Category Archives: Cyber Issues

How Russia pulled off the biggest election hack in U.S. history

putin

Thomas Rid writes: On an April afternoon earlier this year, Russian president Vladimir Putin headlined a gathering of some four hundred journalists, bloggers, and media executives in St. Petersburg. Dressed in a sleek navy suit, Putin looked relaxed, even comfortable, as he took questions. About an hour into the forum, a young blogger in a navy zip sweater took the microphone and asked Putin what he thought of the “so-called Panama Papers.”

The blogger was referring to a cache of more than eleven million computer files that had been stolen from Mossack Fonseca, a Panamanian law firm. The leak was the largest in history, involving 2.6 terabytes of data, enough to fill more than five hundred DVDs. On April 3, four days before the St. Petersburg forum, a group of international news outlets published the first in a series of stories based on the leak, which had taken them more than a year to investigate. The series revealed corruption on a massive scale: Mossack Fonseca’s legal maneuverings had been used to hide billions of dollars. A central theme of the group’s reporting was the matryoshka doll of secret shell companies and proxies, worth a reported $2 billion, that belonged to Putin’s inner circle and were presumed to shelter some of the Russian president’s vast personal wealth.

When Putin heard the blogger’s question, his face lit up with a familiar smirk. He nodded slowly and confidently before reciting a litany of humiliations that the United States had inflicted on Russia. Putin reminded his audience about the sidelining of Russia during the 1998 war in Kosovo and what he saw as American meddling in Ukraine more recently. Returning to the Panama Papers, Putin cited WikiLeaks to insist that “officials and state agencies in the United States are behind all this.” The Americans’ aim, he said, was to weaken Russia from within: “to spread distrust for the ruling authorities and the bodies of power within society.”

Though a narrow interpretation of Putin’s accusation was defensible—as WikiLeaks had pointed out, one of the members of the Panama Papers consortium had received financial support from USAID, a federal agency—his swaggering assurance about America’s activities has a more plausible explanation: Putin’s own government had been preparing a vast, covert, and unprecedented campaign of political sabotage against the United States and its allies for more than a year.

The Russian campaign burst into public view only this past June, when The Washington Post reported that “Russian government hackers” had penetrated the servers of the Democratic National Committee. The hackers, hiding behind ominous aliases like Guccifer 2.0 and DC Leaks, claimed their first victim in July, in the person of Debbie Wasserman Schultz, the DNC chair, whose private emails were published by WikiLeaks in the days leading up to the Democratic convention. By August, the hackers had learned to use the language of Americans frustrated with Washington to create doubt about the integrity of the electoral system: “As you see the U. S. presidential elections are becoming a farce,” they wrote from Russia.

The attacks against political organizations and individuals absorbed much of the media’s attention this year. But in many ways, the DNC hack was merely a prelude to what many security researchers see as a still more audacious feat: the hacking of America’s most secretive intelligence agency, the NSA.

Russian spies did not, of course, wait until the summer of 2015 to start hacking the United States. This past fall, in fact, marked the twentieth anniversary of the world’s first major campaign of state-on-state digital espionage. In 1996, five years after the end of the USSR, the Pentagon began to detect high-volume network breaches from Russia. The campaign was an intelligence-gathering operation: Whenever the intruders from Moscow found their way into a U. S. government computer, they binged, stealing copies of every file they could.

By 1998, when the FBI code-named the hacking campaign Moonlight Maze, the Russians were commandeering foreign computers and using them as staging hubs. At a time when a 56 kbps dial-up connection was more than sufficient to get the best of Pets.com and AltaVista, Russian operators extracted several gigabytes of data from a U. S. Navy computer in a single session. With the unwitting help of proxy machines—including a Navy supercomputer in Virginia Beach, a server at a London nonprofit, and a computer lab at a public library in Colorado—that accomplishment was repeated hundreds of times over. Eventually, the Russians stole the equivalent, as an Air Intelligence Agency estimate later had it, of “a stack of printed copier paper three times the height of the Washington Monument.” [Continue reading…]

Facebooktwittermail

Trump sides with Putin over U.S. intelligence

Politico reports: Donald Trump angrily insisted on Wednesday night that he is not Vladimir Putin’s “puppet.”

But at a minimum, in recent months he has often sounded like the Russian president’s lawyer—defending Putin against a variety of specific charges, from political killings to the 2014 downing of a passenger jet over Ukraine, despite the weight of intelligence, legal findings and expert opinion.

Wednesday, for instance, Trump dismissed Hillary Clinton’s assertion that Russia was behind the recent hacking of Democratic Party and Clinton campaign emails.

“She has no idea whether it’s Russia or China or anybody else,” Trump retorted. “Our country has no idea.”

As Clinton tried to explain that the Russian role is the finding of 17 military and civilian intelligence agencies, Trump cut her off: “I doubt it.”

On Oct. 7, the Department of Homeland Security and the Office of the Director of National Intelligence released a joint statement saying that the U.S. intelligence community “is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.” That finding has also been relayed directly to Trump in the classified national security briefings he receives as a major party nominee. [Continue reading…]

Facebooktwittermail

How hackers broke into John Podesta and Colin Powell’s Gmail accounts

Motherboard reports: On March 19 of this year, Hillary Clinton’s campaign chairman John Podesta received an alarming email that appeared to come from Google.

The email, however, didn’t come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the US government, believe are spies working for the Russian government. At the time, however, Podesta didn’t know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account.

Months later, on October 9, WikiLeaks began publishing thousands of Podesta’s hacked emails. Almost everyone immediately pointed the finger at Russia, who is suspected of being behind a long and sophisticated hacking campaign that has the apparent goal of influencing the upcoming US elections. But there was no public evidence proving the same group that targeted the Democratic National Committee was behind the hack on Podesta — until now.

The data linking a group of Russian hackers — known as Fancy Bear, APT28, or Sofacy — to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell’s emails; and the Podesta leak, which was publicized on WikiLeaks.

All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that’s tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. [Continue reading…]

Facebooktwittermail

Russian hackers evolve to serve the Kremlin

The Wall Street Journal reports: With the hacking of Hillary Clinton’s campaign and the Democratic National Committee, U.S. officials say Russia has unleashed a strengthened cyberwarfare weapon to sow uncertainty about the U.S. democratic process.

In doing so, Russia has transformed state-sponsored hackers known as Fancy Bear and Cozy Bear from internet spies to political tools with the power to target the country’s adversaries, according to U.S. officials and cybersecurity experts.

The attacks are the harder side of parallel campaigns in the Kremlin’s English-language media, which broadcast negative news about Western institutions and alliances and focus on issues that demonstrate or stoke instability in the West, such as Brexit. Moscow seeks particularly to weaken the North Atlantic Treaty Organization, which has expanded its defense against Russia.

“The underlying philosophy of a lot of these attacks is about establishing information as a weapon,” said Alexander Klimburg, a cyber expert at the Hague Center for Strategic Studies. “Hacking for them is literally about controlling information.”

President Vladimir Putin denies Russian involvement in the hacking, but in a way that telegraphs glee about the potential chaos being sown in the U.S. democratic process.

“Everyone is talking about who did it, but is it so important who did it?” Mr. Putin said. “What is important is the content of this information.”

Former Central Intelligence Agency Director Michael Hayden said the Kremlin doesn’t appear to be trying to influence the election’s outcome, noting Russian involvement has provided fodder for both Republicans and Democrats. “They are not trying to pick a winner,” he said Tuesday at a cybersecurity conference in Washington. Rather, Russia is likely unleashing the emails “to mess with our heads.”

Pro-Kremlin commentators in Russia have seized on the DNC leaks to cast doubt on the American democratic process and argue that Washington has no right to criticize Moscow. They have said the hacked DNC emails, which showed party officials working to undermine primary runner-up Bernie Sanders, prove Americans are hypocritical when they malign Mr. Putin’s authoritarianism. [Continue reading…]

Facebooktwittermail

Czech police arrest Russian in connection with U.S. hacking attacks

Reuters reports: Czech police have detained a Russian man wanted in connection with hacking attacks on targets in the United States, the police said, without giving further details.

The arrest was carried out in cooperation with the U.S. Federal Bureau of Investigation, Czech police said on their website on Tuesday evening. Interpol had issued a so-called Red Notice for the man, seeking his arrest, they added. [Continue reading…]

Facebooktwittermail

CIA prepping for possible cyber attack against Russia

NBC News reports: The Obama administration is contemplating an unprecedented cyber covert action against Russia in retaliation for alleged Russian interference in the American presidential election, U.S. intelligence officials told NBC News.

Current and former officials with direct knowledge of the situation say the CIA has been asked to deliver options to the White House for a wide-ranging “clandestine” cyber operation designed to harass and “embarrass” the Kremlin leadership.

The sources did not elaborate on the exact measures the CIA was considering, but said the agency had already begun opening cyber doors, selecting targets and making other preparations for an operation. Former intelligence officers told NBC News that the agency had gathered reams of documents that could expose unsavory tactics by Russian President Vladimir Putin.

Vice President Joe Biden told “Meet the Press” moderator Chuck Todd on Friday that “we’re sending a message” to Putin and that “it will be at the time of our choosing, and under the circumstances that will have the greatest impact.”

When asked if the American public will know a message was sent, the vice president replied, “Hope not.”

Retired Admiral James Stavridis told NBC News’ Cynthia McFadden that the U.S. should attack Russia’s ability to censor its internal internet traffic and expose the financial dealings of Putin and his associates. [Continue reading…]

And what better way to expose such information than by providing it to Wikileaks. Julian Assange can then demonstrate that he’s not a puppet of Putin’s — or risk being outed if it turns out his organization chooses not to release such material.

Wouldn’t that turn Wikileaks into a puppet of the U.S. government? Kind of — except Assange’s position is that it’s not his job to pass judgment on the motives of his sources. His commitment is to protect his sources and publish secrets.

Facebooktwittermail

Entire U.S. political system ‘under attack’ by Russian hacking, experts warn

Geof Wheelwright writes: It could have been a cold war drama. The world watched this week as accusations and counter-accusations were thrown by the American and Russian governments about documents stolen during a hack of the Democratic National Committee and the email account of Hillary Clinton’s campaign chair John Podesta.

The notion that public figures have any right to privacy appears to have been lost in the furore surrounding the story, stolen correspondence being bandied around in attempts to influence the outcome of one of the nastiest, most vitriolic US presidential campaigns in history.

Some have argued that as secretary of state, Hillary Clinton’s emails were fair game for hacking because had they not been held on a private server, they would have been subject to freedom of information requests and available to the general public.

There may be some truth to that, but it doesn’t change the fact that correspondence between public figures has allegedly been hacked by those acting under the direction of a foreign government and released for everyone to peruse, with little opportunity for the authors to offer context or even confirm that the contents of the leaks are accurate.

The hacks have created a dilemma for American voters, according to Rob Guidry, CEO of social media analytics company Sc2 and a former special adviser to US Central Command. He says voters seem to want the information that has been leaked by the hackers but don’t feel entirely comfortable with the hacks that have brought the information to light. [Continue reading…]

Facebooktwittermail

White House says U.S. will retaliate against Russia for hacking

Politico reports: White House Press Secretary Josh Earnest promised on Tuesday that the U.S. would deliver a “proportional” response to Russia’s alleged hacking of American computer systems.

In addition to pledging that the U.S. “will ensure that our response is proportional,” Earnest told reporters flying on Air Force One that “it is unlikely that our response would be announced in advance.”

“The president has talked before about the significant capabilities that the U.S. government has to both defend our systems in the United States but also carry out offensive operations in other countries,” he said as the press corps traveled with the president to a Hillary Clinton campaign event in North Carolina. “So there are a range of responses that are available to the president and he will consider a response that is proportional.” [Continue reading…]

Facebooktwittermail

How Donald Trump is promoting Russian disinformation to American voters

Kurt Eichenwald writes: I am Sidney Blumenthal. At least, that is what Vladimir Putin — and, somehow, Donald Trump — seem to believe. And that should raise concerns about not only Moscow’s attempts to manipulate this election but also how Trump came to push Russian disinformation to American voters.

An email from Blumenthal — a confidant of Hillary Clinton and a man, second only to George Soros, at the center of conservative conspiracy theories — turned up in the recent document dump by WikiLeaks. At a time when American intelligence believes Russian hackers are trying to interfere with the presidential election, records have been fed recently to WikiLeaks out of multiple organizations of the Democratic Party, raising concerns that the self-proclaimed whistleblower group has become a tool of Putin’s government. But now that I have been brought into the whole mess — and transformed into Blumenthal — there is even more proof that the Russians are not only orchestrating this act of cyberwar but also really, really dumb.

The evidence emerged thanks to the incompetence of Sputnik, the Russian online news and radio service established by the government-controlled news agency, Rossiya Segodnya.

The documents that WikiLeaks has unloaded recently have been emails out of the account of John Podesta, the chairman of Clinton’s election campaign. Almost as soon as the pilfered documents emerged, Sputnik was all over them and rapidly found (or probably already knew about before the WikiLeaks dump) a purportedly incriminating email from Blumenthal.

The email was amazing — it linked Boogie Man Blumenthal, Podesta and the topic of conservative political fever dreams, Benghazi. This, it seemed, was the smoking gun finally proving Clinton bore total responsibility for the attack on the American outpost in Libya in 2012. Sputnik even declared that the email might be the “October surprise” that could undermine Clinton’s campaign. [Continue reading…]

Facebooktwittermail

Even the U.S. military is looking at blockchain technology — to secure nuclear weapons

Quartz reports: Blockchain technology has been slow to gain adoption in non-financial contexts, but it could turn out to have invaluable military applications. DARPA, the storied research unit of the US Department of Defense, is currently funding efforts to find out if blockchains could help secure highly sensitive data, with potential applications for everything from nuclear weapons to military satellites.

The case for using a blockchain boils down to a concept in computer security known as “information integrity.” That’s basically being able to track when a system or piece of data has been viewed or modified. DARPA’s program manager behind the blockchain effort, Timothy Booher, offers this analogy: Instead of trying to make the walls of a castle as tall as possible to prevent an intruder from getting in, it’s more important to know if anyone has been inside the castle, and what they’re doing there.

A blockchain is a decentralized, immutable ledger. Blockchains can permanently log modifications to a network or database, preventing intruders from covering their tracks. In DARPA’s case, blockchain tech could offer crucial intelligence on whether a hacker has modified something in a database, or whether they’re surveilling a particular military system. [Continue reading…]

Facebooktwittermail

Seven reasons the new Russian hack announcement is a big deal

Julia Ioffe writes: It’s been buried under news of Donald Trump bragging about his ability to grab women by their genitals, but Friday afternoon’s news dump included a stunning declaration by the Department of Homeland Security: the first direct accusation from the Obama administration that Russia is trying to interfere with our elections.

“The U.S. Intelligence Community is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations,” the statement said, concluding that “these thefts and disclosures are intended to interfere with the US election process.” After the Democratic National Committee hack and the scattered hacks of voting machines, and months of talk in the press and on Capitol Hill, the Obama administration has openly called out the Kremlin for meddling in the election.

This was immediately followed by a new dump of documents from WikiLeaks, this time of Clinton campaign chair John Podesta’s emails, and news that the Russian ambassador to the United Nations lodged a formal complaint with the organization when another official criticized Trump. And all of this comes against the backdrop of Trump’s constant and effusive praise for Vladimir Putin, as well as a steady stream of revelations about his campaign’s shady ties to Russia.

As head-spinning as it might be and as distracted as we might be by #TrumpTapes, this is arguably the more important story. What’s really going on? The hacking war is a genuinely new development in the long and often fraught U.S. relationship with Russia, and carries profound implications. Here’s what’s behind Friday’s statement — and why it matters so much. [Continue reading…]

Facebooktwittermail

U.S. government officially accuses Russia of hacking campaign to interfere with elections

The Washington Post reports: The Obama administration on Friday officially accused Russia of attempting to interfere in the 2016 elections, including by hacking the computers of the Democratic National Committee and other political organizations.

The denunciation, made by the Office of the Director of National Intelligence and the Department of Homeland Security, came as pressure was growing from within the administration and some lawmakers to publicly name Moscow and hold it accountable for actions apparently aimed at sowing discord around the election.

“The U.S. Intelligence Community is confident that the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations,” said a joint statement from the two agencies. “. . . These thefts and disclosures are intended to interfere with the U.S. election process.”

The public finger-pointing was welcomed by senior Democratic and Republican lawmakers, who also said they now expect the administration to move to punish the Kremlin as part of an effort to deter further acts by its hackers. [Continue reading…]

Facebooktwittermail

Yahoo secretly scanned customer emails for U.S. intelligence

Reuters reports: Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc. [Continue reading…]

The Wall Street Journal reports: Big technology companies, including Google, Microsoft Corp., Twitter Inc. and Facebook Inc. denied scanning incoming user emails on behalf of the U.S. government, following a report that Yahoo Inc. had built such a system. [Continue reading…]

Facebooktwittermail

Why the internet of things is the new magic ingredient for cyber criminals

John Naughton writes: Brian Krebs is one of the unsung heroes of tech journalism. He’s a former reporter for the Washington Post who decided to focus on cybercrime after his home network was hijacked by Chinese hackers in 2001. Since then, he has become one of the world’s foremost investigators of online crime. In the process, he has become an expert on the activities of the cybercrime groups that operate in eastern Europe and which have stolen millions of dollars from small- to medium-size businesses through online banking fraud. His reporting has identified the crooks behind specific scams and even led to the arrest of some of them.

Krebs runs a blog – Krebs on Security – which is a must-read for anyone interested in these matters. Sometimes, one fears for his safety, because he must have accumulated so many enemies in the dark underbelly of the net. And last Tuesday one of them struck back.

The attack began at 8pm US eastern time, when his site was suddenly hit by a distributed denial of service (DDoS) attack. This is a digital assault in which a computer server is swamped by trivial requests that make it impossible to serve legitimate ones. The attack is called a distributed one because the noxious pings come not from one location, but from computers located all over the world that have earlier been hacked and organised into a “botnet”, which can then direct thousands or millions of requests at a targeted server in order to bring it down. Think of it as a gigantic swarm of electronic hornets overwhelming a wildebeest.

DDoS attacks are a routine weapon in the cybercriminal’s armoury. They are regularly used, for example, to blackmail companies, which then pay a ransom to have the hornets called off. They’re a useful tool because it’s very difficult to pinpoint the individuals or groups that have assembled a particular botnet army. And in the past Krebs has had to deal with DDoS attacks that were probably launched by people who were not amused by the accuracy of his investigative reporting.

Last Tuesday’s attack was different, however – in two respects. The first was its sheer scale. It got so bad that even Akamai, the huge content delivery network that handles 15-30% of all web traffic, had to tell Krebs that it couldn’t continue to carry his blog because the attack was beginning to affect all its other customers. So he asked them to redirect all traffic heading for krebsonsecurity.com to the internet’s equivalent of a black hole. This meant that his site effectively disappeared from the web: a courageous and independent voice had been silenced. [Continue reading…]

Facebooktwittermail

Newsweek suspects hackers crashed website because of negative Trump article

Politico reports: Newsweek suspects that hackers are to blame for the crash of its website on Thursday night, after it published an article about Donald Trump’s company secretly conducting business in Cuba in the 1990s.

“We don’t know everything. We’re still investigating,” Newsweek editor in chief Jim Impoco told POLITICO. “But it was a massive DDoS attack, and it took place in the early evening just as prominent cable news programs were discussing Kurt Eichenwald’s explosive investigation into how Donald Trump’s company broke the law by breaking the United States embargo against Cuba.”

A DDoS attack, or distributed denial of service attack, is when an attacker attempts to overwhelm a website or server with traffic, rendering it unable to function reliably.

As of Friday afternoon, Impoco told POLITICO that the main IP addresses involved in the hack were Russian, but that there was “nothing definitive” about the ongoing investigation. [Continue reading…]

Facebooktwittermail

Russian hackers harassed journalists who were investigating Malaysia Airlines plane crash

The Washington Post reports: Russian government hackers began targeting a British citizen journalist in February 2015, eight months after he began posting evidence documenting alleged Russian government involvement in the shoot-down of a Malaysian jetliner over Ukraine.

And then in February 2016, a group that researchers suspect is a propaganda mouthpiece of the Russian government — CyberBerkut — defaced the home page of Eliot Higgins’s citizen journalism website, Bellingcat.com.

That same month, CyberBerkut hacked the email, iCloud and social media account of a Bellingcat researcher in Moscow, then posted online personal pictures, a passport scan, his girlfriend’s name and other private details.

Russia’s information operations against Bellingcat are a taste of what may be in store for other media organizations whose reports anger the Kremlin, said a cyber-research firm that has extensively documented the effort. [Continue reading…]

Facebooktwittermail

Syrian Electronic Army hacker pleads guilty in Virginia

The Hill reports: A 37-year-old Syrian national once affiliated with the Syrian Electronic Army (SEA) hacker group pleaded guilty in Virginia federal court Wednesday to conspiring to receive extortion proceeds and conspiring to unlawfully access computers.

Beginning in 2011, Peter Romar defaced media and government websites belonging to those the SEA felt were overly critical of Syrian President Bashar al-Assad. By 2013, the SEA’s methods had evolved into extorting money from hacking victims under threat of the group destroying or leaking information from compromised systems.

Romar, who was living in Germany, acted as a go-between for extortion payments when victims could not transfer money directly to Syria. [Continue reading…]

Facebooktwittermail

U.S. believes hackers are shielded by Russia to hide its role in cyberintrusions

The Wall Street Journal reports: U.S. officials are increasingly confident that the hacker Guccifer 2.0 is part of a network of individuals and groups kept at arm’s length by Russia to mask its involvement in cyberintrusions such as the theft of thousands of Democratic Party documents, according to people familiar with the matter.

While the hacker denies working on behalf of the Russian government, U.S. officials and independent security experts say the syndicate is one of the most striking elements of what looks like an intensifying Russian campaign to target prominent American athletes, party officials and military leaders.

A fuller picture of the operation has come into focus in the past several weeks. U.S. officials believe that at least two hacking groups with ties to the Russian government, known as Fancy Bear and Cozy Bear, are involved in the escalating data-theft efforts, according to people briefed on the Federal Bureau of Investigation’s probe of the cyberattacks.

Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites — WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 — have posted batches of stolen data at least 42 times from April to last week.

WikiLeaks has published U.S. secrets for years but has recently taken an overtly adversarial tone toward Democratic presidential nominee Hillary Clinton. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. [Continue reading…]

Facebooktwittermail