Russian hackers evolve to serve the Kremlin

The Wall Street Journal reports: With the hacking of Hillary Clinton’s campaign and the Democratic National Committee, U.S. officials say Russia has unleashed a strengthened cyberwarfare weapon to sow uncertainty about the U.S. democratic process.

In doing so, Russia has transformed state-sponsored hackers known as Fancy Bear and Cozy Bear from internet spies to political tools with the power to target the country’s adversaries, according to U.S. officials and cybersecurity experts.

The attacks are the harder side of parallel campaigns in the Kremlin’s English-language media, which broadcast negative news about Western institutions and alliances and focus on issues that demonstrate or stoke instability in the West, such as Brexit. Moscow seeks particularly to weaken the North Atlantic Treaty Organization, which has expanded its defense against Russia.

“The underlying philosophy of a lot of these attacks is about establishing information as a weapon,” said Alexander Klimburg, a cyber expert at the Hague Center for Strategic Studies. “Hacking for them is literally about controlling information.”

President Vladimir Putin denies Russian involvement in the hacking, but in a way that telegraphs glee about the potential chaos being sown in the U.S. democratic process.

“Everyone is talking about who did it, but is it so important who did it?” Mr. Putin said. “What is important is the content of this information.”

Former Central Intelligence Agency Director Michael Hayden said the Kremlin doesn’t appear to be trying to influence the election’s outcome, noting Russian involvement has provided fodder for both Republicans and Democrats. “They are not trying to pick a winner,” he said Tuesday at a cybersecurity conference in Washington. Rather, Russia is likely unleashing the emails “to mess with our heads.”

Pro-Kremlin commentators in Russia have seized on the DNC leaks to cast doubt on the American democratic process and argue that Washington has no right to criticize Moscow. They have said the hacked DNC emails, which showed party officials working to undermine primary runner-up Bernie Sanders, prove Americans are hypocritical when they malign Mr. Putin’s authoritarianism. [Continue reading…]

Facebooktwittermail

White House says U.S. will retaliate against Russia for hacking

Politico reports: White House Press Secretary Josh Earnest promised on Tuesday that the U.S. would deliver a “proportional” response to Russia’s alleged hacking of American computer systems.

In addition to pledging that the U.S. “will ensure that our response is proportional,” Earnest told reporters flying on Air Force One that “it is unlikely that our response would be announced in advance.”

“The president has talked before about the significant capabilities that the U.S. government has to both defend our systems in the United States but also carry out offensive operations in other countries,” he said as the press corps traveled with the president to a Hillary Clinton campaign event in North Carolina. “So there are a range of responses that are available to the president and he will consider a response that is proportional.” [Continue reading…]

Facebooktwittermail

U.S. government officially accuses Russia of hacking campaign to interfere with elections

The Washington Post reports: The Obama administration on Friday officially accused Russia of attempting to interfere in the 2016 elections, including by hacking the computers of the Democratic National Committee and other political organizations.

The denunciation, made by the Office of the Director of National Intelligence and the Department of Homeland Security, came as pressure was growing from within the administration and some lawmakers to publicly name Moscow and hold it accountable for actions apparently aimed at sowing discord around the election.

“The U.S. Intelligence Community is confident that the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations,” said a joint statement from the two agencies. “. . . These thefts and disclosures are intended to interfere with the U.S. election process.”

The public finger-pointing was welcomed by senior Democratic and Republican lawmakers, who also said they now expect the administration to move to punish the Kremlin as part of an effort to deter further acts by its hackers. [Continue reading…]

Facebooktwittermail

Who are the Russian-backed hackers attacking the U.S. political system?

NBC News reports: Two teams of highly skilled hackers directed and protected by the Russian state are on the offensive.

Cybersecurity experts and intelligence officials tell NBC News the same hackers who broke into the Democratic Party’s computers, the World Anti-Doping Agency’s Administration System and who are implicated in the leaks of the personal emails of former Secretary of State Colin Powell and the health documents of Olympians are executing a Kremlin-backed campaign of cyber-espionage and sabotage.

Their target: Western democratic institutions and Russia’s political opponents.

“They are starting to figure out the way to apply the power they have in terms of technical capabilities into the geopolitical aspect,” Italian cyber security investigator Stefano Maccaglia told NBC News.

At a small square in Rome on a recent summer day, Maccaglia explained how he came to know most of these hackers in the early 2000s, when he was one himself. Having since crossed to the other side, Maccaglia’s job now is to investigate — sometimes for the Italian government — the Russian hackers’ cyber-attacks.

Maccaglia, who is now an advisory consultant for the network security company RSA, explained that the two teams of Russian hackers vary from trained researchers with a mathematical background to “the very funny person” skilled in computer programming languages and are turned into “gangs of cyber-mercenaries” who offer their “brilliance” to the highest bidder.

“They obviously have a very good life now,” Maccaglia said of the privileges they enjoy for their services.

Their relationship to the Russian state, he explained, is a win-win: The cyber gangsters are allowed to keep stealing — their traditional hacking work — as long as they do the bidding of Russian intelligence services.

In exchange, they receive state protection.

“They are above the law and are obviously protected,” Maccaglia said. “That’s why nobody can prosecute them. There is no way to reach them anymore.” [Continue reading…]

Facebooktwittermail

U.S. investigating potential covert Russian plan to disrupt November elections

The Washington Post reports: U.S. intelligence and law enforcement agencies are investigating what they see as a broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions, intelligence and congressional officials said.

The aim is to understand the scope and intent of the Russian campaign, which incorporates cyber-tools to hack systems used in the political process, enhancing Russia’s ability to spread disinformation.

The effort to better understand Russia’s covert influence operations is being coordinated by James R. Clapper Jr., the director of national intelligence. “This is something of concern for the DNI,” said Charles Allen, a former longtime CIA officer who has been briefed on some of these issues. “It is being addressed.”

A Russian influence operation in the United States “is something we’re looking very closely at,” said one senior intelligence official who, like others interviewed, spoke on the condition of anonymity to discuss a sensitive matter. Officials also are examining potential disruptions to the election process, and the FBI has alerted state and local officials to potential cyberthreats.

The official cautioned that the intelligence community is not saying it has “definitive proof” of such tampering, or any Russian plans to do so. “But even the hint of something impacting the security of our election system would be of significant concern,” the official said. “It’s the key to our democracy, that people have confidence in the election system.”

The Kremlin’s intent may not be to sway the election in one direction or another, officials said, but to cause chaos and provide propaganda fodder to attack U.S. democracy-building policies around the world, particularly in the countries of the former Soviet Union. [Continue reading…]

Facebooktwittermail

Release of NSA hacking tools exposes risk of keeping software vulnerabilities secret

The Washington Post reports: To penetrate the computers of foreign targets, the National Security Agency relies on software flaws that have gone undetected in the pipes of the Internet. For years, security experts have pressed the agency to disclose these bugs so they can be fixed, but the agency hackers have often been reluctant.

Now with the mysterious release of a cache of NSA hacking tools over the weekend, the agency has lost an offensive advantage, experts say, and potentially placed at risk the security of countless large companies and government agencies worldwide.

Several of the tools exploited flaws in commercial firewalls that remain unpatched, and they are out on the Internet for all to see. Anyone from a basement hacker to a sophisticated foreign spy agency has access to them now, and until the flaws are fixed, many computer systems may be in jeopardy.

The revelation of the NSA cache, which dates to 2013 and has not been confirmed by the agency, also highlights the administration’s little-known process for figuring out which software errors to disclose and which to keep secret.

The hacker tools’ release “demonstrates the key risk of the U.S. government stockpiling computer vulnerabilities for its own use: Someone else might get a hold of them and use them against us,” said Kevin Bankston, director of New America’s Open Technology Institute.

“This is exactly why it should be U.S. government policy to disclose to software vendors the vulnerabilities it buys or discovers as soon as possible, so we can all better protect our own cybersecurity.” [Continue reading…]

Facebooktwittermail

Possible NSA hacking could signal warning shot from Russia

The New York Times reports: The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed.

Most outside experts who examined the posts, by a group calling itself the Shadow Brokers, said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the N.S.A.’s custom-built malware.

Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the N.S.A. to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.

According to these experts, the coding resembled a series of “products” developed inside the N.S.A.’s highly classified Tailored Access Operations unit, some of which were described in general terms in documents stolen three years ago by Edward J. Snowden, the former N.S.A. contractor now living in Russia.

But the code does not appear to have come from Mr. Snowden’s archive, which was mostly composed of PowerPoint files and other documents that described N.S.A. programs. The documents released by Mr. Snowden and his associates contained no actual source code used to break into the networks of foreign powers.

Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the N.S.A. or other servers around the world that the agency would have used to store the files. The code that was published on Monday dates to mid-2013, when, after Mr. Snowden’s disclosures, the agency shuttered many of its existing servers and moved code to new ones as a security measure.

By midday Tuesday Mr. Snowden himself, in a Twitter message from his exile in Moscow, declared that “circumstantial evidence and conventional wisdom indicates Russian responsibility” for publication, which he interpreted as a warning shot to the American government in case it was thinking of imposing sanctions against Russia in the cybertheft of documents from the Democratic National Committee. [Continue reading…]

Facebooktwittermail

U.S. considers sanctions against Russia in response to hacks of Democratic groups

The Wall Street Journal reports: U.S. officials are discussing whether to respond to computer breaches of Democratic Party organizations with economic sanctions against Russia, but they haven’t reached a decision about how to proceed, according to several people familiar with the matter.

Levying sanctions would require the White House to publicly accuse Russia, or Russian-backed hackers, of committing the breach and then leaking embarrassing information. The U.S. has frequently opted not to publicly release attribution for cyber-assaults, though Washington did openly accuse North Korea of carrying out an embarrassing breach of Sony Pictures Entertainment Inc. in 2014.

The Federal Bureau of Investigation and U.S. intelligence agencies have been studying the Democratic hacks, and several officials have signaled it was almost certainly carried out by Russian-affiliated hackers. Russia has denied any involvement, but several cybersecurity companies have also released reports tying the breach to Russian hackers.

On Thursday, House Minority Leader Nancy Pelosi (D., Calif.) told reporters, regarding a breach of the Democratic Congressional Campaign Committee, which spearheads the Democratic House campaigns: “I know for sure it is the Russians” and “we are assessing the damage.”

She added, “This is an electronic Watergate…The Russians broke in. Who did they give the information to? I don’t know. Who dumped it? I don’t know.” [Continue reading…]

Facebooktwittermail

Hack of Democrats’ accounts was wider than believed, officials say

The New York Times reports: A Russian cyberattack that targeted Democratic politicians was bigger than it first appeared and breached the private email accounts of more than 100 party officials and groups, officials with knowledge of the case said Wednesday.

The widening scope of the attack has prompted the F.B.I. to broaden its investigation, and agents have begun notifying a long list of Democratic officials that the Russians may have breached their personal accounts.

The main targets appear to have been the personal email accounts of Hillary Clinton’s campaign officials and party operatives, along with a number of party organizations.

Officials have acknowledged that the Russian hackers gained access to the Democratic Congressional Campaign Committee, which is the fund-raising arm for House Democrats, and to the Democratic National Committee, including a D.N.C. voter analytics program used by Mrs. Clinton’s presidential campaign.

But the hack now appears to have extended well beyond those groups, and organizations like the Democratic Governors’ Association may also have been affected, according to Democrats involved in the investigation. [Continue reading…]

Facebooktwittermail

Obama prepares to boost U.S. cyberwarfare capabilities

Reuters reports: The Obama administration is preparing to elevate the stature of the Pentagon’s Cyber Command, signaling more emphasis on developing cyber weapons to deter attacks, punish intruders into U.S. networks and tackle adversaries such as Islamic State, current and former officials told Reuters.

Under the plan being considered at the White House, the officials said, U.S. Cyber Command would become what the military calls a “unified command” equal to combat branches of the military such as the Central and Pacific Commands.

Cyber Command would be separated from the National Security Agency, a spy agency responsible for electronic eavesdropping, the officials said. That would give Cyber Command leaders a larger voice in arguing for the use of both offensive and defensive cyber tools in future conflicts. [Continue reading…]

Facebooktwittermail

Clinton campaign said to be hacked, apparently by Russians

The New York Times reports: Computer systems used by Hillary Clinton’s presidential campaign were hacked in an attack that appears to have come from Russia’s intelligence services, a federal law enforcement official said on Friday.

The apparent breach, coming after the disclosure last month that the Democratic National Committee’s computer system had been compromised, escalates an international episode in which Clinton campaign officials have suggested that Russia might be trying to sway the outcome of the election.

Mrs. Clinton’s campaign said in a statement that intruders had gained access to an analytics program used by the campaign and maintained by the national committee, but it said that it did not believe that the campaign’s own internal computer systems had been compromised.

The Democratic Congressional Campaign Committee, the fund-raising arm for House Democrats, also said on Friday that its systems had been hacked. Together, the databases of the national committee and the House organization contain some of the party’s most sensitive communications and voter and financial data.

Meredith Kelly, a spokeswoman for the congressional committee, said that after it discovered the breach, “we immediately took action and engaged with CrowdStrike, a leading forensic investigator, to assist us in addressing this incident.”

The attack on the congressional committee’s system appears to have come from an entity known as “Fancy Bear,” which is connected to the G.R.U., the Russian military intelligence service, according to an official involved in the forensic investigation. [Continue reading…]

Reuters reports: Several U.S. officials said the Obama administration has avoided publicly attributing the attacks to Russia as that might undermine Secretary of State John Kerry’s effort to win Russian cooperation in the war on Islamic State in Syria.

The officials said the administration fears Russian President Vladimir Putin might respond to a public move by escalating cyber attacks on U.S. targets, increasing military harassment of U.S. and allied aircraft and warships in the Baltic and Black Seas, and making more aggressive moves in Eastern Europe.

Some officials question the approach, arguing that responding more forcefully to Russia would be more effective than remaining silent.

The Obama administration announced in an April 2015 executive order that it could apply economic sanctions in response to cyber attacks. [Continue reading…]

Facebooktwittermail

How vulnerable to hacking is the U.S. election cyber infrastructure?

By Richard Forno, University of Maryland, Baltimore County

Following the hack of Democratic National Committee emails and reports of a new cyberattack against the Democratic Congressional Campaign Committee, worries abound that foreign nations may be clandestinely involved in the 2016 American presidential campaign. Allegations swirl that Russia, under the direction of President Vladimir Putin, is secretly working to undermine the U.S. Democratic Party. The apparent logic is that a Donald Trump presidency would result in more pro-Russian policies. At the moment, the FBI is investigating, but no U.S. government agency has yet made a formal accusation.

The Republican nominee added unprecedented fuel to the fire by encouraging Russia to “find” and release Hillary Clinton’s missing emails from her time as secretary of state. Trump’s comments drew sharp rebuke from the media and politicians on all sides. Some suggested that by soliciting a foreign power to intervene in domestic politics, his musings bordered on criminality or treason. Trump backtracked, saying his comments were “sarcastic,” implying they’re not to be taken seriously.

Of course, the desire to interfere with another country’s internal political processes is nothing new. Global powers routinely monitor their adversaries and, when deemed necessary, will try to clandestinely undermine or influence foreign domestic politics to their own benefit. For example, the Soviet Union’s foreign intelligence service engaged in so-called “active measures” designed to influence Western opinion. Among other efforts, it spread conspiracy theories about government officials and fabricated documents intended to exploit the social tensions of the 1960s. Similarly, U.S. intelligence services have conducted their own secret activities against foreign political systems – perhaps most notably its repeated attempts to help overthrow pro-communist Fidel Castro in Cuba.

Although the Cold War is over, intelligence services around the world continue to monitor other countries’ domestic political situations. Today’s “influence operations” are generally subtle and strategic. Intelligence services clandestinely try to sway the “hearts and minds” of the target country’s population toward a certain political outcome.

What has changed, however, is the ability of individuals, governments, militaries and criminal or terrorist organizations to use internet-based tools – commonly called cyberweapons – not only to gather information but also to generate influence within a target group.

So what are some of the technical vulnerabilities faced by nations during political elections, and what’s really at stake when foreign powers meddle in domestic political processes?

[Read more…]

Facebooktwittermail