|
A number of hackers have been picked up by law enforcement in recent months. As the Senate Intelligence, Senate Judiciary, and House Intelligence Committees, and Special Counsel Robert Mueller’s team, continue to dig deeper into Russian intervention in the 2016 election, these hackers and their exploits may be of interest.
Yevgeniy Nikulin Nikulin was detained in the Czech Republic on October 5, 2016 at the request of the U.S. government, for allegedly hacking LinkedIn, Dropbox and Formspring servers in 2012 and 2013. The Newsweek article from May 11 can be found here. http://www.newsweek.com/fbi-investigation-clinton-emails-russia-hack-607538 The Justice Department indictment is described here. https://www.justice.gov/opa/pr/yevgeniy-nikulin-indicted-hacking-linkedin-dropbox-and-formspring An article from The Guardian from January 2017 can be found here. https://www.theguardian.com/technology/2017/jan/27/us-russia-hacking-yevgeniy-nikulin-linkedin-dropbox An article from The Guardian from May 2017 can be found here. https://www.theguardian.com/technology/2017/may/30/suspected-russian-hacker-step-closer-to-us-extradition-yevgeniy-nikulin Taylor Huddleston Taylor Huddleston was arrested in early 2017 in Arkansas on charges of conspiracy and aiding and abetting computer intrusions. He designed a Remote Administration Tool (RAT) called Nanocore, which has been used by hackers in attacks “in at least 10 countries, including an attack on Middle Eastern energy firms in 2015, and a massive phishing campaign last August in which the perpetrators posed as major oil and gas company,” according to the Daily Beast. A Remote Access Trojan (also using the acronym RAT) is a type of malware program that includes a back door, which gives an unknown attacker remote administrative control. RATs are usually downloaded by a user when a link is clicked, often as an email attachment or a downloadable game. While the Daily Beast article, written by former black-hat hacker Kevin Poulsen, suggests that Huddleston is being unfairly targeted, an article in Krebs On Security explains that the case is more complicated. The Daily Beast article can be found here. http://www.thedailybeast.com/fbi-arrests-hacker-who-hacked-no-one The Krebs on Security article can be found here. https://krebsonsecurity.com/tag/taylor-huddleston/ The indictment against Huddleston can be found here. https://krebsonsecurity.com/wp-content/uploads/2017/04/W.D.Ark_._null_null_0.pdf Kevin Poulsen’s exploits as a black-hat hacker are described here. http://www.nndb.com/people/453/000022387/ Peter Levashov, also known as Peter Severa A hacker from Saint Petersburg, Russia, described as a criminal kingpin, was arrested in Spain on April 7. Known as the "Spam King," had control of as many as 100,000 computers at times. The computers were infected using malware delivered to the computer by a user clicking on an email link. While it is unclear if Levashov's computer network played a role in the 2016 U.S. election, the computer botnet controlled by him was used to spread fake news about the opponent of Vladimir Putin in Russia's 2012 election. His botnet may also have been instrumental in the attack in 2007 on the Estonian banking system. U.S. law enforcement officials have been watching for an opportunity to arrest Levashov for years. A New York Times article describing his arrest can be found here. https://www.nytimes.com/2017/04/10/technology/us-arrest-russian-email-spam-peter-levashov.html A Wired article about him can be found here. https://www.wired.com/2017/04/fbi-took-russias-spam-king-massive-botnet/
0 Comments
 What Investigations Are Ongoing?
There are a number of federal investigations going on concerning members of the Trump administration and campaign staff, concerning their possible interaction with Russian government intervention in the 2016 presidential election. Special Counsel Robert Mueller is investigating Trump campaign and administration involvement in Russian government interference in the 2016 election. He has recently expanded his office and added a secure compartmentalized information facility (SCIF). http://www.cnn.com/2017/06/16/politics/robert-mueller-special-counsel-lawyers/index.html The Senate Intelligence Committee, chaired by Senators Richard Burr and Mark Warner, is investigating interference in the 2016 election, and how to prevent interference in future elections. https://www.nytimes.com/2017/03/29/us/politics/senate-intelligence-committee-burr-warner-russia-investigation.html http://talkingpointsmemo.com/livewire/kushner-testify-senate-intelligence-committee The House Intelligence Committee, chaired by Representative Devin Nunes and Representative Adam Schiff, is investigating aspects of the interaction between the Russian government and the Trump administration. Recently Jeh Johnson, former Director of the Department of Homeland Security, testified in open hearing. Chairman Nunes has recused himself from matters relating to the Trump campaign and the Trump administration, due to his position as a member of the transition team and subsequent interactions with the Trump administration. https://democrats-intelligence.house.gov/news/documentsingle.aspx?DocumentID=251 Who’s Who In the Investigations? http://www.cnn.com/2017/03/29/politics/russia-investigation-cast-of-characters/index.html https://www.washingtonpost.com/news/politics/wp/2017/03/03/the-web-of-relationships-between-team-trump-and-russia/?utm_term=.6796846383c5 https://www.nytimes.com/2017/06/22/opinion/robert-muellers-inquiry-into-ties-to-russia.html Who Is Under Investigation? 1. President of the United States Donald Trump
Photo source: Marketwatch There seems to be a lot of bot and troll activity on Twitter this weekend. How can you tell if a Twitter account is a bot? Here is a quick guide.
Here are some illustrations that may help explain how bots attach themselves to the accounts of prominent people, especially those who raise awareness of unflattering stories about Trump’s associations with organized crime and Russia.  The exchange above started out with some real people, and the bots seemed to take over:  This is common - two bots begin a "conversation" with each other, drowning out conversation among real readers. Bots are algorithms, program code written to accomplish a goal. These bots are programmed by someone. Here is another example of bot activity - multiple posts meant to drown out real conversation.  urns out I was right. "Kelly" was a bot. When I find a bot or a troll, I just block them and move on. The goal of the programmers and personas is to confuse readers and depress real comments. Silencing them takes away their power.   McClatchy DC reported July 13 that the Trump campaign data analytics operation is under scrutiny by the multiple investigations into possible coordination between the campaign and operatives working for the Russian government. “Congressional and Justice Department investigators are focusing on whether Trump’s campaign pointed Russian cyber operatives to certain voting jurisdictions in key states – areas where Trump’s digital team and Republican operatives were spotting unexpected weakness in voter support for Hillary Clinton, according to several people familiar with the parallel inquiries.” The McClatchy DC article explains that investigators now know that the Kremlin mounted a cyberattack on the United States of “unprecedented scale and sophistication” which delivered false and misleading stories about Hillary Clinton to the social media accounts of millions of voters. The McClatchy DC article can be found here. http://www.mcclatchydc.com/news/nation-world/national/article160803619.html Will Bunch summarized some of the issues in the investigation in Philly.com. His suggestion for understanding how the Russians interfered in our election, and how the Republican National Committee and the Trump campaign may have coordinated with them inolves just three words: Follow the data. Bunch quotes Carole Cadwalladr of the Guardian: “There are three strands to this story. How the foundations of an authoritarian surveillance state are being laid in the US. How British democracy was subverted through a covert, far-reaching plan of coordination enabled by a US billionaire. And how we are in the midst of a massive land grab for power by billionaires via our data. Data which is being silently amassed, harvested and stored. Whoever owns this data owns the future.” The article from Philly.com can be found here. http://www.philly.com/philly/columnists/will_bunch/the-key-to-the-trump-russia-scandal-follow-the-data-20170713.html An article from Advertising Age explained in December of 2016 how the Trump campaign data analytics team used multiple data sources to assemble a data strategy to target voters with maximum impact and minimum cost. After an October 5 meeting, the data team concentrated on three groups of voters they needed to convince to vote for their candidate. “There were three especially important voter segments they'd need to swing towards their candidate: unallocated voters, defined as people who were predisposed to listen to the Trump campaign and the GOP's message; ‘DJT Underperform’ voters, or Republicans still unconvinced about supporting Mr. Trump; and ‘HRC Change’ voters, defined as people leaning toward Hillary Clinton but also craving change in government." Investigators now suspect, according to the McClatchy DC article from July 13, that the Russians targeted voters in swing states, even in key precincts. According to a source familiar with the criminal probe into Trump-Russia collaboration, investigators doubt that Russian operatives controlling the bots and trolls that distributed false and misleading news stories and memes satirizing Clinton could have “independently ‘known where to specifically target … to which high impact states and districts in those states.’” The Advertising Age article can be found here. http://adage.com/article/campaign-trail/trump-camp-s-inexperience-set-stage-rnc-data-win/307105/ A June 2017 article in The Verge provides insight into how Deep Root Analytics, which worked on the campaign for the Republican National Committee, scooped up data from Reddit, but it is still unclear how this data was used to target voters. The scooped data was found when Deep Root Analytics left highly personal data about nearly 200 million U.S. voters on an unprotected cloud server in June. The exposed data, which includes multiple data points about far more voters than those registered Republican, The Verge suggests that Deep Root Analytics may have been attempting to match Reddit profiles with voter information data, perhaps to categorize voters into the groups identified as important to turn toward Trump. The article from The Verge can be found here. https://www.theverge.com/2017/6/19/15829234/deep-root-analytics-leak-reddit-voter-targeting-gop The giant RNC data leak of nearly 200 million voters’ information was discovered in June of 2017 by Chris Vickery, a well-known cyber risk researcher working for the company Upguard, who has discovered these kinds of breaches before. A detailed article about the RNC breach, along with a recorded question and answer period with Vickery, was published by the cyber security company Upguard, and updated July 12. The article can be found here. https://www.upguard.com/breaches/the-rnc-files  Source: Getty Images
Jared Kushner, advisor to President Trump, has become a focus of the FBI investigation into possible coordination between the Trump campaign and the Russian government. CNN described the three areas of interest to investigators, according to U.S. officials: the Trump campaigns data analytics operation; Kushner’s relationship with General Michael Flynn; and Kushner’s contacts with Russians, which were not disclosed on his Standard Form 86 when he applied for his security clearance. The CNN report can be found here. http://www.cnn.com/2017/05/25/politics/fbi-russia-investigation-jared-kushner/index.html A May 2017 article in Newsweek, originally published on the Just Security website, explained some of the issues being investigated. http://www.newsweek.com/did-russians-target-dem-voters-kushners-help-613612 An article in Motherboard from January 2017 describes the connection between the Leave.EU campaign that led to Brexit, the Trump campaign, the psychometrics department at Cambridge University, and the mysterious data company Cambridge Analytica. https://motherboard.vice.com/en_us/article/mg9vvn/how-our-likes-helped-trump-win  Many millions of Americans have been victims of data theft, including information about personal health, credit card and other financial information, emails, and purchasing habits. Some of the larger thefts are described below.
While people tend to think of data theft as primarily a financial crime, it is becoming increasingly clear that there may be other reasons for thieves to steal personal data. In the case of the Yahoo hack, data stolen may have been used for blackmail. Yahoo In 2014, Russian hackers stole the data of 500 million Yahoo users. The hacking group included Russian intelligence officers. According to the New York Times and federal documents, the Russian government used the stolen data to spy on journalists, government and military officials, bank executives, two cloud computing companies, one airline, and a Nevada gambling regulator. The New York Times article can be found here. https://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html The federal indictment, announced in March of 2017, can be found here. https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions A Washington Post article with more information about the Yahoo hack can be found here. https://www.washingtonpost.com/world/national-security/justice-department-charging-russian-spies-and-criminal-hackers-for-yahoo-intrusion/2017/03/15/64b98e32-0911-11e7-93dc-00f9bdd74ed1_story.html?utm_term=.76adfb49d23e Office of Personnel Management A hack of data stored by the Office of Personnel Management, stolen in 2014 and 2015, was originally reported to involve 4 million individuals. In July of 2015 Reuters reported that the number had grown to 21.5 million people’s personal information that had been stolen. The hackers were, and still are, believed to have originated the hack in China. The Reuters article can be found here. https://www.reuters.com/article/us-cybersecurity-usa-idUSKCN0PJ2M420150709 An article from Wired magazine from October 2016 can be found here. https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/ Trump Hotels Reuters reported on July 12, 2017 that Trump International Hotels Management LLC had announced that a data breach at a service provider compromised credit card payment details at 14 of its properties. It was unclear today how many customers were affected. Last year Trump International Hotels Management paid a $50,000 fine in New York state for failing to notify customers immediately after data breeches in 2015 exposed more than 70,000 credit card numbers and 300 Social Security numbers. The company also agreed to update its security practices. According to a report in the Los Angeles Times, the Trump hotel chain is probably a greater target for hackers because the chain has been attracting more Republican politicians, industry lobbyists, and foreign officials who use the hotel to try to curry favor with President Trump. The Reuters article can be found here. https://www.reuters.com/article/us-trumphotels-cyber-idUSKBN19X2G2 The Los Angeles Times article can be found here. http://www.latimes.com/business/la-fi-trump-hotels-20170712-story.html Target Retail chain Target paid a $18.5 million multistate settlement for a data breach resulting from a cyberattack in 2013 that resulted in the theft of payment information for 41 million customers, and contact information for 60 million. A USA Today article about the Target cyberattack can be found here. https://www.usatoday.com/story/money/2017/05/23/target-pay-185m-2013-data-breach-affected-consumers/102063932/ Home Depot A 2014 cyberattack on the home improvement chain Home Depot resulted in the theft of credit card data from 56 million customers. In addition, the email address information of about 53 million customers was also stolen. Home Depot was ordered to pay $27.2 million to financial institutions that bore the brunt of the financial burden from the attack, and to update its security practices. The gang that launched the attack used malware to steal payment information at self-checkout lanes in the U.S. and Canada. They were inside the system from April to September of 2014. A March 2017 article from Infosecurity Magazine about the Home Depot breach can be found here. https://www.infosecurity-magazine.com/news/home-depot-to-pay-2725m/ Anthem A cyberattack on health care company Anthem resulted in a security breach of 78.8 million individuals’ protected health information. A national investigation of the breach pointed to “a foreign government” as the source of the attack. The breach began in February of 2014, when a user within an Anthem subsidiary opened a phishing email containing malware. Opening the email enabled the malicious program to infect the system and allow the hackers remote access to at least 90 computer systems within the Anthem group of companies. In response to the breach, Anthem agreed to enhance its security systems, and to provide credit protection to consumers who experienced information theft. The press release from the California Insurance Commissioner about the Anthem breach can be found here. http://www.insurance.ca.gov/0400-news/0100-press-releases/2017/release001-17.cfm An article from Fox Business can be found here. http://www.foxbusiness.com/features/2017/06/23/anthem-agrees-to-115-million-settlement-data-breach-lawsuit.html Microtargeting (aiming advertising and other content very specifically at users who meet certain criteria) was used extensively in the 2016 presidential election to boost stories critical of Hillary Clinton and favorable to Donald Trump. An article published in Mother Jones in October of 2016, which originally appeared in ProPublica, describes the process. http://www.motherjones.com/politics/2016/10/facebook-advertisers-exclude-users-by-race/  According to a Slovakian internet security company called ESET, Russian state hackers used Britney Spears’s official Instagram account as a means of communicating the location of the group’s command and control server. This was done without the knowledge of Spears or her team.
Coded messages within the comments on the Instagram posts pointed to the location of the C & C server. Communication the location of the server in this way means the location can change to avoid detection. The suspected Russian state hacking group, Turla, has targeted governments, government officials, and diplomats with malware controlled from servers infected with malware. Several articles about the discovery can be found here. https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-britney-spears-instagram-posts-to-control-malware/ http://www.rollingstone.com/culture/news/britney-spears-instagram-used-by-russian-hackers-w486843 http://www.newsweek.com/russian-hackers-britney-spears-instagram-623849 https://www.usatoday.com/story/tech/news/2017/06/08/britney-spears-instagram-account-used-russian-hackers/102645960/ A detailed article about a typical hacker attack, published on LinkedIn, can be found here. LinkedIn, Dropbox and Formspring were victims of hacks by the famous hacker Yevgeniy Nikulin, who is being held in the Czech Republic while Russian and U.S. extradition requests are processed. https://www.linkedin.com/pulse/20140406163759-71158614-how-hackers-attack-networks-techniques-and-tactics  According to an article in the New York Times published today, hackers have been penetrating computer networks of nuclear power stations and manufacturing plants in the U.S. and other countries. Since May, companies such as Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant in Kansas, have been targeted, according to a report by the Department of Homeland Security and the FBI.
Bloomberg reported today that at least a dozen power plants in the U.S. were targeted, and that the chief suspect is the government of Russia. The New York Times reported that, according to two people familiar with the investigation, the hackers used techniques similar to “Energetic Bear,” the Russian hacking group that researchers think have attacked the energy sector since at least 2012. The DHS/FBI joint report did not specify whether the hacks were designed to steal secrets or to cause destruction. John Keeley, a spokesperson for the Nuclear Energy Institute, said in the New York Times that none of the facilities targeted have reported that the attacks affected the security of their operations. The New York Times article can be found here. https://www.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html The Bloomberg article can be found here. https://www.bloomberg.com/news/articles/2017-07-07/russians-are-said-to-be-suspects-in-hacks-involving-nuclear-site A New York Times article about last week’s attack on computeres around the world, also thought to be traceable to the Russian government, can be found here. https://mobile.nytimes.com/2017/07/06/technology/search-for-clues-global-cyberattacks.html?referer= An article from Fortune about multiple cyberattacks on Ukraine's power grid, thought to be the work of the Russian government, can be found here. http://fortune.com/2017/06/30/ukraine-power-station-cyber-attack/ |
Truth is a real thing.
Archives
April 2018
Categories
All
|
RSS Feed