How Putin Weaponized Wikileaks to Influence the Election of an American President – Defense One

http://www.defenseone.com/technology/2016/07/how-putin-weaponized-wikileaks-influence-election-american-president/130163/

Cyber security and politics meet in this story.

8 Comments

  1. Tomi Engdahl says:

    All Signs Point to Russia Being Behind the DNC Hack
    http://motherboard.vice.com/read/all-signs-point-to-russia-being-behind-the-dnc-hack

    In the wee hours of June 14, the Washington Post revealed that “Russian government hackers” had penetrated the computer network of the Democratic National Committee. Foreign spies, the Post claimed, had gained access to the DNC’s entire database of opposition research on the presumptive Republican nominee, Donald Trump, just weeks before the Republican Convention. Hillary Clinton said the attack was “troubling.”

    Nearly two months earlier, in April, the Democrats had noticed that something was wrong in their networks. Then, in early May, the DNC called in CrowdStrike, a security firm

    CrowdStrike linked both groups to “the Russian government’s powerful and highly capable intelligence services.” APT 29, suspected to be the FSB, had been on the DNC’s network since at least summer 2015. APT 28, identified as Russia’s military intelligence agency GRU, had breached the Democrats only in April 2016, and probably tipped off the investigation.

    This was big. Democratic political operatives suspected that not one but two teams of Putin’s spies were trying to help Trump and harm Clinton. The Trump campaign, after all, was getting friendly with Russia.

    Digitally exfiltrating and then publishing possibly manipulated documents disguised as freewheeling hacktivism is crossing a big red line and setting a dangerous precedent

    On June 15 a WordPress blog popped up out of nowhere. And, soon, a Twitter account, @GUCCIFER_2. The first post and tweet were clumsily titled: “DNC’s servers hacked by a lone hacker.” The message: that it was not hacked by Russian intelligence. The mysterious online persona claimed to have given “thousands of files and mails” to Wikileaks, while mocking the firm investigating the case

    Along with the abuse, the Guccifer 2.0 account started publishing stolen DNC documents on the WordPress blog, on file sharing sites, and by giving “a few docs from many thousands” to at least two US publications, The Smoking Gun and Gawker. Mainstream media outlets quickly picked up the story

    This tactic and its remarkable success is a game-changer: exfiltrating documents from political organisations is a legitimate form of intelligence work. The US and European countries do it as well. But digitally exfiltrating and then publishing possibly manipulated documents disguised as freewheeling hacktivism is crossing a big red line and setting a dangerous precedent: an authoritarian country directly yet covertly trying to sabotage an American election.

    So how good is the evidence? And what does all this mean?

    The forensic evidence linking the DNC breach to known Russian operations is very strong. On June 20, two competing cybersecurity companies, Mandiant (part of FireEye) and Fidelis, confirmed CrowdStrike’s initial findings that Russian intelligence indeed hacked Clinton’s campaign

    One of the strongest pieces of evidence linking GRU to the DNC hack is the equivalent of identical fingerprints found in two burglarized buildings: a reused command-and-control address—176.31.112[.]10—that was hard coded in a piece of malware found both in the German parliament as well as on the DNC’s servers.

    The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings

    Reply
  2. Tomi Engdahl says:

    Snowden Questions WikiLeaks’ Methods of Releasing Leaks
    https://yro.slashdot.org/story/16/07/29/2110252/snowden-questions-wikileaks-methods-of-releasing-leaks

    Former U.S. National Security Agency contractor, Edward Snowden, has censured WikiLeaks’ release of information without proper curation.

    “Democratizing information has never been more vital, and @Wikileaks has helped. But their hostility to even modest curation is a mistake,” Snowden said in a tweet.

    WikiLeaks’ methods questioned by whistleblower Edward Snowden
    The former NSA contractor wants WikiLeaks to curate information it releases
    http://www.pcworld.com/article/3101883/security/wikileaks-methods-questioned-by-whistleblower-edward-snowden.html

    Hillary Clinton accepted on Thursday her nomination as the candidate of the Democratic Party for president of the U.S. Snowden was granted asylum by Russia so that he could avoid prosecution in the U.S. for his revelations of confidential government information.

    WikiLeaks recently released emails stolen from the Democratic National Committee, which suggested that committee officials had favored Clinton over rival Senator Bernie Sanders. There is speculation that the DNC was hacked by Russians aiming to influence the elections. WikiLeaks has refused to disclose its source.

    On Thursday, Director of National Intelligence, James Clapper, said his agency was not quite ready yet to make a public call on the attribution of the hack.

    WikiLeaks’ release of the emails, which contained sometimes information such as email ids, phone numbers and passport numbers of DNC donors has been criticized.

    Reply
  3. Tomi Engdahl says:

    Reuters:
    Sources: Clinton campaign computer network hacked in addition to Democratic National Committee and Democratic Congressional Campaign Committee — The computer network used by Democratic presidential candidate Hillary Clinton’s campaign was hacked as part of a broad cyber attack …

    Exclusive: Clinton campaign also hacked in attacks on Democrats
    http://www.reuters.com/article/us-usa-cyber-democrats-investigation-exc-idUSKCN1092HK

    A computer network used by Democratic presidential nominee Hillary Clinton’s campaign was hacked as part of a broad cyber attack on Democratic political organizations, people familiar with the matter told Reuters.

    The latest attack, which was disclosed to Reuters on Friday, follows two other hacks on the Democratic National Committee, or DNC, and the party’s fundraising committee for candidates for the U.S. House of Representatives.

    Reply
  4. Tomi Engdahl says:

    Hillary Clinton 2016:
    Clinton campaign: DNC’s data analytics program we used was breached; no evidence hackers accessed internal systems

    Hillary for America Statement on Recent Reports of Cyber Hacks
    https://www.hillaryclinton.com/briefing/statements/2016/07/29/hillary-for-america-statement-on-recent-reports-of-cyber-hacks/

    Hillary for America Spokesman Nick Merrill released the following statement on news reports regarding cyber hacks targeted at the campaign: “An analytics data program maintained by the DNC, and used by our campaign and a number of other entities, was accessed as part of the DNC hack. Our campaign computer system has been under review by outside cyber security experts. To date, they have found no evidence that our internal systems have been compromised.”

    Reply
  5. Tomi Engdahl says:

    Bruce Schneier / Schneier on Security:
    Recent hacks indicate US election systems and voting machines could be targeted too; government must take urgent steps to secure them, and consider retaliation — Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands …

    The Security of Our Election Systems
    https://www.schneier.com/blog/archives/2016/07/the_security_of_11.html

    Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands of internal emails just before the party’s convention began, U.S. intelligence agencies have reportedly concluded.

    The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation’s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ­ that our election systems and our voting machines could be vulnerable to a similar attack.

    If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is essential. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don’t see.

    Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy

    Even more important, we need to secure our election systems before autumn. If Putin’s government has already used a cyberattack to attempt to help Trump win, there’s no reason to believe he won’t do it again ­ especially now that Trump is inviting the “help.”

    Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are insecure and vulnerable to attack.

    Last April, the Obama administration issued an executive order outlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical.

    Reply
  6. Tomi Engdahl says:

    Security News This Week: The DNC Hack Was Worse Than We Thought
    https://www.wired.com/2016/08/security-news-week-dnc-hack-worse-thought/

    Scope of the DNC Hack Is Larger Than Officials Originally Thought

    On top of breaching the Democratic National Committee and Democratic Congressional Campaign Committee, investigators say that Russian hackers targeted and compromised personal email accounts and the accounts of other organizations related to Hillary Clinton’s presidential campaign. The evidence is strong enough that officials have been notifying people associated with the Clinton campaign that their email data may have been compromised. Information about who was actually hacked is trickling out slowly. For example, Democrats feared that the Democratic Governors’ Association had been breached, but so far the group says it doesn’t see evidence that its networks were affected. Law enforcement officials say they’re confident Russia was behind the attacks, but it’s still unclear whether Moscow was doing routine surveillance or actively looking to impact the US presidential election.
    Meanwhile, White House Weighs Imposing Sanctions on Russia Over DNC Hack

    White House officials are considering using economic sanctions against Russia as retaliation for the DNC hack. That action would require the US to definitively accuse Russia of orchestrating the attacks. So far investigators and lawmakers say they are very confident about the attribution, but the White House hasn’t made any such allegations.

    Reply
  7. Tomi Engdahl says:

    DNC Launches Fresh Hack Probe As Russia Continues To Take Blame
    http://www.forbes.com/sites/thomasbrewster/2016/07/27/dnc-fresh-hack-investigation-russia-attribution/#78ce98cc6bc2

    The Democratic National Committee (DNC) remains unsure just how badly it was breached, after it emerged far more significant data was leaked than first thought. A source close to the organization told FORBES it had been forced to open a new investigation to determine whether its systems were more comprehensively hacked than an initial probe in April revealed. Meanwhile, more sources have linked the Russian government to the attempts to influence the Presidential race, including the FBI and security researchers.

    When the DNC’s breach came to light in June, it claimed no financial data had been leaked.

    But when Wikileaks published 19,250 emails from the DNC last week, dozens of contributors’ data was leaked. That included financial information, social security numbers and location. That was alongside emails which indicated the DNC was favouring Hillary Clinton over rival Bernie Sanders.

    A Russian attack?

    The U.S. is getting closer to openly blaming Russia, according to various reports. Both intelligence agency officials and the FBI believe Putin’s regime is to blame, whilst security researchers have found additional links to the state. Both CrowdStrike and SecureWorks linked the DNC attack to a Russian hacker group that went by many names, including Sofacy and Fancy Bear.

    Last month, FORBES reported the personal Gmail and work Google GOOGL +21.78% Apps accounts of DNC and Clinton campaign staff had been targeted by the Sofacy crew.

    A report yesterday from ThreatConnect claimed to have found more evidence of Russian involvement. It found the leaker, who called themselves Guccifer 2.0, was using the Russia-based Elite VPN tool to hide their IP address when leaking documents. Anyone, however, could have used such a VPN.

    Reply
  8. Tomi Engdahl says:

    Guccifer 2.0: All Roads Lead to Russia
    https://www.threatconnect.com/blog/guccifer-2-all-roads-lead-russia/

    ThreatConnect follows Guccifer 2.0’s French breadcrumbs back to a Russian VPN Service

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*