 1/2/2017: Additional information and links have been added below the original story.
The Department of Homeland Security issued an executive summary yesterday of the U.S. government’s findings of Russian malicious cyber activity known as Grizzly Steppe. According to the Department of Homeland Security: “Russia’s civilian and military intelligence services engaged in aggressive and sophisticated cyber-enabled operations targeting the U.S. government and its citizens. The U.S. Government refers to this activity as GRIZZLY STEPPE. These cyber operations included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations, and theft of information from these organizations. This stolen information was later publicly released by third parties.” What does this mean? Spearphishing According to Norton, the computer security software company, “Spear phishing is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC.” Spearphishing targets users specifically, creating the impression that there is a relationship between the victim and the sender. The email may tell the victim that their account has been compromised and that they need to supply passwords or account numbers in order to secure the account. If you receive an email that looks like it may be from your bank or other financial institution, or from your email provider, and asks for private information: check with the company by calling the 800 number and ask if they would have sent you something so personal. (The answer will be no.) Alternatively, just delete the email immediately, and empty your deleted file. DO NOT click on any attachments or provide any personal information. Why would the Russians use spearphishing? We will probably find out more information when the complete report is released. We do know that John Podesta, Hillary Clinton’s campaign manager, received an email like this, was advised by staff that it was legitimate (the staff member now says he meant to say “illegitimate”), and he gave his email password away. This allowed the hackers to take over his computer and download files. (For more on this see the New York Times article from December 13, linked below.) Who Were the Targets of the Russian Attacks? We know that two of the targets were the Democratic National Committee (see article linked above) and John Podesta. On December 30 it was revealed that a Vermont electrical utility had discovered the malicious computer code on a laptop computer owned by the utility. The utility reported that the malware did not affect their servers. Homeland Security provide the code so information technology professionals can look for it on their own computer resources. Most likely there will be additional targets discovered in the next few weeks. Homeland Security has provided a list of the servers that the hackers used. Many of these were used without the host’s knowledge. Russian Intelligence Services used (and may still be using) other people’s networks without their owners’ knowledge to hide their malicious activity. The computers at these IP addresses also host legitimate websites and other Internet services. In addition to the three successful attacks described above, attacks were made on other networks:
What Information Did They Steal? The hackers stole briefing papers, “cheat sheets” (papers containing policy statements on a wide variety of topics, to help political candidates prepare for speaking appearances), emails, and any other documents contained on the victims’ networks. How Was This Information Released? The hackers used a website called Guccifer 2.0 on Wordpress to release the Democratic National Committee documents. The Podesta emails were released through Wikileaks. While none of the information contained in the document releases showed signs of illegal activity, they were embarrassing for the Clinton campaign. The timing of the releases corresponded to several important events. The DNC data was leaked the week before the Democratic National Convention, presumably to embarrass Clinton and possibly to keep delegates from supporting her. The Podesta emails were released one hour after the first public airing of an audio tape of Donald Trump on the set of the NBC television show “Access Hollywood” in 2005, in which he made aggressive sexual comments about women, including claims of assaulting women. The Department of Homeland Security executive summary is linked here. https://www.dhs.gov/news/2016/12/30/executive-summary-grizzly-steppe-findings-homeland-security-assistant-secretary The Norton information on spearphishing is linked here. https://us.norton.com/spear-phishing-scam-not-sport/article The New York Times article about the series of errors that allowed the Russian cyberhack to succeed is linked here. http://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html?_r=0 NPR's report on the Vermont utility discovery of malware is linked here. http://www.npr.org/sections/thetwo-way/2016/12/30/507640499/u-s-officials-say-russia-hacked-a-vermont-utility The “Access Hollywood” video and transcript are linked here. http://www.bbc.com/news/election-us-2016-37595321 Added 1/2/2017 The link to the Joint Statement of the Office of the Director of National Intelligence and the Department of Homeland Security dated October 7, 2016 can be found here. https://www.dni.gov/index.php/newsroom/press-releases/215-press-releases-2016/1423-joint-dhs-odni-election-security-statement CNN breaking news today - "One official told CNN the administration has traced the hack to the specific keyboards -- which featured Cyrillic characters -- that were used to construct the malware code, adding that the equipment leaves 'digital fingerprints' and, in the case of the recent hacks, those prints point to the Russian government." The link to the story above can be found here. http://www.cnn.com/2017/01/02/politics/digital-fingerprints-russia-hacking/ The video clip of Trump spokeman Sean Spicer responding today to the information from U.S. intelligence agencies can be found here. Spicer: Conclusions on hack 'irresponsible'
0 Comments
Leave a Reply. |
Truth is a real thing.
Archives
November 2019
Categories
All
|
RSS Feed