Cybersecurity firm says the same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate. https://t.co/d27VpoWhUO
— The Associated Press (@AP) January 12, 2018
This is what happens when you decide to play political games for power and profit rather than provide for the common defense and promote the general welfare! That this is being disclosed now means that the penetration has occurred, Senators, their staffs, and/or their campaigns are already compromised, and the enemy – Russia – wants everyone to know in order to increase the confusion and distrust and further aggravate the social, political, economic, religious, and ethnic/racial tensions and divisions in the US. Are Senators Grassley’s and Graham’s recent actions the result of being compromised or attempts to seek partisan advantage? And what about the House of Representatives? There is no way the Russians have hacked the Senate, but not the House.
From The Associated Press:
PARIS (AP) — The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said Friday.
The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America’s political elite.
“They’re still very active — in making preparations at least — to influence public opinion again,” said Feike Hacquebord, a security researcher at Trend Micro Inc., which published the report . “They are looking for information they might leak later.”
The Senate Sergeant at Arms office, which is responsible for the upper house’s security, declined to comment.
Hacquebord said he based his report on the discovery of a clutch of suspicious-looking websites dressed up to look like the U.S. Senate’s internal email system. He then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which his Tokyo-based firm dubs “Pawn Storm.”
Trend Micro previously drew international attention when it used an identical technique to uncover a set of decoy websites apparently set up to harvest emails from the French presidential candidate Emmanuel Macron’s campaign in April 2017. The sites’ discovery was followed two months later by a still-unexplained publication of private emails from several Macron staffers in the final days of the race.
Hacquebord said the rogue Senate sites — which were set up in June and September of 2017 — matched their French counterparts.
“That is exactly the way they attacked the Macron campaign in France,” he said.
Business Insider also has coverage:
The US Senate was targeted last year by the same hacking group that broke into the Democratic National Committee servers during the 2016 presidential election, according to the cybersecurity firm Trend Micro.
The research firm found that phishing sites were set up by Pawn Storm, also known as Fancy Bear or APT28, mimicking the Senate’s internal email system in an attempt to gain users’ login credentials.
“By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017,” the researchers wrote.
The June 2017 phishing attempts would not have been the first time the Russia-linked hackers tried to infiltrate the US Senate. In its extensive analysis of Fancy Bear’s targets during the presidential election, the Associated Press found that Senate staffers Robert Zarate, Josh Holmes, and Jason Thielman were targeted between 2015-2016.
Fancy Bear had a “digital hit list” throughout that period that targeted a wide range of Russia’s perceived enemies, including former Secretary of State John Kerry, Ukrainian President Petro Poroshenko, anti-corruption activist Alexei Navalny, and half of the feminist protest punk rock group Pussy Riot.
Trend Micro said that the Senate’s Active Directory Federation Services (ADFS), which is bascially its internal email system, “is not reachable on the open internet.” But phishing of users’ credentials on a server “that is behind a firewall still makes sense.”
“In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest,” the researchers wrote.
Hacquebord said he doesn’t think it’s correct to say that the methods Pawn Storm used were not advanced.
“They have to know who they want to target, and the timing is important,” Hacquebord said. “The techniques may not be advanced but the social engineering is. They’ve been using these same tactics for quite some time, and it’s been quite effective. They are also very persistent.”
He added that Pawn Storm was using zero-days, or software vulnerabilities that can be exploited by hackers before the developer discovers and patches it.
“These zero days are expensive on the black market,” Hacquebord said. “This is not the stuff of amateurs.”
In case you think compromising members of the Senate, their staffs, and their campaigns is very bad, it gets worse.
On June 13, 2017, Attorney General Jeff Sessions testified to the Senate Intelligence committee about Russian interference in the 2016 presidential election. After fielding hours of questions about his knowledge of the plot, Sessions was greeted by an abrupt change in topic from Senator John McCain. “Quietly, the Kremlin has been trying to map the United States telecommunications infrastructure,” McCain announced, and described a series of alarming moves, including Russian spies monitoring the fiber optic network in Kansas and Russia’s creation of “a cyber weapon that can disrupt the United States power grids and telecommunications infrastructure.”
When McCain asked if Sessions had a strategy to counter Russia’s attacks, Sessions admitted they did not.
But while the role of hacks in the election is the subject of several ongoing probes, the hacks of other U.S. institutions and infrastructures have been largely ignored by the Trump administration, even as the hacking became more aggressive throughout 2017. In June, shortly after McCain’s testimony, the Department of Homeland Security and the FBI released an urgent joint report stating that U.S. nuclear power stations and other energy facilities had been hacked. In July, Bloomberg and the Washington Postconfirmed that the hackers worked for the Russian government.
While U.S. government officials stressed that the public was not yet at serious risk, claiming the hackers had not yet gained the ability to control the grid, intelligence officers warned that infrastructure attacks by a hostile state can also operate as a form of political leverage. Most analyses of the 2016 election hacks have framed leverage in personal terms: kompromatstolen from hacked emails used to blackmail individuals into submission or to humiliate officials as part of a propaganda campaign. Less examined is the form of leverage McCain raised at the Sessions hearing: the possibility of vital infrastructure, like the power grid, being crippled, potentially causing massive financial and humanitarian consequences. In this formulation, an entire government could ostensibly be held hostage to another government’s whim out of fear of triggering a cataclysmic attack.
As 2017 wore on, Russia continued to hack infrastructure around the world , again crippling government and corporate offices across Ukraine, along with energy sectors in the United Kingdom and government officialsin France, and ending the year targeting NATO countries through unprecedented focus on underwater North Atlantic cables that provide internet service to the U.S. and Europe. Disrupting these cables, one British naval official said, would “immediately and potentially catastrophically affect both our economy and other ways of living.”
In September, security firm Symantec said it had notified more than 100 energy companies in the U.S., Turkey, Switzerland, Afghanistan, and elsewhere about Dragonfly 2.0—a set of intrusions into industrial and energy-related companies suspected to originate in Russia. Using targeted phishing emails and compromised websites designed to capture users’ credentials, the hackers gained access in some cases not just to front-office networks but to “operational machines.” As a Symantec security analyst told Fast Company, “We’re talking about machines that are controlling elements that are plugged into the power grid.” A month later, the Dept. of Homeland Security and FBI warned critical infrastructure providers in nuclear, energy, and other key sectors about the ongoing attacks, noting that “threat actors are actively pursuing their ultimate objectives over a long-term campaign.”
And if you think Putin is going to stop, he’s not. He’s going to turn the screws.
When the employees of the famous “troll factory” in St. Petersburg return to their desks after the Russian holidays, they will be writing comments and posts on social media in much more spacious offices. As the city’s leading business daily Delovoy Peterburg reports in an investigative article published just before New Year, the 4,000 square metres of their previous address on 55, Savushkina Street have been replaced by 12,000 square metres in St Petersburg’s Lakhta business district.
The impressive threefold increase of work space is testimony to the success of the “factory”. As Russian RBC Daily’s investigation in April 2017 showed, the trolling activities have now branched out into a conglomerate of at least 16 different online outlets, all of which voice strong support for Kremlin’s policies, while systematically linking to each other’s products. At the same time they carry little or no advertisement.
The owner of the “troll factory”, businessman and billionaire Yevgeny Prigozhin, has also become known as “Putin’s chef” because of his success in providing catering services for, among other clients, the Kremlin and other branches of the Russian government. Mr Prigozhin has been sanctioned by the U.S. Treasury Department for providing financial support for Russia’s military occupation of Ukraine. Delovoy Peterburg’s investigation also reveals that the owners of the new premises are contributors to President Putin’s election campaign.
As I wrote 18 months ago: we are at cyberwar. I was one of the first national security professionals to publicly make that argument based on what was available in open source reporting. Eighteen months later we have actually moved to the point were the cyberwar is just one of the fronts in an elaborate, multi-pronged Russian attack and offensive against the US, our EU and NATO allies, and other liberal democratic states and societies. A formal declaration of war and placing the US on a mobilized for war footing in order to appropriately respond is no longer something to joke about. We can either get serious with this threat and respond appropriately through a formal declaration of war, placing the US on a war footing to fight back, and the mobilization of our closest allies by invoking NATO Article 5 or we can watch Putin make bank as he dismantles liberal democracy in the US, Canada, and the EU and then tries to scarf up eastern Europe, the Baltics, and parts of Scandanavia.
This is not a game. It is not a joke. This is not politics as usual or as unusual. This is not about partisan advantage. We have wasted trillions of dollars, thousands of American and allied lives, and hundreds of thousands to millions of lives of host country nationals caught in the crossfire misunderstanding and improperly responding to Islamic extremism and the terrorism it engenders as an existential threat. Right now we have decided to purposefully ignore a real existential threat: Russia’s war against the US, the EU, NATO, and liberal democracy because it might jeopardize Paul Ryan’s desires to gut Social Security, Mitch McConnell’s dreams to gut campaign finance laws and pack the Federal courts, Stephen Miller’s blatant racism, Mike Pence’s fetish for punishing LGBTQ people because they make him feel icky about himself, and the President’s psychological inability to come to terms with the fact that he is only in office because Vladimir Putin felt threatened by Secretary Clinton combined with the desires of a plurality of white racists and misogynists to make one last stand for bigotry and oppression. And because stating that truth is considered to be politically inappropriate. We can either get it together or we can be remembered as a society so stupid we allowed ourselves to be subverted and destroyed without a single shot being fired.
As I asked eighteen months ago: we are at war, what are we going to do about it?
Penetration At All Levels: US Senate EditionPost + Comments (185)