11 Apr Cyberwarfare Report, Vol. 2, No. 1: Russian Election Hacking, Intelligence Leaks Dominate Cyberwarfare News
Menlo Park, Calif. – Mar. 31, 2017
News about Russian hacking of the 2016 presidential election created a blizzard of headlines during the first three months of 2017. The controversy became so hot it forced the President’s National Security Advisor to resign and the U.S. Attorney General to recuse himself from any investigations into Russian election meddling.
Meanwhile, both the CIA and NSA were compromised during the period. WikiLeaks dumped confidential documents from the CIA on the Net and the NSA was stung by the indictment of one of its former contractors who stole 500 million pages of documents.
Also during the time frame, a Microsoft executive called on nations to hold a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace.
Mar. 31. WikiLeaks releases “Vault 7 Marble,” 676 source code files for a CIA framework used to hamper forensic investigators and antivirus companies from attributing to the CIA cyberattacks by the agency.
Mar. 31. Sen. Mark Warner, the ranking Democrat on the U.S. Senate committee investigating Russian interference in the 2016 presidential election, says the Kremlin paid an army of 1,000 people to create fake anti-Hilliary Clinton news stories targeting key swing states.
Mar. 30. Michael Flynn, the former national security adviser for President Donald J. Trump, offers to testify before House and Senate panels investigating the Trump campaign’s ties to Russia in exchange for immunity from prosecution.
Mar. 30. Azerbaijan’s government blocks primary independent news websites for several days in what’s believed to be an attempt to dampen criticism of the appointment of the country’s first lady as vice president.
Mar. 30. Globe and Mail reports that a cyberattack by Chinese hackers in 2014 at Canada’s Natonal Research Council cost the country hundreds of millions dollars.
Mar. 27. The Times of London reports that the Islamic State has flooded YouTube with hundreds of violent recruiting videos following a terrorist attack on Parliament on March 22.
Mar. 24. German Federal Office for Information Security says that last year it foiled two cyberattacks by the Russian hackers alleged to have interfered with the U.S. presidential election — one an attempt to create a domain in the Baltic region for a German political party; the other a spear-phishing scheme directed against parties in the country’s lower house of parliament.
Mar. 23. Twitter releases transparency report revealing it shut down 376,890 accounts for “violations related to the promotion of terrorism” from July 1 to December 31 of 2016.
Mar. 23. CNN reports that the FBI has information that indicates associates of President Donald J. Trump communicated with suspected Russian operatives to possibly coordinate the release of information damaging to Hillary Clinton’s 2016 presidential campaign.
Mar.21. Reuters reports that Google and Jigsaw have begun offering free Protect Your Election packages to election organizers and civic groups so they can guard themselves from politically-motivated cyberattacks.
Mar. 20. FBI Director James Comey confirms his agency is investigating possible links between Russian hackers and President Donald J. Trump’s election team at a hearing by the U.S. House Intelligence Committee.
Mar. 17. Alfa Bank, a privately-owned Russian financial institution, confirms it has contacted U.S. law enforcement authorities and offered complete cooperation in finding out who attempted to use its servers to make it appear that the bank was communicating with the Trump organization.
Mar. 16. Trump Administration releases budget proposal that includes $1.5 billion for cybersecurity and protecting the nation’s critical infrastructure.
Mar. 16. Canada’s Department of National Defense releases documents revealing that the country is taking steps to strengthen its cyber warfare arsenal.
Mar. 15. U.S. Justice Department indicts for hacking half a billion Yahoo accounts Russian Federal Security Service agents Dmitry Dokuchaev and Igor Sushchin and two co-conspirators, Alexsey Belan and Karim Baratov.
Mar. 15. Twitter accounts of high-profile news outlets, international brands and politicians are hacked and tweets posted in support of Turkish President Tayyip Erdogans who is in a heated dispute with several European countries over whether Turkish politicians should be allowed to speak at political rallies in those nations.
Mar. 12. MacKeeper security researchers report they’ve discovered a misconfigured device connected to the Internet belonging to a U.S. Air Force officer that has exposed sensitive information to the public, including a spreadsheet with details about ongoing investigations by the service.
Mar. 12. British spy agency GCHQ calls emergency summit with UK political parties after warning them that they are at risk of Russian cyberattacks disrupting the next general election in the country.
Mar. 8. Information Technology and Innovation Foundation reports that 92 percent of U.S. government websites fail to meet basic standards for security, speed, mobile friendliness or accessibility.
Mar. 9. Korean Herald reports Chinese hackers who forced website of retailer Lotte Mart offline in retaliation for its role in the siting of a U.S. missile defense base in Korea have expanded their attacks to include 30 public and company websites of the peninsula nation, including sites for the 2018 Olympics and 2017 WTF World Taekwondo Championships.
Mar. 7. WikiLeaks posts online thousands of documents it says were leaked from the U.S. Central Intelligence Agency, including information on tools used by the spies to hack computers and mobile phones.
Mar. 6. Bloomberg reports that Russian hackers have been launching cyberattacks on U.S. progressive groups in attempts to find embarrassing emails that can be used to extort money from them.
Mar. 4. New York Times reports that the United States has been waging a secret cyber war for three years against North Korea to disrupt its missile program.
Mar. 3. FBI opens investigation into possible data breach at the Center for Election Systems at Kennesaw State University in Georgia that could potentially impact 7.5 million voter records.
Mar. 2. Retired Gen. Keith Alexander, former head of the National Security Agency, at hearing by U.S. Senate Armed Services Committee says federal agencies are unable to protect the nation against digital threats because they don’t share information.
Mar. 2. U.S. Attorney General Jeff Sessions announces he will recuse himself from any investigation into charges that Russia meddled in 2016 presidential election after it was discovered he failed to disclose during his confirmation hearing two meetings he had with the Russian ambassador to the United States.
Feb. 28. The Defense Science Board releases study on state of cyber defense in the United States forecasting that in the next five to 10 years other nations will have offensive cyber capabilities that “far exceed the United States’ ability to defend and adequately strengthen the resilience of its critical infrastructures.”
Feb. 21. McClatchy Washington Bureau reports that U.S. investigators are examining whether or not Russia’s Federal Security Service funneled payments disguised as pension benefits to operatives in the United States used to hack Democratic party emails and discredit Hilliary Clinton’s presidential campaign.
Feb. 20. Professor Sheena Geitens, an East Asia expert at the University of Missouri, tells Time magazine that Chinese suspension of coal imports from North Korea as punishment for assassinating the half-brother of Supreme Leader Kin Jong Un at a Malaysian airport will result in stepped up cybercrime by North Korea’s army of 6,800 state-sponsored hackers.
Feb. 18. Fortune magazine reports that FBI is conducting at least three investigations into the alleged Russian hacking of the U.S. presidential elections — one into the breach of the Democratic National Committee, another into the theft of emails of Clinton campaign manager John Podesta and a third into links between Russia and Trump associates.
Feb. 17. Rep. Ted Lieu (D-Calif.) and 14 other members of Congress request House Oversight Committee to investigate the cybersecurity practices of President Donald J. Trump, including his use of an unsecured personal phone.
Feb. 16. IBM’s X-Force Incident Response and Intelligence Services identifies propagation techniques used by the Shamoon malware, which has been a major weapon in the cyberwar between Saudi Arabia and Iran.
Feb. 16. A report by Google leaked to the public reveals the company knew about Fancy Bear before the group was linked to the data breach as the Democratic National Convention.
Feb. 16. Patrick Wardle, a former NSA staffer and current research head at Synack, a bug hunting company, tells Forbes magazine that malware leaked online and believed to belong to Fancy Bear, the group of Russian hackers connected a data breach at the Democratic National Committee, contains “chunks” of code from hacking tools stolen from the Italian cyber mercenary firm Hacking Team.
Feb. 15. Oleksandr Tkachuk, Ukraine’s security service chief of staff, accuses Russian hackers of targeting his country’s power grid, financial systems and other infrastructure with a new type of computer virus that attacks industrial processes,
Feb. 15. Threat intelligence company Recorded Future reports Russian-speaking hacker it calls Rasputin, who breached the U.S. Election Assistance Commission in November, is selling unauthorized access to more than 60 universities and government agencies.
Feb. 14. Brad Smith, president and chief legal officer of Microsoft, calls for a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace.
Feb. 14. New York Times reports U.S. law enforcement and intelligence agencies have phone records and intercepted calls that show members of Donald J. Trump’s 2016 presidential campaign and other Trump associates had repeated contacts with senior Russian intelligence officials in the year before the election.
Feb. 13. Richard Ferrand, secretary-general of the French En Marche party, accuses Russia of targeting presidential frontrunner Emmanuel Macron through media and Internet attacks to help the election campaigns of his rivals.
Feb. 10. The Guardian reports that Russia is suspected by Italian officials of being behind a sustained hacking attack on the country’s foreign ministry last year that compromised email communications and lasted for many months.
Feb. 8. U.S. prosecutors air indictment against Harold T. Martin III, a former NSA contractor who is accused of stealing some 500 million pages of classified documents from the agency.
Feb. 7. General Stephen W. Wilson, vice chief of staff for the U.S. Air Force, testifies before Congress that in 2016, his service branch conducted 4,000 cyber missions against more than 100,000 targets, enabling more than 200 high-value, kill-capture missions.
Feb. 6. Security researchers Claudio Guarnieri and Collin Anderson report Iranian hackers are using malware designed to infect Apple computers to attack the U.S. defense industry and human rights groups.
Feb. 3. Norwegian security service warns that country’s Labor Party, defense and foreign ministries and the security service itself have been targeted by Fancy Bear, hacker group believed to be linked to Russia.
Feb. 3. Science Advances publishes paper by Canadian researchers explaining how to hack into a quantum network similar to one being built by the Chinese, which they claim is hack-proof.
Feb. 3. Rob Bertholee, head of the Dutch AIVD security service, says Russia, China and Iran have made hundreds of attempts to hack into Dutch government departments and companies in the last six months.
Feb. 2. UK Law Commission recommends the country’s Official Secrets Act be modified so that spies and civil servants who leak national security secrets face up 14 years in prison.
Feb. 2. Russia charges four people, including two officers in its FSB spy agency, with treason for passing to the United States information believed to be about the Kremlin’s efforts to influence the 2016 presidential election in the United States.
Feb. 1. Dutch government announces it is scrapping the computer software it uses to tally and transmit election results and perform the tasks by hand for fear the election results could be hacked.
Feb. 1. Dan Tentler, founder of cybersecurity firm Phobos Group, warns that several servers run by the U.S. Department of Defense that have been misconfigured for at least eight months could be easily penetrated by threat actors who could use the systems to launch cyberattacks that appear to originate on those systems.
Jan. 30. Maagad Ben Juwad Oydeh, who hacked the video feeds from Israeli drones hovering over Gaza, agrees to plea deal with a suggested jail sentence of nine years.
Jan. 30. Rzeczpospolita reports a failed phishing attack on several employees of the Polish Foreign Ministry is believed to be the work of Fancy Bear, the Russian hacker group tied to trying to influence the outcome of the U.S. presidential election.
Jan. 29. The Times of London reports Dmitry Dokuchaev has been arrested in Russia on treason charges, the third such arrest since the Kremlin’s interference with the U.S. presidential election was exposed.
Jan. 26. SecureWorks reports that Fancy Bear, the group of Russian hackers believed to have targeted the U.S. political system during the run-up to the 2016 presidential election, infiltrated a UK television network for almost a year and monitored its operation.
Jan. 26. The Electronic Privacy Information Center files a lawsuit against the Office of the Director of National Intelligence seeking the release of the U.S. intelligence community’s entire assessment of Russia’s interfence with the 2016 presidential election.
Jan.17. CNN/ORC releases poll showing 58 percent of Americans believe the outcome of the presidential election would have been the same whether Russia tried to influence the outcome or not.
Jan. 16. Secureworks says Fancy Bear, the group of Russian hackers believed to have influenced the U.S. elections, has hacked a Norwegian military attache stationed in Eastern Europe and the Norwegian diplomatic mission in Central Asia.
Jan. 16. Nikolay Patrushev, head of Russia’s Security Council, says his country has been experiencing increased attempts to penetrate its information systems by foreign countries, including the United States, China and India.
Jan. 16. Cybersecurity Ventures announces it has acquired for an undisclosed price the domain name Cyberwarfare.com from a private seller.
Jan. 15. The Daily Express reports Russian electronic units are hacking into the systems of RAF bombers and forcing them to abort missions over Syria.
Jan. 14. Dutch media reports Russian hackers attempted to access a report prepared by Dutch investigators on Malaysian Airlines flight MH17, which was shot down above the Ukraine, two weeks before the report was released.
Jan. 13. U.S. Senate Intelligence Committee announces it will investigate allegations Russia used cyber attacks to influence U.S. presidential elections.
Jan. 13. Boston Police announce they’re scrapping a $1.4 million plan to buy software to monitor social media postings for criminal activity and threats to public safety after objections about the technology were raised by more than a dozen civil rights groups and religious organizations.
Jan. 13. Manager of City of Ashland, Wisc. says Russian and East European hackers tried to continually but unsuccessfully to break into the city’s computer systems in the months prior to the 2016 presidential elections.
Jan. 12. Motherboard reports it has received from a hacker 900 gigabytes of data stolen from Cellebrite — an Israeli mobile hacking company that’s done work for U.S. federal and state law enforcement agencies as well as Russia, the United Arab Emirates and Turkey — including customer information, databases, and a vast amount of technical data regarding its products.
Jan. 12. Shadow Brokers, a mysterious group of hackers that gained notice when they previously published hundreds of hacking tools belonging to the NSA, announces it is disbanding and releases a number of Zero Day Windows vulnerabilities.
Jan. 11. Palestinian militant group Hamas baits dozens of Israeli soldiers with online “honeypots” that encouraged them to download malicious apps that compromised their phones and lead to Hamas accessing sensitive army information and intelligence.
Jan. 10. FBI Director James Comey testifies before U.S.Senate Intelligence Committee that Russia hacked into Republican state political campaigns and old email domains of the Republican National Committee but did not release any of the information they obtained from those locations.
Jan. 10. The Arizona Department of Administration says it has found no evidence of tampering with with a state employee timekeeping system after some legislators saw Russian prompts on it; however, the state is continuing to investigate a number of computers used by legislators and staff infected with malware.
Jan. 9. Hans-Georg Maassen, head of Germany’s domestic intelligence service, says his agency has discovered evidence that the Kremlin-linked hacking group Fancy Bear, also known an APT28, was behind an attack on the computers of the Organisation for Security and Cooperation in Europe, the organization responsible for monitoring the ceasefire between government forces and pro-Russian rebels in eastern Ukraine.
Jan. 8. French Defense Minister Jean-Yves Le Drian says in an interview published in Le Journal du Dimanche that in 2016 his ministry thwarted 24,000 cyber attacks involving harassment, surveillance, espionage and disruption of its drone program.
Jan. 6. U.S. intelligence officials release report concluding that Russian President Vladimir Putin personally ordered an influence campaign in 2016 that turned from denigrating Hillary Clinton to developing a clear preference for President-elect Donald Trump.
Jan. 6. U.S. Homeland Security Secretary Jeh Johnson designates U.S. elections systems part of the nation’s critical infrastructure, which will allow the federal government to give states greater assistance in preventing cyber attacks on those systems.
Jan. 6. California Department of Insurance finds data breach that compromised 78.8 million consumer records at health insurer Anthem was performed on behalf of a foreign government.
Jan. 6. Ukraine’s military denies report by cybersecurity firm Cloudstrike that Russia hacked targeting software for Ukraine’s heavy artillery which allowed the Kremlin to track the big guns.
Jan. 6. Department 13, a Maryland company and DARPA spinoff, says it can take control of drones in flight without the use of jamming.
Jan. 5. Armed Services Committee of U.S. Senate holds public hearing with top intelligence officials on Russian cyber aggression and interference with presidential election.
Jan. 5. U.S. Director of National Security James Clapper, Undersecretary of Defense for Intelligence Marcel Lettre and NSA and U.S .Cyber Command Director Admiral Mike Rogers issue joint statement saying more than 30 countries are developing cyber attack capabilities.
Jan. 5. Former CIA Director James Woolsey resigns as an adviser to President-elect Donald Trump.
Jan. 5. Center for Strategic and International Studies task force on cyber policy chaired by Rep. Michael McCaul (R.-Texas) and Sen. Sheldon Whitehouse (D.-R.I.) recommends Trump administration develop new policies to deter and respond to nation-states engaged in hostile behavior in cyberspace.
Jan. 3. U.S. Department of Homeland Security and the FBI warn Hydro One, the main distributor of electricity in the Canadian province of Ontario, that it may have been the target of a Russian cyberattack that planted malware on the power provider’s computer systems.
– John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.