Hackers Target Vulnerabilities Across US Politics

The Russian hackers who hit the Democratic National Committee and Hillary Clinton’s campaign burrowed much further into the US political system, sweeping in law firms, lobbyists, consultants, foundations and the policy groups known as think tanks, according to a person familiar with investigations of the attacks.

Almost 4,000 Google accounts were targeted in an elaborate “spear phishing” campaign, intended to trick users into providing access so that information could be gleaned from personal and organizational accounts, from October through mid-May, according to the person, who asked not to be identified discussing confidential information.
The sweeping scope of the spying on the US political establishment suggests that an information dragnet far larger than previously reported and one meant to gather a near-encyclopedic understanding of the next president and those who will influence his or her thinking. Based on data now being analyzed, various security researchers believe the campaign stems from hackers linked to Russian intelligence services and has been broadly successful, extracting reams of reports, policy papers, correspondence and other information.

“These foreign governments are negotiating machines” with much to gain from a US politician’s priorities and weaknesses, said John Prisco, chief executive officer of Rockville, Maryland-based security company Triumfant Inc. “Understanding the possible next president at the depth that the DNC does will help them enormously if they have to deal” with the winner in the White House.

More Documents

In the past two week, the Democratic National Committee disclosed that hackers had gained access to its servers, and CrowdStrike Inc., the cybersecurity firm hired to combat that intrusion, said that groups it linked to the Russian government had managed to steal opposition research on Republican candidate Donald Trump. Then, SecureWorks Corp., another cybersecurity firm, said it had evidence that Russian hackers had targeted aides in Clinton’s campaign, although the campaign said it saw no sign that its system had been compromised.

Recently the hacker released a second set of documents purporting to be personal and financial information on DNC donors, fundraising spreadsheets and internal strategy memos. “I absolutely rule out any possibility of any government or government structures’ involvement in it,” Dmitry Peskov, spokesman for Russian President Vladimir Putin, said of the DNC hacking.

Similar Attacks

The data thefts are similar to a wave of attacks that preyed on high-level US officials, military officers and spouses last summer. The newest wave includes some far-flung targets -- ambassadors and staff members at embassies around the world, in addition to political figures in the US.

Among the policy groups targeted was the Center for American Progress, which has ties to Clinton and the Obama administration. “We are constantly reviewing our security and operations to prevent and thwart unauthorized activity,” Liz Bartolomeo, a spokeswoman for the center, said in an e-mailed statement. “We have reviewed our systems and we believe our security measures have prevented unwanted access to our systems.”

Trump Probably Targeted

Researchers were able to detail the thousands of individuals attacked after reconstructing the techniques used by the hackers to hit Google-hosted accounts. Trump’s campaign probably has been targeted as well, investigators say. However, since his campaign e-mails are hosted on Rackspace, a different cloud provider, a different technique would have to be used to recover evidence of those hacks, the person said.

In hitting candidates, their advisers and lawyers, hackers are extracting political data and exploiting systems that are more vulnerable in the time before security layers are added in a new presidential administration. Despite years of warnings and similar attacks, the political parties and their candidates aren’t sufficiently protecting their confidential information, according to cybersecurity specialists who work with the campaigns.
Perilous Period

Candidates and parties are most at risk of being hacked in the window of time between when they become their parties’ presumptive nominees -- as Clinton and Trump have -- and when one of them takes office, said Tony Lawrence, a former US Army cyber specialist, the CEO of Hanover, Maryland-based security company VOR Technology.

While cybersecurity professionals have blamed Russian hackers for the attacks on the DNC and Clinton campaign, Trump has said the DNC orchestrated the leak of documents attacking him. Other nations, including China, have been cited as being behind earlier infiltrations, including those in the 2008 presidential race.

Data stolen through hacking can be used for a variety of purposes, including leaks as a weapon to influence foreign policy and even elections.

Personal and financial information such as credit card and bank account numbers could be used by spies, diplomats or criminals. Personal e-mail addresses and mobile phone numbers for outside advisers help map out personal relationships and enable further attacks.

Perhaps most important are voluminous “briefing books” of questions and answers to prepare candidates and their advisers on major issues, said Peter Singer, a consultant for the US government on defense issues and a senior fellow at the New America policy center. These books help shape candidates’ publicly stated positions and contain lengthy narratives reflecting advisers’ private thinking about the issues, he said.

McCain’s Draft

In 2008, Democrat Barack Obama and Republican John McCain’s campaigns were hacked, and the events delivered this memorable anecdote: Randall Schriver, one of McCain’s foreign policy advisers on Asia, told NBC News that Chinese officials complained to him about the contents of a letter from McCain supporting Taiwanese military expansion that the candidate had drafted but not yet sent. Schriver didn’t respond to a message from Bloomberg News. In 2012, Obama and Mitt Romney’s campaigns were targeted.

“Everybody has to assume they’re coming after you, especially if you’re talking about politics and presidential elections,” said Joe DeTrani, a former senior adviser to the US director of national intelligence whose now president of Daniel Morgan Academy, a national security graduate school in Washington. “There are so many critical issues, and if it’s touching the Russians -- it’s not just Crimea, Ukraine and now the Middle East -- maybe they just want to prepare accordingly, given the two presidential contenders and what they’re likely to confront. In some ways it’s very logical.”

Personal Accounts

The Russian hacking groups that CrowdStrike says were behind the DNC attacks operate independently and in unusual ways, often targeting personal accounts and private computers as a rich source of intelligence about their owners. The groups have been behind breaches of the White House, the State Department, the House of Representatives and a reporter at the New York Times.

“Any of the standard Russian hacking teams and protagonists would be happy to do this kind of thing for fun or a small fee,” said Gunter Ollmann, chief security officer at San Jose, California-based Vectra Networks Inc. “A high-profile US target with juicy data that could be leaked, or sold, and never under the risk of Russian law enforcement, is easily justified.”

‘Advanced Persistent Threat’

The first group, called APT 28 -- APT is cyber-security lingo for “advanced persistent threat” -- is believed by some private security experts to be a specialized unit of the FSB, the Russian state security agency. It has been linked to hacks of President Vladimir Putin’s domestic opponents, including the rock group Pussy Riot.

It’s been around since at least 2007 and has been among the most active nation-state-linked hacking groups in the world, said Vikram Thakur, a former senior attack investigations manager for Symantec Corp. In the early years, its targets were primarily Eastern European militaries, embassies and defense contractors, but as detection grew, its tools were used more broadly and targets have expanded to Western countries and private entities with data of strategic interest to Russia, Thakur said.

The hacking of the Warsaw Stock Exchange in 2014, which was followed by leaked data and claims of responsibility by Muslim militants, was viewed as a smokescreen. Polish investigators interpreted it as a warning from Russia against a member of the North Atlantic Treaty Organization, which was intent on driving a strong response to Russia’s aggression in eastern Ukraine, according to three people familiar with the investigation. Private security experts attributed the attack to APT 28.

In a sign of sophistication and resources, APT 28 uses more “zero day” vulnerabilities than almost any other group, exploiting more than half a dozen previously unknown flaws in Office, Java and Flash software, among others, in 2015, Thakur said.

‘Went Ballistic’

The second, more advanced group linked to the DNC hack, called APT 29, appeared in 2014 and was at first very selective, infecting only a few targets all year, but in 2015 “they went ballistic,” infecting hundreds of European and US organizations, Thakur said. The group has a signature move: It infects lots of computers, sending thousands of e-mails and going alphabetically through big groups of targets, a distraction as they steal data from one or two computers of high value, Thakur said.

There are signs of cooperation.

In early 2015, multiple Western European military customers of Symantec reported infections of APT 29 followed within a week or two by an infection by APT 28, possibly indicating a handoff, Thakur said. In most cases, they were the only two infections on a given machine, he added.

“You can clearly make out that whoever’s behind all of this has no qualms about the repercussions that could come if someone found out whoever they are,” he said. “These people are not the types who go around hiding their tracks so the victim doesn’t know they’ve been compromised. They’re very noisy, they come in and steal whatever they want. Eventually any network administrator will know they’re there.”

Information-Management

« Snowden Calls For Special Protection For Whistleblowers
New US Biometric Passport Regulations Will Prevent Entry To Millions »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Lima Networks

Lima Networks

LIMA design and deliver IT Infrastructure solutions and services including managed Security Monitoring services.

SafeUM Communications

SafeUM Communications

SafeUM Secure Messenger is an encrypted secure communications protection mechanism for instant messaging.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

Holm Security

Holm Security

Holm Security are taking vulnerability assessment into the next generation as a cloud service.

DataArt

DataArt

DataArt is a global technology consultancy that designs, develops and supports unique software solutions. Areas of activity include software security testing.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

The main objective of the Hub is to bring cybersecurity and other advanced technologies closer to companies and as a result help to increase their performance as Industry 4.0.

NSO Group

NSO Group

NSO Group develops technology that enables government intelligence and law enforcement agencies to prevent and investigate terrorism and crime.

Maximus Consulting (MX)

Maximus Consulting (MX)

Maximus designs and delivers corporate-wide information security management system with our full-time IRCA Accredited consulting team.

Bitfury Group

Bitfury Group

Bitfury Group is the largest full-service blockchain technology company in the world.

QI ANXIN Technology Group

QI ANXIN Technology Group

QI ANXIN specializes in serving the cybersecurity market by offering next generation enterprise-class cybersecurity products and services to government and businesses.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

CrowdSec

CrowdSec

CrowdSec is an open-source & participative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks.

Department of Homeland Security (DHS)

Department of Homeland Security (DHS)

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.