2016 Postmortem
Related: About this forumDemocrats Left the Door Open to Russian Hacks
JUNE 15, 2016 10:30 AM EDT
By Leonid Bershidsky
Writing about the latest Russian government-sponsored cyberattack his firm had to deal with, Dmitri Alperovich of cybersecurity company CrowdStrike noted it was rare for clients to want to publicize these breaches. The Democratic National Committee, however, had a good reason to go public: It claimed that the Russians had been looking for opposition research on Donald Trump.
Given how the U.S. media love to hate Trump, sinister theories could be expected to emerge, and they did. The New York Times, for example, mentioned a subplot to the race: Paul Manafort, Mr. Trumps campaign chairman, previously advised pro-Russian politicians in Ukraine and other parts of Eastern Europe, including former President Viktor F. Yanukovych of Ukraine. The image that springs to mind is of Russian spies handing over the DNC files to Manafort, or to Trump himself, to aid the Republican candidate. Didnt Hillary Clinton say they would be celebrating in the Kremlin if Trump won?
The Washington Post, which first reported the breach, quoted unnamed U.S. officials as saying the Clinton and Trump campaigns, as well as some Republican political action committees, had also been targeted -- yet they didnt see fit to spread the news. The DNCs revelations -- less titillating than they are embarrassing -- are nonetheless worrying. The story of two independent breaches that allowed the hackers months of unhindered access shows a cavalier attitude toward cybersecurity in an organization that should have known better. It shows Clintons e-mail scandal has taught U.S. Democrats little or nothing at all.
The DNC was first infiltrated a year ago by a group CrowdStrike calls Cozy Bear and the rest of the cybersecurity industry knows as Advanced Persistent Threat (APT) 29. Security researchers have tied it to the Russian government because the hacker team keeps regular working hours on Moscow time and observes Russian national holidays, and also because it targets were Western government organizations, media and think tanks. It has supposedly breached the unclassified networks of the White House, the State Department and the Joint Chiefs of Staff, and its known to use ingenious techniques, such as passing malicious commands to infected systems through pictures posted on fake Twitter accounts. The cybersecurity community by now has studied numerous examples of its malware, whose quality and variety suggest technical brilliance and a wealth of resources.
In April 2016, while APT 29 still had the run of the DNCs computer network, another group came to play -- one dubbed Fancy Bear by CrowdStrike and known as APT 28 to the rest of the community. Alperovich wrote that the attacks were not coordinated and Fancy Bear got in on its own, probably with no knowledge that other Russians were already there. Alperovichs take is that rivalry among Russian intelligence agencies caused the duplication; he linked APT28 to the GRU, Russias military intelligence service. Its hard to say how the connection can be made with any degree of certainty; all that other cybersecurity researchers have noted about the group is its use of the Russian language and its interest in east European militaries.
MORE...
http://www.bloomberg.com/view/articles/2016-06-15/democrats-left-the-door-open-to-russian-hacks
tonyt53
(5,737 posts)Oh the fun they could have. Remember that Bernie had some of his people get into areas that they should not have been pretty easily too.