On the Internet, nobody knows you’re a Russian

February 27, 2017

 Overseas computer intrusion—or global hacking—goes all the way back to 1996, when a Navy contractor noticed unfamiliar overnight systems activity.

 

Investigators spent two years tracing how the hacker bounced from the Navy to the Air Force to the Department of Energy to NASA to steal classified military weapons designs.


Most recent cyber attacks against the US have come from China, which has stolen secrets for rolling steel, designs for fighter jets, and prints for oil pipelines. Since 2014, Russian-based attacks have escalated and hackers now publish or broadcast the information they obtained, creating anxiety among the US and its allies.


Chinese and Russian groups hacked the 2008 Obama and McCain presidential campaigns, but did not publish any data from those hacks. Obama was briefed on it at the time, but did not take action on it.


Then in 2015, Russian hackers shut down a French television network and posted pro-ISIS propaganda on the station’s website to frame the Islamic state for the attack. Investigators believed it was in retaliation for France backing out of an agreement to sell military helicopters to Russia.


Russian President Vladimir Putin has denied any state-level involvement in any of these hacks.


Cyber break-ins at the Democratic National Committee during the 2016 campaign were largely due to a lack of secure email communications and a lack of secured server networks. The two groups that took responsibility for the hacks are well known to the FBI and CIA as “Fancy Bear” and “Cozy Bear.”


In May 2016, the DNC hired US-based cyber security firm Crowdstrike to investigate. It took Crowdstrike 24 hours to scan the DNC’s system and identify the intruders. Fancy Bear and Cozy Bear are not collaborators and did not work together as they accumulated information and disseminated it to Wiki-leaks, but they were Crowdstrike’s biggest clue to declare that Moscow was behind the attacks.


Fancy Bear and Cozy Bear have previously been involved in Russian cyber espionage. Fancy Bear’s malware was used in those prior incidents. The malware’s code was written by Fancy Bear and the code has been maintained. The code has indicators that it was written by Russian speakers in the same time zone as Moscow and St. Petersburg.


Was this enough evidence to pin the blame on Russia? Discuss.
In addition, Crowdstrike found that the DNC was first hacked in the summer of 2015, when Fancy Bear, posing as Google, sent out email to Gmail users on the DNC’s contact list. The emails asked recipients to verify their username and change their password immediately because their account had been compromised.


Indeed, it had. Fancy Bear sent out more than 4,000 messages and only needed a few responses to penetrate the DNC’s network. The hackers received 20 responses, including from Hillary Clinton’s campaign chairman, John Podesta. Podesta maintained about 60,000 emails in his Gmail account. With one mouse click, Fancy Bear could unlock them all.


In December 2016, the FBI and Department of Homeland Security released their report on “Grizzly Steppe”—the agencies’ code name for their conclusion that Russia engaged in “malicious cyber activity” in an attempt to influence the 2016 presidential election.


Three weeks before Donald Trump took office, Obama sanctioned Russian intelligence and expelled 35 Russian diplomats from the US. He also amended an executive order to allow his successor to retaliate against efforts to influence elections in the US or any of its allies—an apparent reference to Germany and France, who have also reported Russian efforts to influence elections.


Was Obama too soft on Russia’s hacking in 2008, and could he have prevented the 2016 hacks? Discuss.


In terms of luring their victims, Fancy Bear’s tactics were not sophisticated. Like most hackers, they conned their victims into handing over access to their accounts—called “phishing.”


Millions of people fall prey to phishing scams, and it only takes one response to give a hacker access to an entire network. This happened last year in Duluth when someone in the City Clerk’s Office responded to a phishing email, handing a cyber intruder access to a wealth of sensitive information on voter registration lists, business license reports, and job applications.
One method of phishing is to pose as a trusted institution, such as Google, Yahoo, or your bank, and claim some urgent reason you must give them your username and/or password. Do not ever respond to these. No legitimate institution will ever ask you to send them sensitive information by email. If you’re really concerned, contact the sender offline to confirm the validity of the request.


Another phishing method offers you a free download, usually in the form of a zip file. Cozy Bear did this days after the election, spoofing a Harvard professor’s email to send out a fake copy of the professor’s research paper, “Why American Elections are Flawed.” The targets were non-governmental organizations and think tanks—Cozy Bear guessed correctly that the title might interest them. When the targets opened the file, it executed malware script. Anyone can spoof an email address. Only download files that you have confirmed are legitimate.


We need to close our digital vulnerabilities and make sure our elected officials and government employees do the same. Proactive protection of sensitive information should be as automatic as locking your home or your car to prevent a personal—or global—Cyber Pearl Harbor.

Please reload

More from this Author

Archives by Date

Please reload

Archives by Title or Author