamene wrote in an internal memo, obtained by The New York Times, that detailed his contact with the F.B.I.

It was the cryptic first sign of a cyberespionage and information-warfare campaign devised to disrupt the 2016 presidential election, the first such attempt by a foreign power in American history. What started as an information-gathering operation, intelligence officials believe, ultimately morphed into an effort to harm one candidate, Hillary Clinton, and tip the election to her opponent, Donald J. Trump.

Like another famous American election scandal, it started with a break-in at the D.N.C. The first time, 44 years ago at the committee’s old offices in the Watergate complex, the burglars planted listening devices and jimmied a filing cabinet. This time, the burglary was conducted from afar, directed by the Kremlin, with spear-phishing emails and zeros and ones. [Continue reading…]

Facebooktwittermail

Want to know if the election was hacked? Look at the ballots

J. Alex Halderman writes: You may have read at NYMag that I’ve been in discussions with the Clinton campaign about whether it might wish to seek recounts in critical states. That article, which includes somebody else’s description of my views, incorrectly describes the reasons manually checking ballots is an essential security safeguard (and includes some incorrect numbers, to boot). Let me set the record straight about what I and other leading election security experts have actually been saying to the campaign and everyone else who’s willing to listen.

How might a foreign government hack America’s voting machines to change the outcome of a presidential election? Here’s one possible scenario. First, the attackers would probe election offices well in advance in order to find ways to break into their computers. Closer to the election, when it was clear from polling data which states would have close electoral margins, the attackers might spread malware into voting machines in some of these states, rigging the machines to shift a few percent of the vote to favor their desired candidate. This malware would likely be designed to remain inactive during pre-election tests, do its dirty business during the election, then erase itself when the polls close. A skilled attacker’s work might leave no visible signs  —  though the country might be surprised when results in several close states were off from pre-election polls.

Could anyone be brazen enough to try such an attack? A few years ago, I might have said that sounds like science fiction, but 2016 has seen unprecedented cyberattacks aimed at interfering with the election. This summer, attackers broke into the email system of the Democratic National Committee and, separately, into the email account of John Podesta, Hillary Clinton’s campaign chairman, and leaked private messages. Attackers infiltrated the voter registration systems of two states, Illinois and Arizona, and stole voter data. And there’s evidence that hackers attempted to breach election offices in several other states. [Continue reading…]

Facebooktwittermail

Days before election, U.S. used secret hotline to ask Russia to halt cyber interventions

David Ignatius writes: The White House sent a secret “hotline”-style message to Russia on Oct. 31 to warn against any further cyber-meddling in the U.S. election process. Russia didn’t escalate its tactics as Election Day approached, but U.S. officials aren’t ready to say deterrence worked.

The previously undisclosed message was part of the high-stakes game of cyber-brinkmanship that has been going on this year between Moscow and Washington. How to stabilize this relationship without appearing to capitulate to Russian pressure tactics is among the biggest challenges facing President-elect Donald Trump.

The message was sent on a special channel created in 2013 as part of the Nuclear Risk Reduction Center, using a template designed for crisis communication. “It was a very clear statement to the Russians and asked them to stop their activity,” a senior administration official said, adding: “The fact that we used this channel was part of the messaging.”

According to several other high-level sources, President Obama also personally contacted Russian President Vladimir Putin last month to caution him about the disruptive cyberattacks. The senior administration official wouldn’t comment on these reports.

The private warnings followed a public statement Oct. 7 by Director of National Intelligence James Clapper and Secretary of Homeland Security Jeh Johnson charging that “Russia’s senior-most officials” had authorized cyberattacks that were “intended to interfere with the U.S. election process.” [Continue reading…]

Facebooktwittermail

Lindsey Graham calls for Senate investigation into whether Russia hacked DNC

Huffington Post reports: Sen. Lindsey Graham (R-S.C.) on Tuesday said he wants Senate hearings to investigate whether Russian President Vladimir Putin interfered in the U.S. election, casting doubts on President-elect Donald Trump’s desire to improve relations with Russia.

“Assuming for a moment that we do believe that the Russian government was controlling outside organizations that hacked into our election, they should be punished,” Graham told reporters on Capitol Hill. “Putin should be punished.”

U.S. officials have said the Kremlin was responsible for hacking into Democratic National Committee computers over the summer and releasing information that damaged Democratic nominee Hillary Clinton’s campaign.

Graham, who was defeated by Trump during the primary, urged fellow Republicans to not “let allegations against a foreign government interfering in our election process go unanswered because it may have been beneficial to our cause.”

He said congressional hearings would include “Russia’s misadventure throughout the world,” including its military aggression in Eastern Europe and whether it committed war crimes in Syria.

Trump has repeatedly expressed a desire to cozy up to Russia. During the campaign, he called for closer relations with Russia in fighting the Islamic State and praised Putin for being a “stronger leader” than President Barack Obama. [Continue reading…]

Facebooktwittermail

President Obama’s responsibility to fully inform the American people about Russia’s role in the election of Donald Trump

On October 7, the Director of National Intelligence released a Joint DHS and ODNI Election Security Statement saying:

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process.

President Obama has 73 days left in office and during this time he has a responsibility to act on this finding.

It may be pointless and arguably counterproductive to start formulating and enacting a strategic response to Russia’s interference in the election — especially given the likelihood that this plan would be set aside by the incoming Trump administration and given the cozy relationship that Trump and Putin are already developing.

Obama’s primary responsibility is to go to the greatest lengths possible in informing the public about what the intelligence services already know and what further information can be established and revealed in the coming weeks.

What is called for is substance to add to the assertion of confidence that has already been made.

In the absence of clear evidence, the assertions about Russia have thus far been tainted by the appearance of being politically partisan — all the more reason why Trump will easily be able to sweep away the issue. Even before the election, he had already dismissed the intelligence finding.

There is a glaring irony in this situation.

On the one hand the FBI just directly intervened in a presidential election — an intervention that was strongly criticized from many quarters and that arguably tipped the result in Trump’s favor. On the other hand, if Obama adopts the traditional caretaker role of an outgoing president, he will likely end up effectively burying evidence that the Russian government not only interfered but helped determine the outcome of a U.S. election.

As much as there might now be a common desire to heal the divisions in America, the public has a right to know and fully understand what just happened.

Facebooktwittermail

A muted alarm bell over Russian election hacking

Liz Spayd, Public Editor for the New York Times, writes: Last winter, as primary voters in Iowa and New Hampshire headed to the polls, a covert and cunning Russian plot was underway to disrupt the American political process. With aliases like Guccifer 2.0 and Fancy Bear, Russian hackers were targeting critical computer systems.

In June, they struck, hitting the Democratic Party, and by July its chairman was ousted in the fallout. Soon embarrassing emails were spilling from the computers of Hillary Clinton and her staff. Republican officials were hit, too. So was the National Security Agency. Now, hackers are meddling with the voting systems in several states, leaving local officials on high alert. Come Election Day, they’ll find out what, if anything, the cyberspies have in store.

This is an act of foreign interference in an American election on a scale we’ve never seen, yet on most days it has been the also-ran of media coverage, including at The New York Times.

The emails themselves — exposing the underside of the Democratic political machinery, and the conflicts, misjudgments and embarrassing communications of its top ranks — have received bountiful attention. What rarely makes the main narrative is the spy-versus-spy cyberwarfare: the tactics, the players and the government efforts to tame it. In a calamitous campaign unlike any in memory, it’s not surprising that other story lines get squeezed out. But one of the most chilling chapters of this election is the role of Russian intelligence and the growing threat of digital espionage. With days to go, readers have been shortchanged on this part of history. [Continue reading…]

Facebooktwittermail

White House readies to fight Election Day cyber mayhem

NBC News reports: The U.S. government believes hackers from Russia or elsewhere may try to undermine next week’s presidential election and is mounting an unprecedented effort to counter their cyber meddling, American officials told NBC News.

The effort is being coordinated by the White House and the Department of Homeland Security, but reaches across the government to include the CIA, the National Security Agency and other elements of the Defense Department, current and former officials say.

Russia has been warned that any effort to manipulate the actual voting or vote counting would be viewed as a serious breach, intelligence officials say.

“The Russians are in an offensive mode and [the U.S. is] working on strategies to respond to that, and at the highest levels,” said Michael McFaul, the U.S. ambassador to Russia from 2012 to 2014.

Officials are alert for any attempts to create Election Day chaos, and say steps are being taken to prepare for worst-case scenarios, including a cyber-attack that shuts down part of the power grid or the internet.

But what is more likely, multiple U.S. officials say, is a lower-level effort by hackers from Russia or elsewhere to peddle misinformation by manipulating Twitter, Facebook and other social media platforms.

For example, officials fear an 11th hour release of fake documents implicating one of the candidates in an explosive scandal without time for the news media to fact check it. So far, document dumps attributed to the Russians have damaged Democrats and favored Trump. [Continue reading…]

Facebooktwittermail

Hacked emails include evidence of Russia drafting laws for Ukraine parliament

RFE/RL reports: Ukrainian hackers claim to have broken into a second e-mail account linked to Vladislav Surkov, a senior aide to Russian President Vladimir Putin, releasing documents they say add to mounting evidence of the Kremlin meddling in Kyiv’s affairs.

The new e-mails were obtained by RFE/RL from the hackers in advance of their public release on November 3. If authentic, they provide detail about the extent to which Surkov’s office worked to set up separatist enclaves in eastern Ukraine in 2014.

The e-mails include plans that ostensibly show how associates of Surkov plotted to destabilize Ukraine’s eastern Kharkiv region, researched Ukrainian politicians who openly supported weakening central power in a bid to exploit the country’s political divisions, and helped establish the leadership of separatist groups in the Donetsk and Luhansk regions.

They indicate that, in one case, a draft law on an economic zone in eastern Ukraine purportedly written by Surkov himself was sent to the office of an opposition lawmaker and later introduced in the Ukrainian parliament.

The new release comes one week after an initial batch of e-mails from an inbox allegedly associated with Surkov, a longtime Putin aide who is the point man for Ukraine in his administration. [Continue reading…]

Facebooktwittermail

Hacked emails reveal ties between Kremlin and Ukraine rebels

The Associated Press reports: A group of Ukrainian hackers has released thousands of emails from an account used by a senior Kremlin official that appear to show close financial and political ties between Moscow and separatist rebels in Eastern Ukraine.

The cache published by the Ukrainian group CyberHunta reveals contacts between President Vladimir Putin’s adviser Vladislav Surkov and the pro-Russia rebels fighting Ukrainian forces.

Ukraine’s National Security Service said Wednesday the emails were real, although they added the files may have been tampered with. Putin’s spokesman Dmitry Peskov dismissed the published emails as a sham, saying Wednesday that Surkov doesn’t use email.

Russian journalist Svetlana Babaeva told The Associated Press emails from her in the cache were genuine. “I sent those emails,” Babaeva said, referring to three emails in the leak discussing arrangements for an off-the-record meeting between Surkov and editors at her publication.

Russian businessmen Evgeny Chichivarkin, who lives in London, said in a Facebook post Wednesday that emails attributed to him in the cache were genuine too. [Continue reading…]

The Guardian reports: Sanctioned and thus banned from travel to the EU for his role in the Kremlin’s Ukraine policy, the 52-year-old Surkov nevertheless popped up at recent four-way negotiations in Berlin over Ukraine, sitting at the round table next to Putin, and just one seat across from Angela Merkel. It was a very visible signal of Surkov’s importance to the Kremlin’s controversial Ukraine policy.

Several sources have told the Guardian that Surkov has on occasion made secret trips to Donetsk, technically still part of Ukraine, to bring local separatist politicians into line and tell them what is expected of them if they are to continue to receive Russian funding and support. More regularly, emissaries from east Ukraine come to Moscow to meet with Surkov. [Continue reading…]

Chris Zappone writes: The timing of the hack and the target, Vladislav Surkov, suggest that this could be a form of retaliation for the purported Russian hacking of the US election.

The group, called Kiberkhunta (or Cyber Junta) posted 2000 emails from Surkov dating from between September 2013 and November 2014.

Coming against the backdrop of the Russian cyber campaign against the US during the current presidential election year, at least one analyst sees the possibility of a connection to those events.

“It is possible that we are seeing the first example of mutually assured doxing,” said Kenneth Geers, Kiev-based Senior Research Scientist at COMODO, referring to the practice of hacking and publishing private emails.

‘Mutually assured doxing’ is a play on the Cold War concept of Mutually Assured Destruction – the permanent nuclear stand-off between Russia and the US which dissuaded either side from starting a war.

“We should usually assume there is some political goal behind every leak,” he said.

Geers, who is also an ambassador for the NATO Cyber Centre, said the Surkov leak may hint at an emerging behavioural norm between nation states.

“We may see a doxing escalation ladder materialise: how far do you want me to go, all the way to the top?” said Geers.

“As painful as it is today, doxing serves a long-term historical role in reducing corruption.” [Continue reading…]

Facebooktwittermail

Trump Organization is using horribly insecure email servers

Zack Whittaker reports: If you thought Former Secretary of State Hillary Clinton’s private email server was a mess, Donald Trump’s company is running email servers that look like a dumpster fire by comparison.

Security researcher Kevin Beaumont said in a tweet on Monday that the Trump Organization, the parent company of the alleged billionaire’s portfolio of realty, steaks, golf, and hotels, is running a set of email servers that are horribly outdated and long past the end-of-life, meaning they haven’t received security patches in over a year.

Beaumont said he found that the company’s email system is running the decade-old Windows Server 2003 and Internet Information Servers 6, both of which haven’t been supported in over a year.

Both sets of software are so old that Microsoft no longer patches even known security vulnerabilities. Instead, users should upgrade. Patches remain as one of the best ways for preventing hackers from exploiting security flaws.

A spokesperson for Trump, now the Republican presidential candidate, could not be reached on Tuesday. [Continue reading…]

Facebooktwittermail

How massive DDoS attacks are undermining the Internet

NBC News reports: Andrew Komarov of InfoArmor told NBC News he didn’t see any sign of Russian involvement at all, whether state or private [in the “denial of service,” or DDoS, attacks that caused massive internet outages across the U.S. on Friday]. He noted that the botnet used in the attack, “Mirai,” was developed by an English speaker and that he had found no link between “Mirai” and the Russians, who have their own much more sophisticated methods.

He said the attacks seemed more consistent with the methods used by the hacking group known as Lizard Squad, two of whose members, both teens, were arrested earlier this month in the U.S. and the Netherlands and charged in connection with DDoS attacks.

Said Komarov, “We have some context, that because of similar victims, using Dyn, and also tactics, tools and procedures by threat actors, it may be a revenge for the past arrests of DDoS’ers in the underground, happened several weeks ago.”

Dmitri Alperovitch of Crowdstrike also expressed doubt about a link to the Russian government, and speculated the attacks might have to do with a recent interview that cybersecurity expert Brian Krebs did with Dyn mentioning Russian organized crime. Alperovitch said use of a botnet bears the hallmark of a criminal rather than state attack, and the target may simply have been Dyn, not the U.S.

Flashpoint, a private cybersecurity and intelligence firm, noted that the Krebs site was attacked in September by a Mirai botnet, and the Krebs site was among those attacked Friday. The hacker who attacked Krebs in September released the source code on the web earlier this month, and hackers have copied the code to create their own botnets.

Flashpoint said it had concluded that the Friday attacks were not mounted by hacktivists, a political group or a state actor. [Continue reading…]

TechCrunch reports: In the past few weeks, hackers have upped the DDoS stakes in a big way. Starting with the attack on KrebsonSecurity.com and increasing in severity from there, hundreds of thousands of devices have been used to perpetrate these actions. A number that dwarfs previous attacks by orders of magnitude.

While it isn’t yet confirmed, evidence points to the attack that we saw on Friday morning following this same playbook, but being perpetrated on a much larger scale, relying on Internet of Things (IoT) devices rather than computers and servers to carry out an attack.

In fact, in all likelihood an army of surveillance cameras attacked Dyn. Why surveillance cameras? Because many of the security cameras used in homes and business around the world typically run the same or similar firmware produced by just a few companies.

This firmware is now known to contain a vulnerability that can easily be exploited, allowing the devices to have their sights trained on targets like Dyn. What’s more, many still operate with default credentials — making them a simple, but powerful target for hackers.

Why is this significant? The ability to enslave these video cameras has made it easier and far cheaper to create botnets at a scale that the world has never seen before. If someone wants to launch a DDoS attack, they no longer have to purchase a botnet—they can create their own using a program that was dumped on the internet just a few weeks ago. [Continue reading…]

The New York Times reports: Dale Drew, chief security officer at Level 3, an internet service provider, found evidence that roughly 10 percent of all devices co-opted by Mirai were being used to attack Dyn’s servers. Just one week ago, Level 3 found that 493,000 devices had been infected with Mirai malware, nearly double the number infected last month.

Mr. Allen added that Dyn was collaborating with law enforcement and other internet service providers to deal with the attacks.

In a recent report, Verisign, a registrar for many internet sites that has a unique perspective into this type of attack activity, reported a 75 percent increase in such attacks from April through June of this year, compared with the same period last year.

The attacks were not only more frequent, they were bigger and more sophisticated. The typical attack more than doubled in size. What is more, the attackers were simultaneously using different methods to attack the company’s servers, making them harder to stop.

The most frequent targets were businesses that provide internet infrastructure services like Dyn. [Continue reading…]

Brian Krebs reports: The attack on DYN comes just hours after DYN researcher Doug Madory presented a talk on DDoS attacks in Dallas, Texas at a meeting of the North American Network Operators Group (NANOG). Madory’s talk — available here on Youtube.com — delved deeper into research that he and I teamed up on to produce the data behind the story DDoS Mitigation Firm Has History of Hijacks.

That story (as well as one published earlier this week, Spreading the DDoS Disease and Selling the Cure) examined the sometimes blurry lines between certain DDoS mitigation firms and the cybercriminals apparently involved in launching some of the largest DDoS attacks the Internet has ever seen. Indeed, the record 620 Gbps DDoS against KrebsOnSecurity.com came just hours after I published the story on which Madory and I collaborated.

The record-sized attack that hit my site last month was quickly superseded by a DDoS against OVH, a French hosting firm that reported being targeted by a DDoS that was roughly twice the size of the assault on KrebsOnSecurity. As I noted in The Democratization of Censorship — the first story published after bringing my site back up under the protection of Google’s Project Shield — DDoS mitigation firms simply did not count on the size of these attacks increasing so quickly overnight, and are now scrambling to secure far greater capacity to handle much larger attacks concurrently. [Continue reading…]

Facebooktwittermail