11 Apr Cyberwarfare Report, Vol. 2, No. 2: Cyberattacks On Election Systems More Widespread Than Originally Believed
Menlo Park, Calif. – Jun. 30, 2017
Russian meddling in the 2016 presidential elections dominated the daily news during the first half of 2017. Although former President Barrack Obama was criticized for not taking more forceful action against Russia during the last year of his presidency, it was revealed that GOP politicians and Congress shrugged off warnings from the White House about the severity of the problem.
News reports found cyberattacks on election systems was more widespread than originally believed with 39 systems coming under attack. Meanwhile, a top secret report leaked to the press revealed that at least one U.S. voting software supplier was targeted by Russian military intelligence during the runup to the presidential election.
Russian election meddling was also alleged in the French elections in May by winner Emmanuel Macron, but those allegations were later discounted by Guillaume Poupard, director general of ANSSI, France’s cyber defense agency.
In the diplomatic realm, NATO leaders declared that a cyberattack could trigger alliance action in the same way a conventional attack would do so.
Jun. 30. Financial Times reports cybersecurity analysts and western intelligence officials believe the GoldenEye/NotPetya ransomware attack that crippled businesses worldwide was the work of a hostile nation and not a criminal group.
Jun. 30. Wall Street Journal reports Peter W. Smith, a GOP operative claiming to be working with former National Security Adviser Michael Flynn, conducted an extensive online search before the 2016 presidential election for emails from Hillary Clinton’s private email server, suspecting it had been hacked by Russia.
Jun. 29. Valcom Consulting, which does millions of dollars in business with the Canadian military, confirms its website was recently defaced but adds that initial indications are that no sensitive data was compromised.
Jun. 28. CNBC reports that hackers who set off GoldenEye/NotPetya ransomware epidemic made less less than $10,000 from their victims.
Jun. 28. GoldenEye/NotPetyq ransomware spreads from Ukraine disrupting business and government computing activity in at least 65 nations. Businesses affected by the virus include Russian oil company Rosneft, shipping firm A.P. Moller-Maersk and pharmaceutical giant Merck.
Jun. 28. Sen. Jeanne Shaheen, D-N.H., amends defense spending policy bill to prohibit the U.S. Defense Department from using Kaspersky Lab software platforms because the company “might be vulnerable to Russian government influence.”
Jun. 28. ABC News reports federal authorities are investigating a low risk level breach of a business system at a U.S. nuclear power plant.
Jun. 28. Jens Stoltenberg, the NATO secretary general, reveals at news conference in Brussels that the alliance’s members agree that a cyber attack could trigger a response in the same way as a conventional military assault.
Jun. 28. An online group calling itself Team System Z claims responsibility for vandalizing several government websites across the country with the message “You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries.”
Jun. 27. The Wall Street Journal reports at least 10 White House officials and former aides have retained attorneys or are moving to do so in conjunction with the ongoing investigations into collusion by the Trump political organization with Russia during the 2016 election campaign.
Jun. 26. China and Canada sign agreement to not conduct state-sponsored cyberattacks against each other aimed at stealing trade secrets or other confidential business information.
Jun. 26. North American Electric Reliability Corporation releases its “State of Reliability” report for 2017 which says there were no reportable cybersecurity incidents in 2016; however, NERC also says threats continue to increase and are becoming more serious.
Jun. 26. Idaho State Treasurer Ron Crane reports his website has been vandalized by hackers who scrawled “I love the Islamic state” on one of its web pages.
Jun. 23. Washington Post reports on Obama Administration’s efforts to punish Russia for meddling with 2016 U.S. elections and indifference by Republican Party leaders on state and national level to seriously consider intelligence on election interference.
Jun. 23. The Times of London reports that stolen email addresses and passwords of tens of thousands of government officials in the UK are being sold or bartered on Russian-speaking hacking sites.
Jun. 21. Honda Motor Co. halts production at its vehicle making plant in Sayama for a day after discovering WannaCry ransomware on its computer network.
Jun. 20. Wired Magazine reports on how Russia is using Ukraine as a testing ground for cyberwar.
Jun. 19. Hackers claiming to be members of ISIS vandalize Website of Argentina’s army. Grafitti posted to site says, “This is a threat. ISIS is in Argentina and you will hear from us soon.”
Jun. 16. Russian President Vladimir Putin claims in an Oliver Stone series on the Showtime TV channel that he proposed forging a cyber treaty with the United States but his overtures were ignored by the Obama Administration.
Jun. 16. Chinese scientists say they’ve set a new record for the distance they’ve been able to transmit a quantum signal from space. The development is a milestone in Beijing’s program to create a hack-proof communications network.
Jun. 16. U.S. Senate approves on roll call vote of 98-2 new sanctions against Iran and Russia, as well as limiting the Trump Administration’s ability to weaken existing sanctions.
Jun. 14. White House Deputy Press Secretary Sarah Huckabee Sanders tells reporters aboard Air Force One President Donald J. Trump has no intention of firing special counsel Robert Mueller, who is leading an investigation into Russian meddling with the 2016 presidential election.
Jun. 13. Bloomberg reports cyberattacks on U.S. election system in the summer and fall of 2016 occurred in 39 states and included compromise of software used by poll workers and penetration of a campaign finance database.
Jun. 13. Microsoft releases patches for all supported and some unsupported versions of Windows to address vulnerabilities that pose elevated risk to attack by nation-states.
Jun. 13. U.S. CERT warns that North Korean government threat actors are targeting U.S. businesses with malware and botnet-related attacks that are part of a campaign called “Hidden Cobra.”
Jun. 12. New York Times reports that intelligence about disguising bombs as laptop batteries exposed to Russian officials by President Donald J. Trump originated with Israeli intelligence.
Jun. 12. Eset and Dragos announce they’ve discovered the malicious software that caused a power outage in the Ukraine in December 2016.
Jun. 9. Al-Jazeera Network confirms that its websites and digital platforms are undergoing continual hacking attempts as surrounding Arab states pressure Qatar to break terrorist ties with Iran and Hamas.
Jun. 8. U. S. Department of Defense releases annual report to Congress on China’s military developments which includes finding that throughout 2016, China continued to develop its Strategic Support Force, an organization it established late in 2015 to unify space, cyber, and electronic warfare capabilities.
Jun. 7. CNN reports U.S. security agencies believe Russian hackers were behind the hack of Qatar’s state news agency and planting of fake news.
Jun. 7. National Legal and Policy Center reports that more than 235,000 comments filed with the FCC in support of net neutrality rules adopted during the Obama administration originated from domains in France, Germany and Russia and that many of them are from fake addresses.
Jun. 7. FBI reports that Russian hackers-for-hire were behind a cyberattack resulting in fake messages being sent out by the Qatar government, which precipitated a diplomatic crisis with other Persian Gulf states.
Jun. 6. Reality Leigh Winner, 25, is accused by U.S. Justice Department of removing classified documents from a government facility in Georgia and leaking them to press.
Jun. 6. Eset reports Russian hackers are using the comments section on Britney Spears’ Instagram account to control their malicious actions.
Jun. 7. Washington Beacon reports Iran tried to hack the email and social media accounts of U.S. State Department officials in the fall of 2015 while a nuclear deal was being hammered out with Tehran.
Jun. 5. A highly classified intelligence report leaked to The Intercept reveals Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent phishing emails to more than 100 local election officials just days before the 2016 presidential election.
Jun. 5. Congressman Mike Quigley (D-Ill.), a member of the House Intelligence Committee, says Russian operatives hacked into the Illinois State Board of Elections last year to access voter database files.
Jun. 5. Defense Systems reports that Army trainers successfully used cyber weapons and electronic warfare technology to thwart a simulated tank assault at a training exercise conducted at the Army National Training Center at Fort Irwin, Calif.
Jun. 6. FireEye reports hackers linked to Russian intelligence launched phishing attacks related to European military movements and NATO meetings against Montenegro prior to its formally joining the alliance on June 5.
Jun. 2. The Guardian reports Nigel Farage, former head of the UK Independence Party, is a person of interest in an investigation by the FBI of collusion between Russia and Donald J. Trump’s presidential campaign.
Jun. 1. Russian President Vladimir Putin acknowledges that some “patriotically minded” Russian hackers could have been involved in cyber meddling with the 2016 U.S. presidential election.
Jun. 1. Guillaume Poupard, director general of ANSSI, France’s cyber defense agency, says he’s found no evidence of Russian hacking of the campaign of President Emmanuel Macron during the recent French elections.
Jun. 1. Radio Free Asia reports that North Korea’s security agency has stepped up its hacking into the mobile phones, laptops and cameras of foreign travelers and infecting them with malware.
Jun. 1. The British American Security Information Council reports that the UK’s Trident submarine fleet is vulnerable to a “catastrophic” cyberattack that could render Britain’s nuclear weapons useless.
May 31. Shadow Brokers, the hacker group that released a number of hacking tools believed to be stolen from the NSA, announces it plans to sell more purloined tools to anyone willing to pay more than $22,000 for them.
May 31. Rep. Tom Graves, R-Ga., files bill allowing victims of cyberattacks to hack their attackers, as well as hack into other victims’ computers for “reconnaissance” purposes.
May 30. Moscow-based threat intelligence outfit Group-IB says it has “no doubt” that Lazarus, the hacker group believed to be behind the cyberattacks on Sony Pictures and an $81 million bank robbery in Bangladesh, is connected to North Korea.
May 29. Newly elected French President Emmanuel Macron, while standing beside Russian President Vladimir Putin at a press conference at the Versailles Palace, accuses Kremlin of coordinating “lying propaganda” against him during the French election.
May 26. ABC News reports the FBI is investigating an attempted overseas cyberattack on the Trump Organization, which has been run by President Donald J. Trump’s sons since he became president.
May 25. Flashpoint reports with high confidence that the authors of the WannaCry ransomware were fluent in Chinese, although that alone is not enough to determine the nationality of the malware.
May 25. Wall Street Journal reports Republican political operative Aaron Nevins received from Russian hacker Guccifer 2.0 confidential voter analysis information stolen from the Democratic National Committee and posted it to his blog before the 2016 presidential election.
May 25. Citizen Lab says it has discovered an extensive international hacking campaign with a clear link to Russia that steals documents from its targets, modifies them and sends them out as disinformation aimed at undermining civil society and democratic institutions.
May 25. Sens. Maggie Hassan, D-N.H., and Rob Portman, R-Ohio, file legislation to establish a bug bounty program in the U.S. Department of Homeland Security.
May 25. FireEye reports hackers linked to the Vietnamese government are likely targeting Philippine state agencies to gather intelligence related to a South China Sea maritime dispute between the two countries.
May 24. Quatar says hackers broke into its state-run news agency and published a fake story that prompted Saudi Arabia and the United Arab Emirates to block the country’s media, including Al-Jazeera.
May 23. Former CIA Director John Brennan testifies before U.S. House Intelligence committee that he was so concerned with Russian interference with the presidential election and contacts between Americans involved with the Trump campaign that he formed a group in July made up of officials from the CIA, FBI and NSA to focus exclusively on the issue.
May 18. Website Netzpolitik publishes leaked draft of amendment to German laws expanding powers of government to break into people’s smartphones and computers.
May 17. The UK National Cyber Security Centre says members of Parliament have been targeted by hackers trying to break into their online accounts. The agency refuses to say who was behind the attack.
May 17. Gizmodo reports network security at several Trump family retreats, including Mar-a-Lago, the Trump National Golf Club in Bedminster, N.J. and the Trump International Hotel in Washington, D.C., is weak and could be easily hacked.
May 16. TrapX reports that for the first time it has identified Iranian and Russian hackers teaming up to launch a cyber attack. It adds that the attack on a military contractor was unsuccessful.
May 15. Ukrainian President Petro Poroshenko orders access to Russia’s most popular social media websites and search engines be blocked in retaliation for Russia’s annexation of Crimea.
May 12. WannaCry, a ransomware program based on software stolen from the NSA, infects thousands of computers in more than 100 countries, forces the UK’s health care system to turn away patients and disables computers in Russia’s Interior Ministry.
May 12. Reuters reports suspected Russian hackers have launched exploratory cyber attacks against the energy networks of Lithuania, Latvia and Estonia raising concerns of NATO.
May 12. Lebanon accuses Israel of hacking into its telecommunications network and sending to some 10,000 people messages claiming Hezbollah leader Sheikh Hassan Nasrallah was behind the death of the groups’s military commander Mustafa Badreddine.
May 12. Survey by Booz Allen Hamilton and Alta Associates finds that U.S. government information security personal are paid $7,000 less than their private sector counterparts.
May 12. Area 1 Security reports Russian hackers targeted the 2008 presidential campaign of Barack Obama, as well as U.S. government officials, which they have continued to attack since they left office.
May 11. President Donald J. Trump signs executive order to bolster the federal government’s cyber security and protect critical infrastructure from cyber attacks.
May 11. Yevgeniy Nikulin, 29, a Russian citizen awaiting extradition from the Czech Republic for hacking LinkedIn, Dropbox and Formspring, claims the FBI offered him U.S. citizenship, an apartment and cash for confessing to stealing Hiliary Clinton’s campaign chief John Podesta’s emails for Russian President Vladimir Putin.
May 11. U.S. General Service Administration announces bug bounty program for its Technology Transformation Service.
May 11. CyberScoop reports Fancy Bear, a hacker group believed to be connected to Russian military intelligence, mounted a phishing campaign pretending to represent NATO on diplomatic organizations in Europe. It notes the phishing emails contain a malicious Microsoft Word file.
May 6. Sen. Dianne Feinstein, the ranking member of the committee that oversees the FBI says the agency paid $900,000 to break into the locked iPhone of a gunman in the San Bernadino, Calif. shootings.
May 5. Campaign of French presidential candidate Emmanuel Macron declares it has been hacked and a combination of real and fabricated emails and documents uploaded to the Internet.
May 5. HackerOne refuses to host a bug bounty program for FlexiSPY, a maker of spyware, because it says the company is operating illegally and unethically.
May 2. U. S. Director of National Intelligence reports the NSA collected 151 million records about American Phone Calls in 2016, a reduction from the billions of records per day gathered by the agency before Congressional intervention.
May 1. Select committee of UK parliament accuses Google, Twitter and Facebook of failing to address terrorism, violence and hatred and recommends social media operators be prosecuted for leaving unlawul messages online.
Apr. 28. U.S. National Security Agency announces it has stopped collecting emails and texts of Americans that mention identifying terms related to foreigners the agency is spying on, a practice that was part of the warrantless surveillance program launched after the Sept. 11, 2001 terrorist attacks on the United States.
Apr. 28. German Attorney General announces arrest of “Daniel M.,” 54, a Swiss citizen working for his country’s intelligence service in plot to uncover who is leaking data related to German tax dodgers stashing money in Swiss banks.
Apr. 28. Australian Federal Police confirms it unlawfully accessed a journalist’s phone records without a warrant.
Apr. 27. McAfee reports sophisticated hackers possibly linked to a foreign nation have increased their activity aimed at disrupting key organizations in Saudi Arabia.
Apr. 27. Arne Schoenbohm, president of the BSI federal cyber security agency, confirms his agency is aware of computer attacks on two foundations tied to Germany’s ruling coalition parties for some time and was helping analyze the situation.
Apr. 26. Israel’s national cyber bureau says it has repelled an attack of about 120 organizations, government offices, public institutions and private citizens by hackers directed by a foreign country attempting to infiltrate agencies involved in civilian research, development and advanced technologies.
Apr. 26. U.S.Air Force and HackerOne announce bug bounty program for vetted security researchers to test the security at the service’s public websites.
Apr. 26. ABC News/Washington Post poll finds 39 percent of Americans believe Donald J. Trump and his campaign worked with Moscow during his presidential campaign.
Apr. 25. Indian hackers take down 30 Pakistan government websites to protest death penalty for Kulbhushan Jadhav, an Indian national and former Naval officer.
Apr. 25. Times of India reports Pakistani hackers attacked the websites of three major educational institutions in India in retaliation for an attack by Indian hackers on the website for Pakastanti Railways and to protest people killed by the Indian Army in Kashmir.
Apr. 25. Trend Micro reports Fancy Bear, a hacking group believed to be closely linked to the Russian military, launched phishing campaign against U.S. military contractor Academi, formerly known as Blackwater. Academi is reportedly working with the Ukrainian government which Russia is trying to undermine.
Apr. 24. Trend Micro reports it found signs of a phishing attack by hackers tied to the Russian military on the campaign of French Presidential candidate Emmanuel Macron in an attempt to steal credentials and plant malware on campaign workers computers.
Apr. 24. Danish Foreign Minister Claus Hjort Frederiksen tells newspaper Berlingske that Fancy Bear, a hacker group associated with the Russian government, broke into the Danish Defense Ministry and gained access to employees’ email in 2015 and 2016.
Apr. 21. FireEye director of cyber-espionage analysis John Hultquist tells Wall Street Journal that his company has detected a surge in Chinese hacker attacks since February against South Korean organizations associated with the deployment of an anti-ballistic missile system in South Korea.
Apr. 20. CBS News reports a manhunt has been launched by the CIA and FBI to find an insider who leaked CIA secrets, including hacking tools, to WikiLeaks.
Apr. 19. Daily Mail reports that documents released by the hacker group called Shadow Brokers suggest the NSA has been monitoring presidential websites in Iran and Russia and that the U.S. spy agency compromised the Russian Federal Nuclear Center’s website.
Apr. 19. Chinese President Xi Jinping announces restructuring of the People’s Liberation Army with a greater emphasis on cyberspace, electronic and information warfare.
Apr. 19. Al Khansaa Kateeba, an all female division of the United Cyber Caliphate, releases self-promotion video claiming it has hacked more than 100 Twitter accounts during its one month of existence.
Apr. 15. Microsoft announces all exploits released online by the hacker group called Shadow Brokers and allegedly stolen from the NSA have been patched in all current versions of Windows.
Apr. 14. The hacker group called Shadow Brokers release more alleged NSA documents revealing the agency hacked deep into the financial infrastructure of the Middle East and compromised the global SWIFT transaction system.
Apr. 13. The Times of London reports Facebook is at risk of criminal prosecution in the UK for refusing to remove from its site child pornography and terrorist content, including an Islamic State beheading and posters glorifying recent terrorist attacks in London and Egypt.
Apr. 13. Microsoft releases six-month transparency report revealing the number of U.S. foreign intelligence surveillance requests — which are used to collect foreign intelligence and monitor spies — made to the company doubled from the second half of 2015 to the first half of 2016.
Apr. 12. The Public Accounts Select Committee of the House of Commons releases report with finding that foreign hackers may have disrupted access to the British government’s voter registration website on the last day people could register to vote on Brexit.
Apr. 11. Caucasus Chronicles reports Azerbaijani government has installed an net appliance to block three opposition news sites, but one of the sites, Azadliq Qezeti, is circumventing the government’s action through Amazon Web Services.
Apr. 10. The hacker group known as Shadow Brokers releases password to an archive of NSA hacking tools and documents posted on the Internet in protest of the U.S. air strike in Syria.
Apr. 9. Pyotr Levashov, a Russian programmer and alleged spam czar, is arrested in Barcelona under a U.S. international warrant for his connection to the Kelihos crime botnet and possibly for meddling with the 2016 presidential election.
Apr. 7. Dallas officials report city’s warning system was hacked setting off emergency alarms throughout the city for an hour and 40 minutes causing 911 phone lines to be flooded with calls from fearful and confused citizens.
Apr. 7. Twitter drops lawsuit against U.S. government after U.S. Customs and Border Protection withdraws summons demanding identity of people behind a Twitter account critical of President Donald J. Trump.
Apr. 7. Software developer Zhengquan Zhang arrested by FBI for stealing employee information and source code from his employer KCG Holdings.
Apr. 6. Fidelis Cybersecurity reports that hackers working for the Chinese government set up a watering hole attack at the Foreign Trade Council in Washington, D.C. in order to perform reconnaissance activity on members of the council which includes executives from Amazon, Coca-Cola, eBay, ExxonMobil, Google, IBM, KPMG, Microsoft, Oracle, Pfizer, Visa and Walmart.
Apr. 6. Chairman of the House Intelligence Committee Devin Nunes, R-Calif, recuses himself from his panel’s probe into Russian interference with 2016 presidential election after the House Ethics Committee announces it’s investigating him for possible unauthorized disclosure of classified information.
Apr. 4. Chosen Ilbo newspaper reports North Korea hackers may have gained access to a portion of the secret war plans of the United States and South Korea against the North should hostilities resume on the peninsula.
Apr. 4. FBI alerts Vermont authorities that the email system of the state legislature is being targeted by a foreign attacker.
Apr. 4. The United Cyber Caliphate urges lone wolf attacks on a hit list of 8,786 names and addresses, including that of President Donald J. Trump, in six-minute video posted to the Internet.
Apr. 3. International Association of Athletics Federation announces data breach it believes was perpetrated by Fancy Bear, the group of Russian hackers who meddled with the 2016 U.S. presidential election, but can’t confirm if any data was stolen in the attack.
Apr. 3. UK National Cyber Security Centre and the cyber units of PwC and BAE systems report a group of Chinese hackers they’re calling APT10 have been attacking large British corporations through their IT suppliers.
Apr. 2. UK government warns nation’s nuclear power industry to be on guard for terrorists, spies and hacktivists looking to exploit vulnerabilities in the industry’s Internet defenses.
Apr. 2. The Financial Times reports that the FBI is planning to create a special unit based in Washington, D.C. and staffed with about 20 special agents to investigate Russian meddling with the 2016 presidential election.
Apr. 1. New York Post says its push notification system has been compromised which resulted in a message being sent to its users that read “Heil President Donald Trump.”
Apr.l 1. To beef up its online defenses, Germany launches the Cyber and Information Space Command as a new wing of its military.
– John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.