Russian president Vladimir Putin. (photo: Alexnei Nikolosky/Getty Images)
DHS
and FBI Publish Report Detailing Some Evidence of Russian Hacking
By Chris Strohm, Bloomberg
01 January 17
The
attack against U.S. democracy began in the summer of 2015 with a simple trick:
Hackers working for Russia’s civilian intelligence service sent e-mails with
hidden malware to more than 1,000 people working for the American government
and political groups.
U.S.
intelligence agencies say that was the modest start of “Grizzly Steppe,” their
name for what they say developed into a far-reaching Russian operation to
interfere with this year’s presidential election.
Prodded
to produce evidence by Russia, which has denied a role in hacking -- and by an
openly skeptical President-elect Donald Trump -- the FBI and the Department of Homeland Security did so
Thursday. They issued a 13-page joint analysis just as President Barack
Obama imposed sanctions against Russian government
organizations and individuals and expelled 35 Russian operatives.
While
Trump said in a statement Thursday that “it’s time for our country to move on
to bigger and better things,” he said he “will meet with leaders of the
intelligence community next week in order to be updated on the facts of this
situation.” As president-elect he’s entitled to see the classified details
behind the public report.
Russia
denies any role in the cyber-attacks. President Vladimir Putin, in a statement
from the Kremlin after his foreign minister asked him to approve a mirror
expulsion of U.S. diplomats, said his country wouldn’t “send anyone away.”
Foothold
Into DNC
The
initial hackers sent e-mails that appeared to come from legitimate websites and
other Internet domains tied to U.S. organizations and educational institutions,
according to the report. Those who were fooled into clicking on the
“spearphishing” e-mails provided a foothold into the Democratic National
Committee -- although the party organization wasn’t identified by name in the
report -- and key e-mail accounts for material that would later be leaked to
damage Hillary Clinton in her losing campaign against Trump.
“This
activity by Russian intelligence services is part of a decade-long campaign of
cyber-enabled operations directed at the U.S. government and its citizens,”
according to a joint statement from the Federal Bureau of
Investigation, DHS and the Office of the Director of
National Intelligence. “The U.S. government seeks to arm network
defenders with the tools they need to identify, detect and disrupt Russian
malicious cyber activity that is targeting our country’s and our allies’
networks.”
Dmitry
Peskov, a Kremlin spokesman, rejected the U.S. conclusions. “We
categorically disagree with any of the groundless allegations or charges
against Russia,” he said on a conference call. “These actions by the current
administration in Washington are unfortunately a manifestation of an unpredictable
and you could even say aggressive policy.”
In
addition to providing evidence, the report was intended to embarrass and stymie
the Russian government by making public its tactics, techniques and procedures,
according to a U.S. official who asked not to be identified discussing internal
deliberations.
Along
with the report, the Homeland Security Department released an extensive list of
Internet Protocol addresses, computer files, malware code and other
“signatures” that it said the Russian hackers have used.
“These
actors set up operational infrastructure to obfuscate their source
infrastructure, host domains and malware for targeting organizations, establish
command and control nodes, and harvest credentials and other valuable
information from their targets," the report said.
The
initial hackers worked for Russia’s FSB, the successor to the Soviet Union’s
KGB. Once inside the DNC, the group dubbed “Advanced Persistent Threat 29” or
“APT 29,” used stolen credentials to expand its access to directories and other
data, and made off with e-mail from several accounts through encrypted
communication channels, according to the report.
Second
Wave
Then,
a second wave came in the spring of 2016. Hackers working for Russia’s military
intelligence service, the GRU, and dubbed “Advanced Persistent Threat 28” or
APT 28, infiltrated the DNC’s networks through more spearphishing e-mails, the
report said.
“This
time, the spearphishing e-mail tricked recipients into changing their passwords
through a fake webmail domain hosted on APT 28 operational infrastructure,”
according to the report. “Using the harvested credentials, APT 28 was able to
gain access and steal content, likely leading to the exfiltration of
information from multiple senior party members. The U.S. government assesses
that information was leaked to the press and publicly disclosed.”
While
the report doesn’t name the DNC, U.S. officials and cybersecurity researchers
have confirmed that it was a prime target of the Russian hackers.
“A
great deal of analysis and forensic information related to Russian government
activity has been published by a wide range of security companies,” according
to the statement from the FBI, DHS and DNI. “The U.S. government can confirm
that the Russian government, including Russia’s civilian and military
intelligence services, conducted many of the activities generally described by
a number of these security companies.”
Still
Hacking
The
U.S. government first announced that intelligence agencies had high confidence
that the Russian government was behind the hacking a month before the Nov. 8
election. Despite that public declaration, the hacking attacks have apparently
continued.
Actors
probably associated with Russian civilian and military intelligence services
“are continuing to engage in spearphishing campaigns, including one launched as
recently as November 2016, just days after the U.S. election,” the report said.
C 2015 Reader Supported News
Donations can be sent
to the Baltimore Nonviolence Center, 325 E. 25th St., Baltimore, MD
21218. Ph: 410-323-1607; Email: mobuszewski [at] verizon.net. Go to http://baltimorenonviolencecenter.blogspot.com/
"The master class
has always declared the wars; the subject class has always fought the battles.
The master class has had all to gain and nothing to lose, while the subject
class has had nothing to gain and everything to lose--especially their
lives." Eugene Victor Debs
No comments:
Post a Comment