Cyberwarfare.com

CYBERWARFARE.COM ACQUIRED BY CYBERSECURITY VENTURES

Q1 2017

Cyberwarfare.com is a quarterly diary of cyberwarfare activity. What is cyberwarfare? Cyberwarfare is defined as the most aggressive form of attack by a foe or rival over the internet. It largely applies to actions by states and involves denying internet services to communities or countries, or, at worst, destroying critical infrastructure or industrial facilities.

NATION WATCH

Russian election hacking, intelligence leaks dominate cyberwarfare news for first quarter of 2017

johnmelloembossedJohn P. Mello, Jr.

Menlo Park, Calif. – Mar. 31, 2017

News about Russian hacking of the 2016 presidential election created a blizzard of headlines during the first three months of 2017. The controversy became so hot it forced the President’s National Security Advisor to resign and the U.S. Attorney General to recuse himself from any investigations into Russian election meddling.

Meanwhile, both the CIA and NSA were compromised during the period. WikiLeaks dumped confidential documents from the CIA on the Net and the NSA was stung by the indictment of one of its former contractors who stole 500 million pages of documents.

Also during the time frame, a Microsoft executive called on nations to hold a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace.

CYBERWARFARE DIARY

March

Mar. 31. WikiLeaks releases “Vault 7 Marble,” 676 source code files for a CIA framework used to hamper forensic investigators and antivirus companies from attributing to the CIA cyberattacks by the agency.

Mar. 31. Sen. Mark Warner, the ranking Democrat on the U.S. Senate committee investigating Russian interference in the 2016 presidential election, says the Kremlin paid an army of 1,000 people to create fake anti-Hilliary Clinton news stories targeting key swing states.

Mar. 30.  Michael Flynn, the former national security adviser for President Donald J. Trump, offers to testify before House and Senate panels investigating the Trump campaign’s ties to Russia in exchange for immunity from prosecution.

Mar. 30. Azerbaijan’s government blocks primary independent news websites for several days in what’s believed to be an attempt to dampen criticism of the appointment of the country’s first lady as vice president.

Mar. 30. Globe and Mail reports that a cyberattack by Chinese hackers in 2014 at Canada’s Natonal Research Council cost the country hundreds of millions dollars.

Mar. 27. The Times of London reports that the Islamic State has flooded YouTube with hundreds of violent recruiting videos following a terrorist attack on Parliament on March 22.

Mar. 24. German Federal Office for Information Security says that last year it foiled two cyberattacks by the Russian hackers alleged to have interfered with the U.S. presidential election — one an attempt to create a domain in the Baltic region for a German political party; the other a spear-phishing scheme directed against parties in the country’s lower house of parliament.

Mar. 23. Twitter releases transparency report revealing it shut down 376,890 accounts for “violations related to the promotion of terrorism” from July 1 to December 31 of 2016.

Mar. 23. CNN reports that the FBI has information that indicates associates of President Donald J. Trump communicated with suspected Russian operatives to possibly coordinate the release of information damaging to Hillary Clinton’s 2016 presidential campaign.

Mar.21. Reuters reports that Google and Jigsaw have begun offering free Protect Your Election packages to election organizers and civic groups so they can guard themselves from politically-motivated cyberattacks.

Mar. 20. FBI Director James Comey confirms his agency is investigating possible links between Russian hackers and President Donald J. Trump’s election team at a hearing by the U.S. House Intelligence Committee.

grayfooterline

RELATED: Hackerpocalypse — World War III is underway, and it’s cyber… timeline ad infinitum.

grayfooterline

Mar. 17. Alfa Bank, a privately-owned Russian financial institution, confirms it has contacted U.S. law enforcement authorities and offered complete cooperation in finding out who attempted to use its servers to make it appear that the bank was communicating with the Trump organization.

Mar. 16. Trump Administration releases budget proposal that includes $1.5 billion for cybersecurity and protecting the nation’s critical infrastructure.

Mar. 16. Canada’s Department of National Defense releases documents revealing that the country is taking steps to strengthen its cyber warfare arsenal.

Mar. 15. U.S. Justice Department indicts for hacking half a billion Yahoo accounts Russian Federal Security Service agents Dmitry Dokuchaev and Igor Sushchin and two co-conspirators, Alexsey Belan and Karim Baratov.

Mar. 15. Twitter accounts of high-profile news outlets, international brands and politicians are hacked and tweets posted in support of Turkish President Tayyip Erdogans who is in a heated dispute with several European countries over whether Turkish politicians should be allowed to speak at political rallies in those nations.

Mar. 12. MacKeeper security researchers report they’ve discovered a misconfigured device connected to the Internet belonging to a U.S. Air Force officer that has exposed sensitive information to the public, including a spreadsheet with details about ongoing investigations by the service.

Mar. 12. British spy agency GCHQ calls emergency summit with UK political parties after warning them that they are at risk of Russian cyberattacks disrupting the next general election in the country.

Mar. 8. Information Technology and Innovation Foundation reports that 92 percent of U.S. government websites fail to meet basic standards for security, speed, mobile friendliness or accessibility.

Mar. 9. Korean Herald reports Chinese hackers who forced website of retailer Lotte Mart offline in retaliation for its role in the siting of a U.S. missile defense base in Korea have expanded their attacks to include 30 public and company websites of the peninsula nation, including sites for the 2018 Olympics and 2017 WTF World Taekwondo Championships.

Mar. 7. WikiLeaks posts online thousands of documents it says were leaked from the U.S. Central Intelligence Agency, including information on tools used by the spies to hack computers and mobile phones.

Mar. 6. Bloomberg reports that Russian hackers have been launching cyberattacks on U.S. progressive groups in attempts to find embarrassing emails that can be used to extort money from them.

Mar. 4. New York Times reports that the United States has been waging a secret cyber war for three years against North Korea to disrupt its missile program.

Mar. 3. FBI opens investigation into possible data breach at the Center for Election Systems at Kennesaw State University in Georgia that could potentially impact 7.5 million voter records.

Mar. 2. Retired Gen. Keith Alexander, former head of the National Security Agency, at hearing by U.S. Senate Armed Services Committee says federal agencies are unable to protect the nation against digital threats because they don’t share information.

Mar. 2. U.S. Attorney General Jeff Sessions announces he will recuse himself from any investigation into charges that Russia meddled in 2016 presidential election after it was discovered he failed to disclose during his confirmation hearing two meetings he had with the Russian ambassador to the United States.

February

Feb. 28. The Defense Science Board releases study on state of cyber defense in the United States forecasting that in the next five to 10 years other nations will have offensive cyber capabilities that “far exceed the United States’ ability to defend and adequately strengthen the resilience of its critical infrastructures.”

Feb. 21. McClatchy Washington Bureau reports that U.S. investigators are examining whether or not Russia’s Federal Security Service funneled payments disguised as pension benefits to operatives in the United States used to hack Democratic party emails and discredit Hilliary Clinton’s presidential campaign.

Feb. 20. Professor Sheena Geitens, an East Asia expert at the University of Missouri, tells Time magazine that Chinese suspension of coal imports from North Korea as punishment for assassinating the half-brother of Supreme Leader Kin Jong Un at a Malaysian airport will result in stepped up cybercrime by North Korea’s army of 6,800 state-sponsored hackers.

Feb. 18. Fortune magazine reports that FBI is conducting at least three investigations into the alleged Russian hacking of the U.S. presidential elections — one into the breach of the Democratic National Committee, another into the theft of emails of Clinton campaign manager John Podesta and a third into links between Russia and Trump associates.

Feb. 17. Rep. Ted Lieu (D-Calif.) and 14 other members of Congress request House Oversight Committee to investigate the cybersecurity practices of President Donald J. Trump, including his use of an unsecured personal phone.

Feb. 16. IBM’s X-Force Incident Response and Intelligence Services identifies propagation techniques used by the Shamoon malware, which has been a major weapon in the cyberwar between Saudi Arabia and Iran.

Feb. 16. A report by Google leaked to the public reveals the company knew about Fancy Bear before the group was linked to the data breach as the Democratic National Convention.

Feb. 16. Patrick Wardle, a former NSA staffer and current research head at Synack, a bug hunting company, tells Forbes magazine that malware leaked online and believed to belong to Fancy Bear, the group of Russian hackers connected a data breach at the Democratic National Committee, contains “chunks” of code from hacking tools stolen from the Italian cyber mercenary firm Hacking Team.

grayfooterline

RELATED: Training Cyber War Fighters – Cybersecurity Ventures has announced its 2017 List of Master’s Degree Programs in Cybersecurity

grayfooterline

Feb. 15. Oleksandr Tkachuk, Ukraine’s security service chief of staff, accuses Russian hackers of targeting his country’s power grid, financial systems and other infrastructure with a new type of computer virus that attacks industrial processes,

Feb. 15. Threat intelligence company Recorded Future reports Russian-speaking hacker it calls Rasputin, who breached the U.S. Election Assistance Commission in November, is selling unauthorized access to more than 60 universities and government agencies.

Feb. 14. Brad Smith, president and chief legal officer of Microsoft, calls for a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace.

Feb. 14. New York Times reports U.S. law enforcement and intelligence agencies have phone records and intercepted calls that show members of Donald J. Trump’s 2016 presidential campaign and other Trump associates had repeated contacts with senior Russian intelligence officials in the year before the election.

Feb. 13. Richard Ferrand, secretary-general of the French En Marche party, accuses Russia of targeting presidential frontrunner Emmanuel Macron through media and Internet attacks to help the election campaigns of his rivals.

Feb. 10. The Guardian reports that Russia is suspected by Italian officials of being behind a sustained hacking attack on the country’s foreign ministry last year that compromised email communications and lasted for many months.

Feb. 8. U.S. prosecutors air indictment against Harold T. Martin III, a former NSA contractor who is accused of stealing some 500 million pages of classified documents from the agency.

Feb. 7. General Stephen W. Wilson, vice chief of staff for the U.S. Air Force, testifies before Congress that in 2016, his service branch conducted 4,000 cyber missions against more than 100,000 targets, enabling more than 200 high-value, kill-capture missions.

Feb. 6. Security researchers Claudio Guarnieri and Collin Anderson report Iranian hackers are using malware designed to infect Apple computers to attack the U.S. defense industry and human rights groups.

Feb. 3. Norwegian security service warns that country’s Labor Party, defense and foreign ministries and the security service itself have been targeted by Fancy Bear, hacker group believed to be linked to Russia.

Feb. 3. Science Advances publishes paper by Canadian researchers explaining how to hack into a quantum network similar to one being built by the Chinese, which they claim is hack-proof.

Feb. 3. Rob Bertholee, head of the Dutch AIVD security service, says Russia, China and Iran have made hundreds of attempts to hack into Dutch government departments and companies in the last six months.

Feb. 2. UK Law Commission recommends the country’s Official Secrets Act be modified so that spies and civil servants who leak national security secrets face up 14 years in prison.

Feb. 2. Russia charges four people, including two officers in its FSB spy agency, with treason for passing to the United States information believed to be about the Kremlin’s efforts to influence the 2016 presidential election in the United States.

Feb. 1. Dutch government announces it is scrapping the computer software it uses to tally and transmit election results and perform the tasks by hand for fear the election results could be hacked.

Feb. 1. Dan Tentler, founder of cybersecurity firm Phobos Group, warns that several servers run by the U.S. Department of Defense that have been misconfigured for at least eight months could be easily penetrated by threat actors who could use the systems to launch cyberattacks that appear to originate on those systems.

January

Jan. 30. Maagad Ben Juwad Oydeh, who hacked the video feeds from Israeli drones hovering over Gaza, agrees to plea deal with a suggested jail sentence of nine years.

Jan. 30. Rzeczpospolita reports a failed phishing attack on several employees of the Polish Foreign Ministry is believed to be the work of Fancy Bear, the Russian hacker group tied to trying to influence the outcome of the U.S. presidential election.

Jan. 29. The Times of London reports Dmitry Dokuchaev has been arrested in Russia on treason charges, the third such arrest since the Kremlin’s interference with the U.S. presidential election was exposed.

Jan. 26. SecureWorks reports that Fancy Bear, the group of Russian hackers believed to have targeted the U.S. political system during the run-up to the 2016 presidential election, infiltrated a UK television network for almost a year and monitored its operation.

Jan. 26. The Electronic Privacy Information Center files a lawsuit against the Office of the Director of National Intelligence seeking the release of the U.S. intelligence community’s entire assessment of Russia’s interfence with the 2016 presidential election.

Jan.17. CNN/ORC releases poll showing 58 percent of Americans believe the outcome of the presidential election would have been the same whether Russia tried to influence the outcome or not.

Jan. 16. Secureworks says Fancy Bear, the group of Russian hackers believed to have influenced the U.S. elections, has hacked a Norwegian military attache stationed in Eastern Europe and the Norwegian diplomatic mission in Central Asia.

Jan. 16. Nikolay Patrushev, head of Russia’s Security Council, says his country has been experiencing increased attempts to penetrate its information systems by foreign countries, including the United States, China and India.

Jan. 16. Cybersecurity Ventures announces it has acquired for an undisclosed price the domain name Cyberwarfare.com from a private seller.

Jan. 15. The Daily Express reports Russian electronic units are hacking into the systems of RAF bombers and forcing them to abort missions over Syria.

Jan. 14. Dutch media reports Russian hackers attempted to access a report prepared by Dutch investigators on Malaysian Airlines flight MH17, which was shot down above the Ukraine, two weeks before the report was released.

Jan. 13. U.S. Senate Intelligence Committee announces it will investigate allegations Russia used cyber attacks to influence U.S. presidential elections.

Jan. 13. Boston Police announce they’re scrapping a $1.4 million plan to buy software to monitor social media postings for criminal activity and threats to public safety after objections about the technology were raised by more than a dozen civil rights groups and religious organizations.

Jan. 13. Manager of City of Ashland, Wisc. says Russian and East European hackers tried to continually but unsuccessfully to break into the city’s computer systems in the months prior to the 2016 presidential elections.

Jan. 12. Motherboard reports it has received from a hacker 900 gigabytes of data stolen from Cellebrite — an Israeli mobile hacking company that’s done work for U.S. federal and state law enforcement agencies as well as Russia, the United Arab Emirates and Turkey — including customer information, databases, and a vast amount of technical data regarding its products.

grayfooterline

RELATED: The Phi Beta Cyber Society — Connecting the top U.S. men and women in cybersecurity with our high school students.

grayfooterline

Jan. 12. Shadow Brokers, a mysterious group of hackers that gained notice when they previously published hundreds of hacking tools belonging to the NSA, announces it is disbanding and releases a number of Zero Day Windows vulnerabilities.

Jan. 11. Palestinian militant group Hamas baits dozens of Israeli soldiers with online “honeypots” that encouraged them to download malicious apps that compromised their phones and lead to Hamas accessing sensitive army information and intelligence.

Jan. 10. FBI Director James Comey testifies before U.S.Senate Intelligence Committee that Russia hacked into Republican state political campaigns and old email domains of the Republican National Committee but did not release any of the information they obtained from those locations.

Jan. 10. The Arizona Department of Administration says it has found no evidence of tampering with with a state employee timekeeping system after some legislators saw Russian prompts on it; however, the state is continuing to investigate a number of computers used by legislators and staff infected with malware.

Jan. 9. Hans-Georg Maassen, head of Germany’s domestic intelligence service, says his agency has discovered evidence that the Kremlin-linked hacking group Fancy Bear, also known an APT28, was behind an attack on the computers of the Organisation for Security and Cooperation in Europe, the organization responsible for monitoring the ceasefire between government forces and pro-Russian rebels in eastern Ukraine.

Jan. 8. French Defense Minister Jean-Yves Le Drian says in an interview published in Le Journal du Dimanche that in 2016 his ministry thwarted 24,000 cyber attacks involving harassment, surveillance, espionage and disruption of its drone program.

Jan. 6. U.S. intelligence officials release report concluding that Russian President Vladimir Putin personally ordered an influence campaign in 2016 that turned from denigrating Hillary Clinton to developing a clear preference for President-elect Donald Trump.

Jan. 6. U.S. Homeland Security Secretary Jeh Johnson designates U.S. elections systems part of the nation’s critical infrastructure, which will allow the federal government to give states greater assistance in preventing cyber attacks on those systems.

Jan. 6. California Department of Insurance finds data breach that compromised 78.8 million consumer records at health insurer Anthem was performed on behalf of a foreign government.

Jan. 6. Ukraine’s military denies report by cybersecurity firm Cloudstrike that Russia hacked targeting software for Ukraine’s heavy artillery which allowed the Kremlin to track the big guns.

Jan. 6. Department 13, a Maryland company and DARPA spinoff, says it can take control of drones in flight without the use of jamming.

Jan. 5. Armed Services Committee of U.S. Senate holds public hearing with top intelligence officials on Russian cyber aggression and interference with presidential election.

Jan. 5. U.S. Director of National Security James Clapper, Undersecretary of Defense for Intelligence Marcel Lettre and NSA and U.S .Cyber Command Director Admiral Mike Rogers issue joint statement saying more than 30 countries are developing cyber attack capabilities.

Jan. 5. Former CIA Director James Woolsey resigns as an adviser to President-elect Donald Trump.

Jan. 5. Center for Strategic and International Studies task force on cyber policy chaired by Rep. Michael McCaul (R.-Texas) and Sen. Sheldon Whitehouse (D.-R.I.) recommends Trump administration develop new policies to deter and respond to nation-states engaged in hostile behavior in cyberspace.

Jan. 3. U.S. Department of Homeland Security and the FBI warn Hydro One, the main distributor of electricity in the Canadian province of Ontario, that it may have been the target of a Russian cyberattack that planted malware on the power provider’s computer systems.

Stay tuned for the Q2 2017 edition of Cyberwarfare Diary.

John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.

grayfooterline

Q4 2016

Cyberwarfare.com is a quarterly diary of cyberwarfare activity. What is cyberwarfare? Cyberwarfare is defined as the most aggressive form of attack by a foe or rival over the internet. It largely applies to actions by states and involves denying internet services to communities or countries, or, at worst, destroying critical infrastructure or industrial facilities.

NATION WATCH

U.S. v. Russia cyber conflict intensifies

johnmelloembossedJohn P. Mello, Jr.

Menlo Park, Calif. – Dec. 30, 2016

The quarter began with an official accusation that Russia interfered with elections in the United States and ended with dozens of the Kremlin’s diplomats being expelled from their American digs in retaliation for that interference.

In between, there was a destructive cyberattack on Saudi Arabia, a demonstration of a new stealth fighter build with stolen U.S. tech, a call for banning Lenovo hardware in the Defense Department and a hacker assault on a U.S. aircraft carrier in the South China Sea.

CYBERWARFARE DIARY

December

Dec. 31. U.S. Department of Homeland Security says malware found on a laptop belonging to the Burlington (Vermont) Electric Company matches malicious software attributed to Russian hackers found on the computers of the  Democratic National Committee.

Dec. 30. President Barrack Obama expels from the United States 35 suspected Russian spies for “malicious cyber activity and harassment” in connection with Russia’s attempt to influence the 2016 presidential election.

Dec. 29. U.S. Department of Homeland Security and FBI release 13-page report on Russian interference with U.S. Presidential election by hacking American political sites and email accounts.

Dec. 29. Ukrainian President Petro Poroshenko says his country’s state institutions have been targeted about 6,500 times in the past two months by hackers, including agents of Russian security services.

Dec. 28. The Organization for Security Cooperation in Europe, which monitors the Ukraine-Russian conflict, says it suffered a data breach that compromised the security of its computer network.

grayfooterline

RELATED: Hackerpocalypse — World War III is underway, and it’s cyber… timeline ad infinitum.

grayfooterline

Dec. 23. CNBC reports the FBI is investigating infiltration of computers at Federal Deposit Insurance Corporation, which insures consumer deposits in U.S. banks, believed to be perpetrated by China’s military.

Dec. 22. Crowdstrike, an information security company, reports the Russian hacking group that stole data from the computers of the Democratic National Committee also used their skills to pinpoint and kill Ukrainian soldiers in 2014.

Dec. 15. CBS News reports that in August 2015 Russian hackers seized control of the non-classified email system of the U.S. Joint Chiefs of Staff used by about 3,500 officers and civilians.

Dec. 15. The Wall Street Journal reports the Republican National Committee foiled attempts to break into its computer systems using the same techniques that compromised the systems of its Democratic counterpart.

Dec. 9. Hans-Georg Maassen, head of the BfV, Germany’s domestic intelligence agency, says in statement that his agency has seen aggressive and increased cyber spying and cyber operations aimed at weakening and destabilizing the Federal Republic of Germany.

Dec. 2. Russia’s Federal Security Service says it has thwarted a cyberattack mounted by “foreign intelligence services” designed to destabilize its country’s financial system.

Dec. 1. Bloomberg reports cyberattacks believed to be launched from Iran against Saudi Arabia have erased data and disrupted operations at the agency running the country’s airports.

November

Nov. 17. Recruitment website for the Canadian armed forces hacked and visitors redirected to the home page of the Chinese government.

Nov. 4. NBC News reports that U.S.military hackers have penetrated Russia’s power grid, telecommunications networks and command systems making them vulnerable to American cyber weapons.

Nov. 4. Swiss Attorney General’s office suspends 18-month investigation into cyber espionage at Iran nuclear program talks in 2015 because it can’t find who was behind the criminal wrongdoing.

grayfooterline

RELATED: Training Cyber War Fighters – Cybersecurity Ventures has announced its 2017 List of Master’s Degree Programs in Cybersecurity

grayfooterline

Nov. 3. WikiLeaks founder Julian Assange tells Russian-government run news station that Kremlin did not feed him stolen emails from Democratic Party organizations in the United States.

Nov. 2. Microsoft says Russian hackers accused of interfering with U.S. elections exploited a “zero day” vulnerability in Windows to attack users of that operating system.

Nov. 1. Chinese demo their J-20 stealth fighter, which is believed to be based on blueprints for the U.S. F-22 stealth fighter stolen by hackers from the military.

October

Oct. 31. A group called Shadow Brokers dumps online a list of servers compromised by the Equation Group, which has been linked to the NSA, and appear to be have been used for surveillance and other activity.

Oct. 28. Volexity, a network security company, says Chinese hackers launched a network attack targeting defense officials, defense industry representatives, defense security experts and think-tank scholars attending U.S.-Taiwan Defense Industry Conference in Williamsburg, Va. earlier this month.

Oct. 27. Ukrainian hackers release thousands of emails that appear to link between Russian President Vladimir Putin’s adviser Vladislav Surkov and the pro-Russia rebels fighting Ukrainian forces.

Oct. 24. The Washington Beacon reports the Pentagon’s J-2 intelligence directorate is warning the military against using equipment produced by Chinese firm Lenovo because it could introduce compromised hardware into the U.S. Defense Department supply chain.

Oct. 21. U.S. Navy confirms Chinese hackers launched a cyberattack against the Nimitz-class aircraft carrier U.S.S. Ronald Reagan while it was on patrol in the South China Sea, but there was no evidence the foray was successful.

grayfooterline

RELATED: The Phi Beta Cyber Society — Connecting the top U.S. men and women in cybersecurity with our high school students.

grayfooterline

Oct. 18. Information security firm ThreatConnect reports Chinese hackers have compromised a European drone company and the U.S. subsidiary of a French energy management company to most likely obtain information to help Chinese businesses in those sectors.

Oct. 12. CNN reports federal investigators believe Russian hackers compromised a contractor for Florida’s election system and exposed information about the state’s voters.

Oct. 12. CrowdStrike, an information security company, says commercial hacking by China against U.S. firms has declined 90 percent since the Beijing and Washington inked an agreement 13 months ago to curb economic espionage.

Oct. 11. The Telegraph reports that ministers of UK Prime Minister Theresa May’s government have been banned from wearing Apple Watches to cabinet meetings for fear the devices could be hacked by Russian spies.

Oct. 7. The Obama administration officially accuses Russia of attempting to interfere with the 2016 U.S. elections by hacking the computers of the Democratic National Committee and other political organizations.

Oct. 1. National Cyber Safety and Standards of India claims it has infiltrated Pakistan’s critical and defense infrastructure and could destroy it if ordered to do so by the Indian government.

Stay tuned for the Q1 2017 edition of the Cyberwarfare Diary.

John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.

grayfooterline

© 2016-2017 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.