Cyberwarfare.com

CYBERWARFARE.COM ACQUIRED BY CYBERSECURITY VENTURES

Q2 2017

Cyberwarfare.com is a quarterly diary of cyberwarfare activity. What is cyberwarfare? Cyberwarfare is defined as the most aggressive form of attack by a foe or rival over the internet. It largely applies to actions by states and involves denying internet services to communities or countries, or, at worst, destroying critical infrastructure or industrial facilities.

NATION WATCH

Cyberattacks on election systems more widespread than originally believed.

johnmelloembossedJohn P. Mello, Jr.

Menlo Park, Calif. – Jun. 30, 2017

Russian meddling in the 2016 presidential elections dominated the daily news during the first half of 2017. Although former President Barrack Obama was criticized for not taking more forceful action against Russia during the last year of his presidency, it was revealed that GOP politicians and Congress shrugged off warnings from the White House about the severity of the problem.

News reports found cyberattacks on election systems was more widespread than originally believed with 39 systems coming under attack. Meanwhile, a top secret report leaked to the press revealed that at least one U.S. voting software supplier was targeted by Russian military intelligence during the runup to the presidential election.

Russian election meddling was also alleged in the French elections in May by winner Emmanuel Macron, but those allegations were later discounted by Guillaume Poupard, director general of ANSSI, France’s cyber defense agency.

In the diplomatic realm, NATO leaders declared that a cyberattack could trigger alliance action in the same way a conventional attack would do so.

CYBERWARFARE DIARY

June

Jun. 30. Financial Times reports cybersecurity analysts and western intelligence officials believe the GoldenEye/NotPetya ransomware attack that crippled businesses worldwide was the work of a hostile nation and not a criminal group.

Jun. 30. Wall Street Journal reports Peter W. Smith, a GOP operative claiming to be working with former National Security Adviser Michael Flynn, conducted an extensive online search before the 2016 presidential election for emails from Hillary Clinton’s private email server, suspecting it had been hacked by Russia.

Jun. 29. Valcom Consulting, which does millions of dollars in business with the Canadian military, confirms its website was recently defaced but adds that initial indications are that no sensitive data was compromised.

Jun. 28. CNBC reports that hackers who set off GoldenEye/NotPetya ransomware epidemic made less less than $10,000 from their victims.

Jun. 28. GoldenEye/NotPetyq ransomware spreads from Ukraine disrupting business and government computing activity in at least 65 nations. Businesses affected by the virus include Russian oil company Rosneft, shipping firm A.P. Moller-Maersk and pharmaceutical giant Merck.

Jun. 28. Sen. Jeanne Shaheen, D-N.H., amends defense spending policy bill to prohibit the U.S. Defense Department from using Kaspersky Lab software platforms because the company “might be vulnerable to Russian government influence.”

Jun. 28. ABC News reports federal authorities are investigating a low risk level breach of a business system at a U.S. nuclear power plant.

Jun. 28. Jens Stoltenberg, the NATO secretary general, reveals at news conference in Brussels that the alliance’s members agree that a cyber attack could trigger a response in the same way as a conventional military assault.

Jun. 28. An online group calling itself Team System Z claims responsibility for vandalizing several government websites across the country with the message “You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries.”

Jun. 27. The Wall Street Journal reports at least 10 White House officials and former aides have retained attorneys or are moving to do so in conjunction with the ongoing investigations into collusion by the Trump political organization with Russia during the 2016 election campaign.

Jun. 26. China and Canada sign agreement to not conduct state-sponsored cyberattacks against each other aimed at stealing trade secrets or other confidential business information.

Jun. 26. North American Electric Reliability Corporation releases its “State of Reliability” report for 2017 which says there were no reportable cybersecurity incidents in 2016; however, NERC also says threats continue to increase and are becoming more serious.

Jun. 26. Idaho State Treasurer Ron Crane reports his website has been vandalized by hackers who scrawled “I love the Islamic state” on one of its web pages.

Jun. 23. Washington Post reports on Obama Administration’s efforts to punish Russia for meddling with 2016 U.S. elections and indifference by Republican Party leaders on state and national level to seriously consider intelligence on election interference.

Jun. 23. The Times of London reports that stolen email addresses and passwords of tens of thousands of government officials in the UK are being sold or bartered on Russian-speaking hacking sites.

Jun. 21. Honda Motor Co. halts production at its vehicle making plant in Sayama for a day after discovering WannaCry ransomware on its computer network.

Jun. 20. Wired Magazine reports on how Russia is using Ukraine as a testing ground for cyberwar.

Jun. 19. Hackers claiming to be members of ISIS vandalize Website of Argentina’s army. Grafitti posted to site says, “This is a threat. ISIS is in Argentina and you will hear from us soon.”

Jun. 16. Russian President Vladimir Putin claims in an Oliver Stone series on the Showtime TV channel that he proposed forging a cyber treaty with the United States but his overtures were ignored by the Obama Administration.

Jun. 16. Chinese scientists say they’ve set a new record for the distance they’ve been able to transmit a quantum signal from space. The development is a milestone in Beijing’s program to create a hack-proof communications network.

Jun. 16. U.S. Senate approves on roll call vote of 98-2 new sanctions against Iran and Russia, as well as limiting  the Trump Administration’s ability to weaken existing sanctions.

Jun. 14. White House Deputy Press Secretary Sarah Huckabee Sanders tells reporters aboard Air Force One President Donald J. Trump has no intention of firing special counsel Robert Mueller, who is leading an investigation into Russian meddling with the 2016 presidential election.

Jun. 13. Bloomberg reports cyberattacks on U.S. election system in the summer and fall of 2016 occurred in 39 states and included compromise of software used by poll workers and penetration of a campaign finance database.

Jun. 13. Microsoft releases patches for all supported and some unsupported versions of Windows to address vulnerabilities that pose elevated risk to attack by nation-states.

Jun. 13. U.S. CERT warns that North Korean government threat actors are targeting U.S. businesses with malware and botnet-related attacks that are part of a campaign called “Hidden Cobra.”

Jun. 12. New York Times reports that intelligence about disguising bombs as laptop batteries exposed to Russian officials by President Donald J. Trump originated with Israeli intelligence.

Jun. 12. Eset and Dragos announce they’ve discovered the malicious software that caused a power outage in the Ukraine in December 2016.

Jun. 9. Al-Jazeera Network confirms that its websites and digital platforms are undergoing continual hacking attempts as surrounding Arab states pressure Qatar to break terrorist ties with Iran and Hamas.

Jun. 8. U. S. Department of Defense releases annual report to Congress on China’s military developments which includes finding that throughout 2016, China continued to develop its Strategic Support Force, an organization it established late in 2015 to unify space, cyber, and electronic warfare capabilities.  

Jun. 7. CNN reports U.S. security agencies believe Russian hackers were behind the hack of Qatar’s state news agency and planting of fake news.

Jun. 7. National Legal and Policy Center reports that more than 235,000 comments filed with the FCC in support of net neutrality rules adopted during the Obama administration originated from domains in France, Germany and Russia and that many of them are from fake addresses.

Jun. 7. FBI reports that Russian hackers-for-hire were behind a cyberattack resulting in fake messages being sent out by the Qatar government, which precipitated a diplomatic crisis with other Persian Gulf states.

Jun. 6. Reality Leigh Winner, 25, is accused by U.S. Justice Department of removing classified documents from a government facility in Georgia and leaking them to press.

Jun. 6. Eset reports Russian hackers are using the comments section on Britney Spears’ Instagram account to control their malicious actions.

Jun. 7. Washington Beacon reports Iran tried to hack the email and social media accounts of U.S. State Department officials in the fall of 2015 while a nuclear deal was being hammered out with Tehran.

Jun. 5. A highly classified intelligence report leaked to The Intercept reveals Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent phishing emails to more than 100 local election officials just days before the 2016 presidential election.

Jun. 5. Congressman Mike Quigley (D-Ill.), a member of the House Intelligence Committee, says Russian operatives hacked into the Illinois State Board of Elections last year to access voter database files.

Jun. 5. Defense Systems reports that Army trainers successfully used cyber weapons and electronic warfare technology to thwart a simulated tank assault at a training exercise conducted at the Army National Training Center at Fort Irwin, Calif.

Jun. 6. FireEye reports hackers linked to Russian intelligence launched phishing attacks related to European military movements and NATO meetings against Montenegro prior to its formally joining the alliance on June 5.

Jun. 2. The Guardian reports Nigel  Farage, former head of the UK Independence Party, is a person of interest in an investigation by the FBI of collusion between Russia and Donald J. Trump’s presidential campaign.

Jun. 1. Russian President Vladimir Putin acknowledges that some “patriotically minded” Russian hackers could have been involved in cyber meddling with the 2016 U.S. presidential election.

Jun. 1. Guillaume Poupard, director general of ANSSI, France’s cyber defense agency, says he’s found no evidence of Russian hacking of the campaign of President Emmanuel Macron during the recent French elections.

Jun. 1. Radio Free Asia reports that North Korea’s security agency has stepped up its hacking into the mobile phones, laptops and cameras of foreign travelers and infecting them with malware.

Jun. 1. The British American Security Information Council reports that the UK’s Trident submarine fleet is vulnerable to a “catastrophic” cyberattack that could render Britain’s nuclear weapons useless.

May

May 31. Shadow Brokers, the hacker group that released a number of hacking tools believed to be stolen from the NSA, announces it plans to sell more purloined tools to anyone willing to pay more than $22,000 for them.

May 31. Rep. Tom Graves, R-Ga., files bill allowing victims of cyberattacks to hack their attackers, as well as hack into other victims’ computers for “reconnaissance” purposes.

May 30. Moscow-based threat intelligence outfit Group-IB says it has “no doubt” that Lazarus, the hacker group believed to be behind the cyberattacks on Sony Pictures and an $81 million bank robbery in Bangladesh, is connected to North Korea.

May 29. Newly elected French President Emmanuel Macron, while standing beside Russian President Vladimir Putin at a press conference at the Versailles Palace, accuses Kremlin of coordinating “lying propaganda” against him during the French election.

May 26. ABC News reports the FBI is investigating an attempted overseas cyberattack on the Trump Organization, which has been run by President Donald J. Trump’s sons since he became president.

May 25. Flashpoint reports with high confidence that the authors of the WannaCry ransomware were fluent in Chinese, although that alone is not enough to determine the nationality of the malware.

May 25. Wall Street Journal reports Republican political operative Aaron Nevins received from Russian hacker Guccifer 2.0 confidential voter analysis information stolen from the Democratic National Committee and posted it to his blog before the 2016 presidential election.

May 25. Citizen Lab says it has discovered an extensive international hacking campaign with a clear link to Russia that steals documents from its targets, modifies them and sends them out as  disinformation aimed at undermining civil society and democratic institutions.

May 25. Sens. Maggie Hassan, D-N.H., and Rob Portman, R-Ohio, file legislation to establish a bug bounty program in the U.S. Department of Homeland Security.

May 25. FireEye reports hackers linked to the Vietnamese government are likely targeting Philippine state agencies to gather intelligence related to a South China Sea maritime dispute between the two countries.

May 24. Quatar says hackers broke into its state-run news agency and published a fake story that prompted Saudi Arabia and the United Arab Emirates to block the country’s media, including Al-Jazeera.

May 23. Former CIA Director John Brennan testifies before U.S. House Intelligence committee that he was so concerned with Russian interference with the presidential election and contacts between Americans involved with the Trump campaign that he formed a group in July made up of officials from the CIA, FBI and NSA to focus exclusively on the issue.

May 18. Website Netzpolitik publishes leaked draft of amendment to German laws expanding powers of government to break into people’s smartphones and computers.

May 17. The UK National Cyber Security Centre says members of Parliament have been targeted by hackers trying to break into their online accounts. The agency refuses to say who was behind the attack.

May 17. Gizmodo reports network security at several Trump family retreats, including Mar-a-Lago, the Trump National Golf Club in Bedminster, N.J. and the Trump International Hotel in Washington, D.C., is weak and could be easily hacked.

May 16. TrapX reports that for the first time it has identified Iranian and Russian hackers teaming up to launch a cyber attack. It adds that the attack on a military contractor was unsuccessful.

May 15. Ukrainian President Petro Poroshenko orders access to Russia’s most popular social media websites and search engines be blocked in retaliation for Russia’s annexation of Crimea.

May 12. WannaCry, a ransomware program based on software stolen from the NSA, infects thousands of computers in more than 100 countries, forces the UK’s health care system to turn away patients and disables computers in Russia’s Interior Ministry.

May 12. Reuters reports suspected Russian hackers have launched exploratory cyber attacks against the energy networks of Lithuania, Latvia and Estonia raising concerns of NATO.

May 12. Lebanon accuses Israel of hacking into its telecommunications network and sending to some 10,000 people messages claiming Hezbollah leader Sheikh Hassan Nasrallah was behind the death of the groups’s military commander Mustafa Badreddine.

May 12. Survey by Booz Allen Hamilton and Alta Associates finds that U.S. government information security personal are paid $7,000 less than their private sector counterparts.

May 12. Area 1 Security reports Russian hackers targeted the 2008 presidential campaign of Barack Obama, as well as U.S. government officials, which they have continued to attack since they left office.

May 11. President Donald J. Trump signs executive order to bolster the federal government’s cyber security and protect critical infrastructure from cyber attacks.

May 11. Yevgeniy Nikulin, 29, a Russian citizen awaiting extradition from the Czech Republic for hacking LinkedIn, Dropbox and Formspring, claims the FBI offered him U.S. citizenship, an apartment and cash for confessing to stealing Hiliary Clinton’s campaign chief John Podesta’s emails for Russian President Vladimir Putin.

May 11. U.S. General Service Administration announces bug bounty program for its Technology Transformation Service.

May 11. CyberScoop reports Fancy Bear, a hacker group believed to be connected to Russian military intelligence, mounted a phishing campaign pretending to represent NATO on diplomatic organizations in Europe. It notes the phishing emails contain a malicious Microsoft Word file.

May 6. Sen. Dianne Feinstein, the ranking member of the committee that oversees the FBI says the agency paid $900,000 to break into the locked iPhone of a gunman in the San Bernadino, Calif. shootings.

May 5. Campaign of French presidential candidate Emmanuel Macron declares it has been hacked and a combination of real and fabricated emails and documents uploaded to the Internet.

May 5. HackerOne refuses to host a bug bounty program for FlexiSPY, a maker of spyware, because it says the company is operating illegally and unethically. 

May 2. U. S. Director of National Intelligence reports the NSA collected 151 million records about American Phone Calls in 2016, a reduction from the billions of records per day gathered by the agency before Congressional intervention.

May 1. Select committee of UK parliament accuses Google, Twitter and Facebook of failing to address terrorism, violence and hatred and recommends social media operators be prosecuted for leaving unlawul messages online.

April

Apr. 28. U.S. National Security Agency announces it has stopped collecting emails and texts of Americans that mention identifying terms related to foreigners the agency is spying on, a practice that was part of the warrantless surveillance program launched after the Sept. 11, 2001 terrorist attacks on the United States.

Apr. 28. German Attorney General announces arrest of “Daniel M.,” 54, a Swiss citizen working for his country’s intelligence service in plot to uncover who is leaking data related to German tax dodgers stashing money in Swiss banks.

Apr. 28. Australian Federal Police confirms it unlawfully accessed a journalist’s phone records without a warrant.

Apr. 27. McAfee reports sophisticated hackers possibly linked to a foreign nation have increased their activity aimed at disrupting key organizations in Saudi Arabia.

Apr. 27. Arne Schoenbohm, president of the BSI federal cyber security agency, confirms his agency is aware of computer attacks on two foundations tied to Germany’s ruling coalition parties for some time and was helping analyze the situation.

Apr. 26. Israel’s national cyber bureau says it has repelled an attack of about 120 organizations, government offices, public institutions and private citizens by hackers directed by a foreign country attempting to infiltrate agencies involved in civilian research, development and advanced technologies.

Apr. 26. U.S.Air Force and HackerOne announce bug bounty program for vetted security researchers to test the security at the service’s public websites.

Apr. 26. ABC News/Washington Post poll finds 39 percent of Americans believe Donald J. Trump and his campaign worked with Moscow during his presidential campaign.

Apr. 25. Indian hackers take down 30 Pakistan government websites to protest death penalty for Kulbhushan Jadhav, an Indian national and former Naval officer.

Apr. 25. Times of India reports Pakistani hackers attacked the websites of three major educational institutions in India in retaliation for an attack by Indian hackers on the website for Pakastanti Railways and to protest people killed by the Indian Army in Kashmir.

Apr. 25. Trend Micro reports Fancy Bear, a hacking group believed to be closely linked to the Russian military, launched phishing campaign against U.S. military contractor Academi, formerly known as Blackwater. Academi is reportedly working with the Ukrainian government which Russia is trying to undermine.

Apr. 24. Trend Micro reports it found signs of a phishing attack by hackers tied to the Russian military on the campaign of French Presidential candidate Emmanuel Macron in an attempt to steal credentials and plant malware on campaign workers computers.

Apr. 24. Danish Foreign Minister Claus Hjort Frederiksen tells newspaper Berlingske that Fancy Bear, a hacker group associated with the Russian government, broke into the Danish Defense Ministry and gained access to employees’ email in 2015 and 2016.

Apr. 21. FireEye director of cyber-espionage analysis John Hultquist tells Wall Street Journal that his company has detected a surge in Chinese hacker attacks since February against South Korean organizations associated with the deployment of an anti-ballistic missile system in South Korea.

Apr. 20. CBS News reports a manhunt has been launched by the CIA and FBI to find an insider who leaked CIA secrets, including hacking tools, to WikiLeaks.

Apr. 19. Daily Mail reports that documents released by the hacker group called Shadow Brokers suggest the NSA has been monitoring presidential websites in Iran and Russia and that the U.S. spy agency compromised the Russian Federal Nuclear Center’s website.

Apr. 19. Chinese President Xi Jinping announces restructuring of the People’s Liberation Army with a greater emphasis on cyberspace, electronic and information warfare.

Apr. 19. Al Khansaa Kateeba, an all female division of the United Cyber Caliphate, releases self-promotion video claiming it has hacked more than 100 Twitter accounts during its one month of existence.

Apr. 15. Microsoft announces all exploits released online by the hacker group called Shadow Brokers and allegedly stolen from the NSA have been patched in all current versions of Windows.

Apr. 14. The hacker group called Shadow Brokers release more alleged NSA documents revealing the agency hacked deep into the financial infrastructure of the Middle East and compromised the global SWIFT transaction system.

Apr. 13. The Times of London reports Facebook is at risk of criminal prosecution in the UK for refusing to remove from its site child pornography and terrorist content, including an Islamic State beheading and posters glorifying recent terrorist attacks in London and Egypt.

Apr. 13. Microsoft releases six-month transparency report revealing the number of U.S. foreign intelligence surveillance requests — which are used to collect foreign intelligence and monitor spies — made to the company doubled from the second half of 2015 to the first half of 2016.

Apr. 12. The Public Accounts Select Committee of the House of Commons releases report with finding that foreign hackers may have disrupted access to the British government’s voter registration website on the last day people could register to vote on Brexit.

Apr. 11. Caucasus Chronicles reports Azerbaijani government has installed an net appliance to block three opposition news sites, but one of the sites, Azadliq Qezeti, is circumventing the government’s action through Amazon Web Services.

Apr. 10. The hacker group known as Shadow Brokers releases password to an archive of NSA hacking tools and documents posted on the Internet in protest of the U.S. air strike in Syria.

Apr. 9. Pyotr Levashov, a Russian programmer and alleged spam czar, is arrested in Barcelona under a U.S. international warrant for his connection to the Kelihos crime botnet and possibly for meddling with the 2016 presidential election.

Apr. 7. Dallas officials report city’s warning system was hacked setting off emergency alarms throughout the city for an hour and 40 minutes causing 911 phone lines to be flooded with calls from fearful and confused citizens.

Apr. 7. Twitter drops lawsuit against U.S. government after U.S. Customs and Border Protection withdraws summons demanding identity of people behind a Twitter account critical of President Donald J. Trump.

Apr. 7. Software developer Zhengquan Zhang arrested by FBI for stealing employee information and source code from his employer KCG Holdings.

Apr. 6. Fidelis Cybersecurity reports that hackers working for the Chinese government set up a watering hole attack at the Foreign Trade Council in Washington, D.C. in order to perform reconnaissance activity on members of the council which includes executives from Amazon, Coca-Cola, eBay, ExxonMobil, Google, IBM, KPMG, Microsoft, Oracle, Pfizer, Visa and Walmart.

Apr. 6. Chairman of the House Intelligence Committee Devin Nunes, R-Calif, recuses himself from his panel’s probe into Russian interference with 2016 presidential election after the House Ethics Committee announces it’s investigating him for possible unauthorized disclosure of classified information.

Apr. 4. Chosen Ilbo newspaper reports North Korea hackers may have gained access to a portion of the secret war plans of the United States and South Korea against the North should hostilities resume on the peninsula.

Apr. 4. FBI alerts Vermont authorities that the email system of the state legislature is being targeted by a foreign attacker.

Apr. 4. The United Cyber Caliphate urges lone wolf attacks on a hit list of 8,786 names and addresses, including that of President Donald J. Trump, in six-minute video posted to the Internet.

Apr. 3. International Association of Athletics Federation announces data breach it believes was perpetrated by Fancy Bear, the group of Russian hackers who meddled with the 2016 U.S. presidential election, but can’t confirm if any data was stolen in the attack.

Apr. 3. UK National Cyber Security Centre and the cyber units of PwC and BAE systems report a group of Chinese hackers they’re calling APT10 have been attacking large British corporations through their IT suppliers.

Apr. 2. UK government warns nation’s nuclear power industry to be on guard for terrorists, spies and hacktivists looking to exploit vulnerabilities in the industry’s Internet defenses.

Apr. 2. The Financial Times reports that the FBI is planning to create a special unit based in Washington, D.C. and staffed with about 20 special agents to investigate Russian meddling with the 2016 presidential election.

Apr. 1. New York Post says its push notification system has been compromised which resulted in a message being sent to its users that read “Heil President Donald Trump.”

Apr.l 1. To beef up its online defenses, Germany launches the Cyber and Information Space Command as a new wing of its military.

Stay tuned for the Q3 2017 edition of Cyberwarfare Diary.

John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.

grayfooterline

Q1 2017

Cyberwarfare.com is a quarterly diary of cyberwarfare activity. What is cyberwarfare? Cyberwarfare is defined as the most aggressive form of attack by a foe or rival over the internet. It largely applies to actions by states and involves denying internet services to communities or countries, or, at worst, destroying critical infrastructure or industrial facilities.

NATION WATCH

Russian election hacking, intelligence leaks dominate cyberwarfare news for first quarter of 2017

johnmelloembossedJohn P. Mello, Jr.

Menlo Park, Calif. – Mar. 31, 2017

News about Russian hacking of the 2016 presidential election created a blizzard of headlines during the first three months of 2017. The controversy became so hot it forced the President’s National Security Advisor to resign and the U.S. Attorney General to recuse himself from any investigations into Russian election meddling.

Meanwhile, both the CIA and NSA were compromised during the period. WikiLeaks dumped confidential documents from the CIA on the Net and the NSA was stung by the indictment of one of its former contractors who stole 500 million pages of documents.

Also during the time frame, a Microsoft executive called on nations to hold a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace.

CYBERWARFARE DIARY

March

Mar. 31. WikiLeaks releases “Vault 7 Marble,” 676 source code files for a CIA framework used to hamper forensic investigators and antivirus companies from attributing to the CIA cyberattacks by the agency.

Mar. 31. Sen. Mark Warner, the ranking Democrat on the U.S. Senate committee investigating Russian interference in the 2016 presidential election, says the Kremlin paid an army of 1,000 people to create fake anti-Hilliary Clinton news stories targeting key swing states.

Mar. 30.  Michael Flynn, the former national security adviser for President Donald J. Trump, offers to testify before House and Senate panels investigating the Trump campaign’s ties to Russia in exchange for immunity from prosecution.

Mar. 30. Azerbaijan’s government blocks primary independent news websites for several days in what’s believed to be an attempt to dampen criticism of the appointment of the country’s first lady as vice president.

Mar. 30. Globe and Mail reports that a cyberattack by Chinese hackers in 2014 at Canada’s Natonal Research Council cost the country hundreds of millions dollars.

Mar. 27. The Times of London reports that the Islamic State has flooded YouTube with hundreds of violent recruiting videos following a terrorist attack on Parliament on March 22.

Mar. 24. German Federal Office for Information Security says that last year it foiled two cyberattacks by the Russian hackers alleged to have interfered with the U.S. presidential election — one an attempt to create a domain in the Baltic region for a German political party; the other a spear-phishing scheme directed against parties in the country’s lower house of parliament.

Mar. 23. Twitter releases transparency report revealing it shut down 376,890 accounts for “violations related to the promotion of terrorism” from July 1 to December 31 of 2016.

Mar. 23. CNN reports that the FBI has information that indicates associates of President Donald J. Trump communicated with suspected Russian operatives to possibly coordinate the release of information damaging to Hillary Clinton’s 2016 presidential campaign.

Mar.21. Reuters reports that Google and Jigsaw have begun offering free Protect Your Election packages to election organizers and civic groups so they can guard themselves from politically-motivated cyberattacks.

Mar. 20. FBI Director James Comey confirms his agency is investigating possible links between Russian hackers and President Donald J. Trump’s election team at a hearing by the U.S. House Intelligence Committee.

grayfooterline

RELATED: Hackerpocalypse — World War III is underway, and it’s cyber… timeline ad infinitum.

grayfooterline

Mar. 17. Alfa Bank, a privately-owned Russian financial institution, confirms it has contacted U.S. law enforcement authorities and offered complete cooperation in finding out who attempted to use its servers to make it appear that the bank was communicating with the Trump organization.

Mar. 16. Trump Administration releases budget proposal that includes $1.5 billion for cybersecurity and protecting the nation’s critical infrastructure.

Mar. 16. Canada’s Department of National Defense releases documents revealing that the country is taking steps to strengthen its cyber warfare arsenal.

Mar. 15. U.S. Justice Department indicts for hacking half a billion Yahoo accounts Russian Federal Security Service agents Dmitry Dokuchaev and Igor Sushchin and two co-conspirators, Alexsey Belan and Karim Baratov.

Mar. 15. Twitter accounts of high-profile news outlets, international brands and politicians are hacked and tweets posted in support of Turkish President Tayyip Erdogans who is in a heated dispute with several European countries over whether Turkish politicians should be allowed to speak at political rallies in those nations.

Mar. 12. MacKeeper security researchers report they’ve discovered a misconfigured device connected to the Internet belonging to a U.S. Air Force officer that has exposed sensitive information to the public, including a spreadsheet with details about ongoing investigations by the service.

Mar. 12. British spy agency GCHQ calls emergency summit with UK political parties after warning them that they are at risk of Russian cyberattacks disrupting the next general election in the country.

Mar. 8. Information Technology and Innovation Foundation reports that 92 percent of U.S. government websites fail to meet basic standards for security, speed, mobile friendliness or accessibility.

Mar. 9. Korean Herald reports Chinese hackers who forced website of retailer Lotte Mart offline in retaliation for its role in the siting of a U.S. missile defense base in Korea have expanded their attacks to include 30 public and company websites of the peninsula nation, including sites for the 2018 Olympics and 2017 WTF World Taekwondo Championships.

Mar. 7. WikiLeaks posts online thousands of documents it says were leaked from the U.S. Central Intelligence Agency, including information on tools used by the spies to hack computers and mobile phones.

Mar. 6. Bloomberg reports that Russian hackers have been launching cyberattacks on U.S. progressive groups in attempts to find embarrassing emails that can be used to extort money from them.

Mar. 4. New York Times reports that the United States has been waging a secret cyber war for three years against North Korea to disrupt its missile program.

Mar. 3. FBI opens investigation into possible data breach at the Center for Election Systems at Kennesaw State University in Georgia that could potentially impact 7.5 million voter records.

Mar. 2. Retired Gen. Keith Alexander, former head of the National Security Agency, at hearing by U.S. Senate Armed Services Committee says federal agencies are unable to protect the nation against digital threats because they don’t share information.

Mar. 2. U.S. Attorney General Jeff Sessions announces he will recuse himself from any investigation into charges that Russia meddled in 2016 presidential election after it was discovered he failed to disclose during his confirmation hearing two meetings he had with the Russian ambassador to the United States.

February

Feb. 28. The Defense Science Board releases study on state of cyber defense in the United States forecasting that in the next five to 10 years other nations will have offensive cyber capabilities that “far exceed the United States’ ability to defend and adequately strengthen the resilience of its critical infrastructures.”

Feb. 21. McClatchy Washington Bureau reports that U.S. investigators are examining whether or not Russia’s Federal Security Service funneled payments disguised as pension benefits to operatives in the United States used to hack Democratic party emails and discredit Hilliary Clinton’s presidential campaign.

Feb. 20. Professor Sheena Geitens, an East Asia expert at the University of Missouri, tells Time magazine that Chinese suspension of coal imports from North Korea as punishment for assassinating the half-brother of Supreme Leader Kin Jong Un at a Malaysian airport will result in stepped up cybercrime by North Korea’s army of 6,800 state-sponsored hackers.

Feb. 18. Fortune magazine reports that FBI is conducting at least three investigations into the alleged Russian hacking of the U.S. presidential elections — one into the breach of the Democratic National Committee, another into the theft of emails of Clinton campaign manager John Podesta and a third into links between Russia and Trump associates.

Feb. 17. Rep. Ted Lieu (D-Calif.) and 14 other members of Congress request House Oversight Committee to investigate the cybersecurity practices of President Donald J. Trump, including his use of an unsecured personal phone.

Feb. 16. IBM’s X-Force Incident Response and Intelligence Services identifies propagation techniques used by the Shamoon malware, which has been a major weapon in the cyberwar between Saudi Arabia and Iran.

Feb. 16. A report by Google leaked to the public reveals the company knew about Fancy Bear before the group was linked to the data breach as the Democratic National Convention.

Feb. 16. Patrick Wardle, a former NSA staffer and current research head at Synack, a bug hunting company, tells Forbes magazine that malware leaked online and believed to belong to Fancy Bear, the group of Russian hackers connected a data breach at the Democratic National Committee, contains “chunks” of code from hacking tools stolen from the Italian cyber mercenary firm Hacking Team.

grayfooterline

RELATED: Training Cyber War Fighters – Cybersecurity Ventures has announced its 2017 List of Master’s Degree Programs in Cybersecurity

grayfooterline

Feb. 15. Oleksandr Tkachuk, Ukraine’s security service chief of staff, accuses Russian hackers of targeting his country’s power grid, financial systems and other infrastructure with a new type of computer virus that attacks industrial processes,

Feb. 15. Threat intelligence company Recorded Future reports Russian-speaking hacker it calls Rasputin, who breached the U.S. Election Assistance Commission in November, is selling unauthorized access to more than 60 universities and government agencies.

Feb. 14. Brad Smith, president and chief legal officer of Microsoft, calls for a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace.

Feb. 14. New York Times reports U.S. law enforcement and intelligence agencies have phone records and intercepted calls that show members of Donald J. Trump’s 2016 presidential campaign and other Trump associates had repeated contacts with senior Russian intelligence officials in the year before the election.

Feb. 13. Richard Ferrand, secretary-general of the French En Marche party, accuses Russia of targeting presidential frontrunner Emmanuel Macron through media and Internet attacks to help the election campaigns of his rivals.

Feb. 10. The Guardian reports that Russia is suspected by Italian officials of being behind a sustained hacking attack on the country’s foreign ministry last year that compromised email communications and lasted for many months.

Feb. 8. U.S. prosecutors air indictment against Harold T. Martin III, a former NSA contractor who is accused of stealing some 500 million pages of classified documents from the agency.

Feb. 7. General Stephen W. Wilson, vice chief of staff for the U.S. Air Force, testifies before Congress that in 2016, his service branch conducted 4,000 cyber missions against more than 100,000 targets, enabling more than 200 high-value, kill-capture missions.

Feb. 6. Security researchers Claudio Guarnieri and Collin Anderson report Iranian hackers are using malware designed to infect Apple computers to attack the U.S. defense industry and human rights groups.

Feb. 3. Norwegian security service warns that country’s Labor Party, defense and foreign ministries and the security service itself have been targeted by Fancy Bear, hacker group believed to be linked to Russia.

Feb. 3. Science Advances publishes paper by Canadian researchers explaining how to hack into a quantum network similar to one being built by the Chinese, which they claim is hack-proof.

Feb. 3. Rob Bertholee, head of the Dutch AIVD security service, says Russia, China and Iran have made hundreds of attempts to hack into Dutch government departments and companies in the last six months.

Feb. 2. UK Law Commission recommends the country’s Official Secrets Act be modified so that spies and civil servants who leak national security secrets face up 14 years in prison.

Feb. 2. Russia charges four people, including two officers in its FSB spy agency, with treason for passing to the United States information believed to be about the Kremlin’s efforts to influence the 2016 presidential election in the United States.

Feb. 1. Dutch government announces it is scrapping the computer software it uses to tally and transmit election results and perform the tasks by hand for fear the election results could be hacked.

Feb. 1. Dan Tentler, founder of cybersecurity firm Phobos Group, warns that several servers run by the U.S. Department of Defense that have been misconfigured for at least eight months could be easily penetrated by threat actors who could use the systems to launch cyberattacks that appear to originate on those systems.

January

Jan. 30. Maagad Ben Juwad Oydeh, who hacked the video feeds from Israeli drones hovering over Gaza, agrees to plea deal with a suggested jail sentence of nine years.

Jan. 30. Rzeczpospolita reports a failed phishing attack on several employees of the Polish Foreign Ministry is believed to be the work of Fancy Bear, the Russian hacker group tied to trying to influence the outcome of the U.S. presidential election.

Jan. 29. The Times of London reports Dmitry Dokuchaev has been arrested in Russia on treason charges, the third such arrest since the Kremlin’s interference with the U.S. presidential election was exposed.

Jan. 26. SecureWorks reports that Fancy Bear, the group of Russian hackers believed to have targeted the U.S. political system during the run-up to the 2016 presidential election, infiltrated a UK television network for almost a year and monitored its operation.

Jan. 26. The Electronic Privacy Information Center files a lawsuit against the Office of the Director of National Intelligence seeking the release of the U.S. intelligence community’s entire assessment of Russia’s interfence with the 2016 presidential election.

Jan.17. CNN/ORC releases poll showing 58 percent of Americans believe the outcome of the presidential election would have been the same whether Russia tried to influence the outcome or not.

Jan. 16. Secureworks says Fancy Bear, the group of Russian hackers believed to have influenced the U.S. elections, has hacked a Norwegian military attache stationed in Eastern Europe and the Norwegian diplomatic mission in Central Asia.

Jan. 16. Nikolay Patrushev, head of Russia’s Security Council, says his country has been experiencing increased attempts to penetrate its information systems by foreign countries, including the United States, China and India.

Jan. 16. Cybersecurity Ventures announces it has acquired for an undisclosed price the domain name Cyberwarfare.com from a private seller.

Jan. 15. The Daily Express reports Russian electronic units are hacking into the systems of RAF bombers and forcing them to abort missions over Syria.

Jan. 14. Dutch media reports Russian hackers attempted to access a report prepared by Dutch investigators on Malaysian Airlines flight MH17, which was shot down above the Ukraine, two weeks before the report was released.

Jan. 13. U.S. Senate Intelligence Committee announces it will investigate allegations Russia used cyber attacks to influence U.S. presidential elections.

Jan. 13. Boston Police announce they’re scrapping a $1.4 million plan to buy software to monitor social media postings for criminal activity and threats to public safety after objections about the technology were raised by more than a dozen civil rights groups and religious organizations.

Jan. 13. Manager of City of Ashland, Wisc. says Russian and East European hackers tried to continually but unsuccessfully to break into the city’s computer systems in the months prior to the 2016 presidential elections.

Jan. 12. Motherboard reports it has received from a hacker 900 gigabytes of data stolen from Cellebrite — an Israeli mobile hacking company that’s done work for U.S. federal and state law enforcement agencies as well as Russia, the United Arab Emirates and Turkey — including customer information, databases, and a vast amount of technical data regarding its products.

grayfooterline

RELATED: The Phi Beta Cyber Society — Connecting the top U.S. men and women in cybersecurity with our high school students.

grayfooterline

Jan. 12. Shadow Brokers, a mysterious group of hackers that gained notice when they previously published hundreds of hacking tools belonging to the NSA, announces it is disbanding and releases a number of Zero Day Windows vulnerabilities.

Jan. 11. Palestinian militant group Hamas baits dozens of Israeli soldiers with online “honeypots” that encouraged them to download malicious apps that compromised their phones and lead to Hamas accessing sensitive army information and intelligence.

Jan. 10. FBI Director James Comey testifies before U.S.Senate Intelligence Committee that Russia hacked into Republican state political campaigns and old email domains of the Republican National Committee but did not release any of the information they obtained from those locations.

Jan. 10. The Arizona Department of Administration says it has found no evidence of tampering with with a state employee timekeeping system after some legislators saw Russian prompts on it; however, the state is continuing to investigate a number of computers used by legislators and staff infected with malware.

Jan. 9. Hans-Georg Maassen, head of Germany’s domestic intelligence service, says his agency has discovered evidence that the Kremlin-linked hacking group Fancy Bear, also known an APT28, was behind an attack on the computers of the Organisation for Security and Cooperation in Europe, the organization responsible for monitoring the ceasefire between government forces and pro-Russian rebels in eastern Ukraine.

Jan. 8. French Defense Minister Jean-Yves Le Drian says in an interview published in Le Journal du Dimanche that in 2016 his ministry thwarted 24,000 cyber attacks involving harassment, surveillance, espionage and disruption of its drone program.

Jan. 6. U.S. intelligence officials release report concluding that Russian President Vladimir Putin personally ordered an influence campaign in 2016 that turned from denigrating Hillary Clinton to developing a clear preference for President-elect Donald Trump.

Jan. 6. U.S. Homeland Security Secretary Jeh Johnson designates U.S. elections systems part of the nation’s critical infrastructure, which will allow the federal government to give states greater assistance in preventing cyber attacks on those systems.

Jan. 6. California Department of Insurance finds data breach that compromised 78.8 million consumer records at health insurer Anthem was performed on behalf of a foreign government.

Jan. 6. Ukraine’s military denies report by cybersecurity firm Cloudstrike that Russia hacked targeting software for Ukraine’s heavy artillery which allowed the Kremlin to track the big guns.

Jan. 6. Department 13, a Maryland company and DARPA spinoff, says it can take control of drones in flight without the use of jamming.

Jan. 5. Armed Services Committee of U.S. Senate holds public hearing with top intelligence officials on Russian cyber aggression and interference with presidential election.

Jan. 5. U.S. Director of National Security James Clapper, Undersecretary of Defense for Intelligence Marcel Lettre and NSA and U.S .Cyber Command Director Admiral Mike Rogers issue joint statement saying more than 30 countries are developing cyber attack capabilities.

Jan. 5. Former CIA Director James Woolsey resigns as an adviser to President-elect Donald Trump.

Jan. 5. Center for Strategic and International Studies task force on cyber policy chaired by Rep. Michael McCaul (R.-Texas) and Sen. Sheldon Whitehouse (D.-R.I.) recommends Trump administration develop new policies to deter and respond to nation-states engaged in hostile behavior in cyberspace.

Jan. 3. U.S. Department of Homeland Security and the FBI warn Hydro One, the main distributor of electricity in the Canadian province of Ontario, that it may have been the target of a Russian cyberattack that planted malware on the power provider’s computer systems.

Stay tuned for the Q2 2017 edition of Cyberwarfare Diary.

John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.

grayfooterline

Q4 2016

Cyberwarfare.com is a quarterly diary of cyberwarfare activity. What is cyberwarfare? Cyberwarfare is defined as the most aggressive form of attack by a foe or rival over the internet. It largely applies to actions by states and involves denying internet services to communities or countries, or, at worst, destroying critical infrastructure or industrial facilities.

NATION WATCH

U.S. v. Russia cyber conflict intensifies

johnmelloembossedJohn P. Mello, Jr.

Menlo Park, Calif. – Dec. 30, 2016

The quarter began with an official accusation that Russia interfered with elections in the United States and ended with dozens of the Kremlin’s diplomats being expelled from their American digs in retaliation for that interference.

In between, there was a destructive cyberattack on Saudi Arabia, a demonstration of a new stealth fighter build with stolen U.S. tech, a call for banning Lenovo hardware in the Defense Department and a hacker assault on a U.S. aircraft carrier in the South China Sea.

CYBERWARFARE DIARY

December

Dec. 31. U.S. Department of Homeland Security says malware found on a laptop belonging to the Burlington (Vermont) Electric Company matches malicious software attributed to Russian hackers found on the computers of the  Democratic National Committee.

Dec. 30. President Barrack Obama expels from the United States 35 suspected Russian spies for “malicious cyber activity and harassment” in connection with Russia’s attempt to influence the 2016 presidential election.

Dec. 29. U.S. Department of Homeland Security and FBI release 13-page report on Russian interference with U.S. Presidential election by hacking American political sites and email accounts.

Dec. 29. Ukrainian President Petro Poroshenko says his country’s state institutions have been targeted about 6,500 times in the past two months by hackers, including agents of Russian security services.

Dec. 28. The Organization for Security Cooperation in Europe, which monitors the Ukraine-Russian conflict, says it suffered a data breach that compromised the security of its computer network.

grayfooterline

RELATED: Hackerpocalypse — World War III is underway, and it’s cyber… timeline ad infinitum.

grayfooterline

Dec. 23. CNBC reports the FBI is investigating infiltration of computers at Federal Deposit Insurance Corporation, which insures consumer deposits in U.S. banks, believed to be perpetrated by China’s military.

Dec. 22. Crowdstrike, an information security company, reports the Russian hacking group that stole data from the computers of the Democratic National Committee also used their skills to pinpoint and kill Ukrainian soldiers in 2014.

Dec. 15. CBS News reports that in August 2015 Russian hackers seized control of the non-classified email system of the U.S. Joint Chiefs of Staff used by about 3,500 officers and civilians.

Dec. 15. The Wall Street Journal reports the Republican National Committee foiled attempts to break into its computer systems using the same techniques that compromised the systems of its Democratic counterpart.

Dec. 9. Hans-Georg Maassen, head of the BfV, Germany’s domestic intelligence agency, says in statement that his agency has seen aggressive and increased cyber spying and cyber operations aimed at weakening and destabilizing the Federal Republic of Germany.

Dec. 2. Russia’s Federal Security Service says it has thwarted a cyberattack mounted by “foreign intelligence services” designed to destabilize its country’s financial system.

Dec. 1. Bloomberg reports cyberattacks believed to be launched from Iran against Saudi Arabia have erased data and disrupted operations at the agency running the country’s airports.

November

Nov. 17. Recruitment website for the Canadian armed forces hacked and visitors redirected to the home page of the Chinese government.

Nov. 4. NBC News reports that U.S.military hackers have penetrated Russia’s power grid, telecommunications networks and command systems making them vulnerable to American cyber weapons.

Nov. 4. Swiss Attorney General’s office suspends 18-month investigation into cyber espionage at Iran nuclear program talks in 2015 because it can’t find who was behind the criminal wrongdoing.

grayfooterline

RELATED: Training Cyber War Fighters – Cybersecurity Ventures has announced its 2017 List of Master’s Degree Programs in Cybersecurity

grayfooterline

Nov. 3. WikiLeaks founder Julian Assange tells Russian-government run news station that Kremlin did not feed him stolen emails from Democratic Party organizations in the United States.

Nov. 2. Microsoft says Russian hackers accused of interfering with U.S. elections exploited a “zero day” vulnerability in Windows to attack users of that operating system.

Nov. 1. Chinese demo their J-20 stealth fighter, which is believed to be based on blueprints for the U.S. F-22 stealth fighter stolen by hackers from the military.

October

Oct. 31. A group called Shadow Brokers dumps online a list of servers compromised by the Equation Group, which has been linked to the NSA, and appear to be have been used for surveillance and other activity.

Oct. 28. Volexity, a network security company, says Chinese hackers launched a network attack targeting defense officials, defense industry representatives, defense security experts and think-tank scholars attending U.S.-Taiwan Defense Industry Conference in Williamsburg, Va. earlier this month.

Oct. 27. Ukrainian hackers release thousands of emails that appear to link between Russian President Vladimir Putin’s adviser Vladislav Surkov and the pro-Russia rebels fighting Ukrainian forces.

Oct. 24. The Washington Beacon reports the Pentagon’s J-2 intelligence directorate is warning the military against using equipment produced by Chinese firm Lenovo because it could introduce compromised hardware into the U.S. Defense Department supply chain.

Oct. 21. U.S. Navy confirms Chinese hackers launched a cyberattack against the Nimitz-class aircraft carrier U.S.S. Ronald Reagan while it was on patrol in the South China Sea, but there was no evidence the foray was successful.

grayfooterline

RELATED: The Phi Beta Cyber Society — Connecting the top U.S. men and women in cybersecurity with our high school students.

grayfooterline

Oct. 18. Information security firm ThreatConnect reports Chinese hackers have compromised a European drone company and the U.S. subsidiary of a French energy management company to most likely obtain information to help Chinese businesses in those sectors.

Oct. 12. CNN reports federal investigators believe Russian hackers compromised a contractor for Florida’s election system and exposed information about the state’s voters.

Oct. 12. CrowdStrike, an information security company, says commercial hacking by China against U.S. firms has declined 90 percent since the Beijing and Washington inked an agreement 13 months ago to curb economic espionage.

Oct. 11. The Telegraph reports that ministers of UK Prime Minister Theresa May’s government have been banned from wearing Apple Watches to cabinet meetings for fear the devices could be hacked by Russian spies.

Oct. 7. The Obama administration officially accuses Russia of attempting to interfere with the 2016 U.S. elections by hacking the computers of the Democratic National Committee and other political organizations.

Oct. 1. National Cyber Safety and Standards of India claims it has infiltrated Pakistan’s critical and defense infrastructure and could destroy it if ordered to do so by the Indian government.

Stay tuned for the Q1 2017 edition of the Cyberwarfare Diary.

John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.

grayfooterline

© 2016-2017 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.