Category Archives: Cyber Issues

The White House asked Congress to keep quiet on Russian hacking

BuzzFeed reports: The White House sought to muzzle two of Congress’s top intelligence officials when they decided to publicly accuse Russia of meddling in the US election last week, sources familiar with the matter told BuzzFeed News.

In a statement released Friday, Sen. Dianne Feinstein and Rep. Adam Schiff, the vice-chairmen of the Senate and House Intelligence Committees respectively, formally accused Russia of attempting to influence the US election. It was the first official, on-record confirmation from US government officials that the Kremlin is actively working to manipulate public confidence in the country’s election system.

But sources tell BuzzFeed News that the White House — which has stayed silent despite mounting pressure to call out its Moscow adversaries — tried to delay the statement’s release. The public accusation was of such concern to the administration that White House Chief of Staff Denis McDonough was personally involved in the negotiations over releasing it, according to a congressional source.

Feinstein and Schiff, both Democrats, agreed to omit part of their original statement for security reasons, according to another congressional source. That request, which stemmed from concerns over classification, came from the CIA, a congressional source added Wednesday. [Continue reading…]

Facebooktwittermail

FBI probes hacks targeting phones of Democratic Party officials

Reuters reports: The FBI is investigating suspected attempts to hack mobile phones used by Democratic Party officials as recently as the past month, four people with direct knowledge of the attack and the investigation told Reuters.

The revelation underscores the widening scope of the U.S. criminal inquiry into cyber attacks on Democratic Party organizations, including the presidential campaign of its candidate, former U.S. Secretary of State Hillary Clinton.

U.S. officials have said they believe those attacks were orchestrated by hackers backed by the Russian government, possibly to disrupt the Nov. 8 election in which Clinton faces Republican Party candidate Donald Trump. Russia has dismissed allegations it was involved in cyber attacks on the organizations.

The more recent attempted phone hacking also appears to have been conducted by Russian-backed hackers, two people with knowledge of the situation said. [Continue reading…]

Facebooktwittermail

Russia blamed for hacking attack on German MPs

The Telegraph reports: Germany is investigating a series of sophisticated computer hacking attacks on MPs and political parties amid fears Russia may be trying to influence the outcome of next year’s elections.

The offices of several MPs inside Germany’s parliament were targeted in the attacks, as well as regional offices of Angela Merkel’s Christian Democrats (CDU) and rival parties.

The German government agency in charge of cyber security believes the attacks originated from Russia and may be linked to the hacking of private emails from Hillary Clinton’s campaign team in the US earlier this year. [Continue reading…]

Facebooktwittermail

Who are the Russian-backed hackers attacking the U.S. political system?

NBC News reports: Two teams of highly skilled hackers directed and protected by the Russian state are on the offensive.

Cybersecurity experts and intelligence officials tell NBC News the same hackers who broke into the Democratic Party’s computers, the World Anti-Doping Agency’s Administration System and who are implicated in the leaks of the personal emails of former Secretary of State Colin Powell and the health documents of Olympians are executing a Kremlin-backed campaign of cyber-espionage and sabotage.

Their target: Western democratic institutions and Russia’s political opponents.

“They are starting to figure out the way to apply the power they have in terms of technical capabilities into the geopolitical aspect,” Italian cyber security investigator Stefano Maccaglia told NBC News.

At a small square in Rome on a recent summer day, Maccaglia explained how he came to know most of these hackers in the early 2000s, when he was one himself. Having since crossed to the other side, Maccaglia’s job now is to investigate — sometimes for the Italian government — the Russian hackers’ cyber-attacks.

Maccaglia, who is now an advisory consultant for the network security company RSA, explained that the two teams of Russian hackers vary from trained researchers with a mathematical background to “the very funny person” skilled in computer programming languages and are turned into “gangs of cyber-mercenaries” who offer their “brilliance” to the highest bidder.

“They obviously have a very good life now,” Maccaglia said of the privileges they enjoy for their services.

Their relationship to the Russian state, he explained, is a win-win: The cyber gangsters are allowed to keep stealing — their traditional hacking work — as long as they do the bidding of Russian intelligence services.

In exchange, they receive state protection.

“They are above the law and are obviously protected,” Maccaglia said. “That’s why nobody can prosecute them. There is no way to reach them anymore.” [Continue reading…]

Facebooktwittermail

U.S. investigating potential covert Russian plan to disrupt November elections

The Washington Post reports: U.S. intelligence and law enforcement agencies are investigating what they see as a broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions, intelligence and congressional officials said.

The aim is to understand the scope and intent of the Russian campaign, which incorporates cyber-tools to hack systems used in the political process, enhancing Russia’s ability to spread disinformation.

The effort to better understand Russia’s covert influence operations is being coordinated by James R. Clapper Jr., the director of national intelligence. “This is something of concern for the DNI,” said Charles Allen, a former longtime CIA officer who has been briefed on some of these issues. “It is being addressed.”

A Russian influence operation in the United States “is something we’re looking very closely at,” said one senior intelligence official who, like others interviewed, spoke on the condition of anonymity to discuss a sensitive matter. Officials also are examining potential disruptions to the election process, and the FBI has alerted state and local officials to potential cyberthreats.

The official cautioned that the intelligence community is not saying it has “definitive proof” of such tampering, or any Russian plans to do so. “But even the hint of something impacting the security of our election system would be of significant concern,” the official said. “It’s the key to our democracy, that people have confidence in the election system.”

The Kremlin’s intent may not be to sway the election in one direction or another, officials said, but to cause chaos and provide propaganda fodder to attack U.S. democracy-building policies around the world, particularly in the countries of the former Soviet Union. [Continue reading…]

Facebooktwittermail

Putin says DNC hack was a public service, Russia didn’t do it

Bloomberg reports: “There’s no need to distract the public’s attention from the essence of the problem by raising some minor issues connected with the search for who did it,” Putin said of the DNC breach. “But I want to tell you again, I don’t know anything about it, and on a state level Russia has never done this.”

The Federal Bureau of Investigation has high confidence that the government in Moscow was behind the theft at the DNC and other Democratic Party organizations seeking to propel Clinton to victory over Republican Donald Trump in November, a person familiar with the findings has said. Trump has praised Putin as a great leader and the billionaire’s former campaign chairman spent years working for the Kremlin ally who was ousted from Ukraine’s presidency in 2014.

In a two-hour conversation near Russia’s eastern fringe, Putin touched on subjects ranging from the war in Syria to oil prices and trade with China. It came just two days before Putin, Barack Obama and other world leaders gather at a Group of 20 meeting in Hangzhou.

An internal DNC probe by CrowdStrike Inc., a cybersecurity company, traced the DNC break-in to two groups it says are linked to Russian intelligence services. One, Cozy Bear, it says is affiliated with the Federal Security Service, the main successor to the KGB, while the other, Fancy Bear, it says is tied to the Main Intelligence Directorate, a branch of the Defense Ministry.
James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington, said Russia’s “track record” of state hacking goes back at least a decade, so Putin’s denials aren’t credible.

“Nice try, but no goal,” Lewis said.

The digital net cast by the hackers has widened almost weekly — security experts say it now includes congressional staffers, NATO generals, Washington think tanks and the Democratic Congressional Campaign Committee — adding another unpredictable element to a highly unusual election. The subsequent leaks have included the mobile number of House Minority Leader Nancy Pelosi, who said she was barraged with “obscene” calls within hours.

Putin also took a dig at the U.S. campaign and what he saw as an obvious party bias in favor of Clinton, saying he “couldn’t imagine” that the information leaked from the DNC would be newsworthy for “American society — specifically that the campaign headquarters worked in the interest of one of the candidates, in this case Mrs. Clinton, rather than equally for all of the Democratic party candidates. ”

Alexander Gostev, the chief expert at Kaspersky Lab, a Moscow-based software security firm, said of all the Russian-speaking hacking groups targeting governments, Fancy Bear “is the most notable.”

Malware linked to Fancy Bear was widely detected in Ukrainian government computers during the elections that were held after the country’s Kremlin-backed leader, Viktor Yanukovych, was deposed, Gostev said, adding that “six or seven” groups may be tied to the Russian government.

At the same time, Russia has come under attack by viruses linked to U.S. and U.K. intelligence services, Gostev said, adding that hacking efforts from China against Russian defense and nuclear agencies have intensified in the past year. [Continue reading…]

Facebooktwittermail

Forget software — now hackers are exploiting physics

Andy Greenberg reports: Practically every word we use to describe a computer is a metaphor. “File,” “window,” even “memory” all stand in for collections of ones and zeros that are themselves representations of an impossibly complex maze of wires, transistors and the electrons moving through them. But when hackers go beyond those abstractions of computer systems and attack their actual underlying physics, the metaphors break.

Over the last year and a half, security researchers have been doing exactly that: honing hacking techniques that break through the metaphor to the actual machine, exploiting the unexpected behavior not of operating systems or applications, but of computing hardware itself—in some cases targeting the actual electricity that comprises bits of data in computer memory. And at the Usenix security conference earlier this month, two teams of researchers presented attacks they developed that bring that new kind of hack closer to becoming a practical threat.

Both of those new attacks use a technique Google researchers first demonstrated last March called “Rowhammer.” The trick works by running a program on the target computer, which repeatedly overwrites a certain row of transistors in its DRAM flash memory, “hammering” it until a rare glitch occurs: Electric charge leaks from the hammered row of transistors into an adjacent row. The leaked charge then causes a certain bit in that adjacent row of the computer’s memory to flip from one to zero or vice versa. That bit flip gives you access to a privileged level of the computer’s operating system.

It’s messy. And mind-bending. And it works. [Continue reading…]

Facebooktwittermail

Russian hackers targeted Arizona election system

The Washington Post reports: Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state.

The bureau described the threat as “credible” and significant, “an eight on a scale of one to 10,” Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan (R), said Monday. As a result, Reagan shut down the state’s voter registration system for nearly a week.

It turned out that the hackers had not compromised the state system or even any county system. They had, however, stolen the username and password of a single election official in Gila County.

Roberts said FBI investigators did not specify whether the hackers were criminals or employed by the Russian government. Bureau officials on Monday declined to comment, except to say that they routinely advise private industry of cyberthreats detected in investigations. [Continue reading…]

Facebooktwittermail

Russia-backed DNC hackers strike Washington think tanks

Defense One reports: Last week, one of the Russia-backed hacker groups that attacked Democratic computer networks also attacked several Russia-focused think tanks in Washington, D.C., Defense One has learned.

The perpetrator is the group called COZY BEAR, or APT29, one of the two groups that cybersecurity company CrowdStrike blamed for the DNC hack, according to founder Dmitri Alperovitch. CrowdStrike discovered the attack on the DNC and provides security for the think tanks.

Alperovitch said fewer than five organizations and 10 staffers researching Russia were hit by the “highly targeted operation.” He declined to detail which think tanks and researchers were hit, out of concern for his clients’ interests and to avoid revealing tools and techniques or other data to hackers. CrowdStrike alerted the organizations immediately after the company detected the breaches and intruders were unable to exfiltrate any information, Alperovitch said.

Defense One reached out to several think tanks with programs in Russian research, one of which was the Center for Strategic and International Studies, or CSIS. “Last week we were under attack, but our small staff was very responsive. Beyond that, I’m not going to discuss the details because it is under active investigation,” the H. Andrew Schwartz, CSIS Senior Vice President for External Relations, said in an email. [Continue reading…]

Facebooktwittermail

FBI says foreign hackers penetrated state election systems

Michael Isikoff reports: The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections.

Those concerns prompted Homeland Security Secretary Jeh Johnson to convene a conference call with state election officials on Aug. 15, in which he offered his department’s help to make state voting systems more secure, including providing federal cyber security experts to scan for vulnerabilities, according to a “readout” of the call released by the department. [Continue reading…]

Facebooktwittermail

FBI investigates whether Russia hacked New York Times reporters

The Associated Press reports: The FBI is investigating cyber intrusions targeting reporters of the New York Times and is looking into whether Russian intelligence agencies are responsible for the acts, a US official said Tuesday.

The cyberattacks are believed to have targeted individual reporters, but investigators don’t believe the newspaper’s entire network was compromised, according to the official, who was briefed on the investigation but was not authorized to discuss the matter by name and spoke on condition of anonymity.

CNN first reported the FBI’s investigation.

It was not immediately clear how many reporters may have been affected, nor how many email accounts were targeted. [Continue reading…]

Facebooktwittermail

Outcome of U.S. election seen as ‘question of national security for Russia’ says Kremlin watcher

NPR reports: Investigative journalist Andrei Soldatov says the [Democratic National Committee] hack wasn’t necessarily the work of Russian intelligence services.

“It’s much more complicated than that,” says Soldatov, co-author of The Red Web: The Struggle Between Russia’s Digital Dictators and the New Online Revolutionaries. “We have non-government actors, and they’re really adventurous, really fast and they’re really, really good.”

He says mercenary hackers give the government a way to deny involvement.

Once the material had been stolen, though, [Mark] Galeotti thinks the Kremlin took over.

“The actual leak — the point where they did something with the information they gathered — now there’s no question that that would be regarded as a strategic move, and would need to have had Kremlin sanction,” he says.

Russia’s foreign minister, Sergei Lavrov, repeated this week that Russia doesn’t interfere in the affairs of other countries. Recently he said, “We have witnessed a volley of Russophobic hysteria.”

He called the accusations “ploys to support one candidate and smear another.”

DNC staffers charged that the publication of the emails was a Russian ploy to support the candidacy of Donald Trump. But “I think it’s not about Trump,” says Soldatov. “It’s all about Hillary Clinton.”

What might Russia hope to gain from influencing the American vote?

Soldatov says President Vladimir Putin believes Clinton is a Russia-hater who was behind anti-government demonstrations that took place in Russia in 2011 and 2012.

And Soldatov says this U.S. election is important for Moscow because America’s next leader could determine whether economic sanctions against Russia will be lifted. “And everybody in the Kremlin believes that if Hillary Clinton in the White House, it will be absolutely impossible to get the sanctions against Russia lifted. So in a way, it’s a question of national security for Russia.”

Galeotti thinks the key purpose with the DNC leaks is to divide Clinton’s political base by showing that top party officials worked to freeze out her primary opponent, Bernie Sanders.

The Kremlin’s idea, he says, is to create the impression that politics in the U.S. is manipulated just as much as in Russia. [Continue reading…]

Facebooktwittermail

Release of NSA hacking tools exposes risk of keeping software vulnerabilities secret

The Washington Post reports: To penetrate the computers of foreign targets, the National Security Agency relies on software flaws that have gone undetected in the pipes of the Internet. For years, security experts have pressed the agency to disclose these bugs so they can be fixed, but the agency hackers have often been reluctant.

Now with the mysterious release of a cache of NSA hacking tools over the weekend, the agency has lost an offensive advantage, experts say, and potentially placed at risk the security of countless large companies and government agencies worldwide.

Several of the tools exploited flaws in commercial firewalls that remain unpatched, and they are out on the Internet for all to see. Anyone from a basement hacker to a sophisticated foreign spy agency has access to them now, and until the flaws are fixed, many computer systems may be in jeopardy.

The revelation of the NSA cache, which dates to 2013 and has not been confirmed by the agency, also highlights the administration’s little-known process for figuring out which software errors to disclose and which to keep secret.

The hacker tools’ release “demonstrates the key risk of the U.S. government stockpiling computer vulnerabilities for its own use: Someone else might get a hold of them and use them against us,” said Kevin Bankston, director of New America’s Open Technology Institute.

“This is exactly why it should be U.S. government policy to disclose to software vendors the vulnerabilities it buys or discovers as soon as possible, so we can all better protect our own cybersecurity.” [Continue reading…]

Facebooktwittermail

Possible NSA hacking could signal warning shot from Russia

The New York Times reports: The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed.

Most outside experts who examined the posts, by a group calling itself the Shadow Brokers, said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the N.S.A.’s custom-built malware.

Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the N.S.A. to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.

According to these experts, the coding resembled a series of “products” developed inside the N.S.A.’s highly classified Tailored Access Operations unit, some of which were described in general terms in documents stolen three years ago by Edward J. Snowden, the former N.S.A. contractor now living in Russia.

But the code does not appear to have come from Mr. Snowden’s archive, which was mostly composed of PowerPoint files and other documents that described N.S.A. programs. The documents released by Mr. Snowden and his associates contained no actual source code used to break into the networks of foreign powers.

Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the N.S.A. or other servers around the world that the agency would have used to store the files. The code that was published on Monday dates to mid-2013, when, after Mr. Snowden’s disclosures, the agency shuttered many of its existing servers and moved code to new ones as a security measure.

By midday Tuesday Mr. Snowden himself, in a Twitter message from his exile in Moscow, declared that “circumstantial evidence and conventional wisdom indicates Russian responsibility” for publication, which he interpreted as a warning shot to the American government in case it was thinking of imposing sanctions against Russia in the cybertheft of documents from the Democratic National Committee. [Continue reading…]

Facebooktwittermail

China launches quantum satellite for ‘hack-proof’ communications

The Guardian reports: China says it has launched the world’s first quantum satellite, a project Beijing hopes will enable it to build a coveted “hack-proof” communications system with potentially significant military and commercial applications.

Xinhua, Beijing’s official news service, said Micius, a 600kg satellite that is nicknamed after an ancient Chinese philosopher, “roared into the dark sky” over the Gobi desert at 1.40am local time on Tuesday, carried by a Long March-2D rocket.

“The satellite’s two-year mission will be to develop ‘hack-proof’ quantum communications, allowing users to send messages securely and at speeds faster than light,” Xinhua reported.

The Quantum Experiments at Space Scale, or Quess, satellite programme is part of an ambitious space programme that has accelerated since Xi Jinping became Communist party chief in late 2012.

“There’s been a race to produce a quantum satellite, and it is very likely that China is going to win that race,” Nicolas Gisin, a professor and quantum physicist at the University of Geneva, told the Wall Street Journal. “It shows again China’s ability to commit to large and ambitious projects and to realise them.”

The satellite will be tasked with sending secure messages between Beijing and Urumqi, the capital of Xinjiang, a sprawling region of deserts and snow-capped mountains in China’s extreme west.

Highly complex attempts to build such a “hack-proof” communications network are based on the scientific principle of entanglement. [Continue reading…]

Facebooktwittermail

U.S. considers sanctions against Russia in response to hacks of Democratic groups

The Wall Street Journal reports: U.S. officials are discussing whether to respond to computer breaches of Democratic Party organizations with economic sanctions against Russia, but they haven’t reached a decision about how to proceed, according to several people familiar with the matter.

Levying sanctions would require the White House to publicly accuse Russia, or Russian-backed hackers, of committing the breach and then leaking embarrassing information. The U.S. has frequently opted not to publicly release attribution for cyber-assaults, though Washington did openly accuse North Korea of carrying out an embarrassing breach of Sony Pictures Entertainment Inc. in 2014.

The Federal Bureau of Investigation and U.S. intelligence agencies have been studying the Democratic hacks, and several officials have signaled it was almost certainly carried out by Russian-affiliated hackers. Russia has denied any involvement, but several cybersecurity companies have also released reports tying the breach to Russian hackers.

On Thursday, House Minority Leader Nancy Pelosi (D., Calif.) told reporters, regarding a breach of the Democratic Congressional Campaign Committee, which spearheads the Democratic House campaigns: “I know for sure it is the Russians” and “we are assessing the damage.”

She added, “This is an electronic Watergate…The Russians broke in. Who did they give the information to? I don’t know. Who dumped it? I don’t know.” [Continue reading…]

Facebooktwittermail

Hack of Democrats’ accounts was wider than believed, officials say

The New York Times reports: A Russian cyberattack that targeted Democratic politicians was bigger than it first appeared and breached the private email accounts of more than 100 party officials and groups, officials with knowledge of the case said Wednesday.

The widening scope of the attack has prompted the F.B.I. to broaden its investigation, and agents have begun notifying a long list of Democratic officials that the Russians may have breached their personal accounts.

The main targets appear to have been the personal email accounts of Hillary Clinton’s campaign officials and party operatives, along with a number of party organizations.

Officials have acknowledged that the Russian hackers gained access to the Democratic Congressional Campaign Committee, which is the fund-raising arm for House Democrats, and to the Democratic National Committee, including a D.N.C. voter analytics program used by Mrs. Clinton’s presidential campaign.

But the hack now appears to have extended well beyond those groups, and organizations like the Democratic Governors’ Association may also have been affected, according to Democrats involved in the investigation. [Continue reading…]

Facebooktwittermail