11 Apr Cyberwarfare Report, Vol. 2, No. 3: Election Meddling Continues To Dominate Cyber News
Menlo Park, Calif. – Oct. 3, 2017
Russian meddling with the 2016 U.S. presidential election, cyber attacks on national power grids and clandestine attacks on North Korean military networks were top cyberwar stories during this year’s third quarter.
During the period, the U.S. Department of Homeland Security finally notified the 21 states it believes had their election systems targeted by Russian hackers during the 2016 presidential election.
Meanwhile, Facebook announced a plan to prevent its social network from being exploited by nations or others wishing to meddle with U.S. elections. It also pledged half a million dollars to the Defending Digital Democracy campaign to help protect political parties, voting systems and information providers from hackers and propaganda attacks.
Microsoft, too, was combating election meddling by taking on the Russian hacking group, Fancy Bear, believed to be behind much of that mischief. Redmond received the nod from a federal court that opened the door for the company to disrupt the hackers’ operations around the world.
The probe of election meddling being mounted by special counsel Robert Mueller got more aggressive during the period. Mueller reportedly convened a grand jury to gather evidence for his investigation. In addition, the FBI raided the home of former Trump campaign chairman Paul Manafort and seized documents and other materials for Mueller’s investigation.
Cyber attacks on the energy sector in Ireland and the United States were also reported during the period. The Irish attack involved emails poisoned with malware targeting senior engineers at the country’s Electricity Supply Board. In the United States, the FBI and Homeland Security warned companies operating nuclear power stations, energy stations and manufacturing plants in the United States and other countries that hackers have been penetrating their computer networks since May.
It was also revealed during the period that the bluster war between President Trump and North Korea supreme leader Kim Jong-un was more than bluster. According to the Washington Post, the United States has been launching DDoS attacks against Pyongyang’s military spy agency, the Reconnaissance General Bureau, pursuant to a directive signed by the president soon after he was sworn into office.
North Korea was busy with cyber attacks of its own. It’s been targeting virtual currency exchanges in South Korea, as well as companies that use blockchain technology, which is used to secure digital currency.
Pyongyang’s neighbor China was busy during the period boosting its cyber defenses. Beijing announced it had successfully transmitted hack-proof code, using Quantum key technology, from a satellite to Earth. Later it revealed it had used the same technology to set up a communication line between the nation’s capital and Shanghai.
China, which has been linked to some massive data breaches in the United States, was linked to another one during the quarter. It’s also suspected that Chinese hackers were behind the data breach at Equifax that compromised the credit information of more than 140 million Americans.
Sep. 30. Washington Post reports President Trump signed a directive early in his administration outlining a strategy to pressure North Korea that included DDoS attacks by U.S. Cyber Command on Pyongyang’s military spy agency, the Reconnaissance General Bureau.
Sep. 29. China launches first “hack proof” quantum communication line between Beijing and Shanghai.
Sep. 28. Twitter says it is in dialogue with congressional committees investigating Russian meddling in 2016 presidential election. It notes Russia Today, which is believed to have strong ties to the Russian government, spent $274,100 on advertising on Twitter in 2016.
Sep. 25. Avast confirms 40 computers at 11 companies were hit with a secondary malware infection after initially infected by malicious software embedded in its CCleaner program for Windows. Researchers believe the secondary infections were designed for espionage on the companies’ networks.
Sep. 24. Salon reports Fancy Bear, a hacker group believed to be linked to Russian government, has been exploiting security flaw in Google Accelerated Mobile Pages to launch attacks on investigative journalists.
Sep. 24. Washington Post reports Fancy Bear, a Russian hacking group believed to be linked to the Kremlin, began to create fake Facebook accounts as early as June 2016 to spread information from emails stolen from the Democratic National Committee in 2015.
Sep. 23. Hiscox, provider of liability insurance for small businesses, reports 65 percent of German manufacturing and technology companies were hit with cyber attacks in 2016, compared to 62 percent in the U.S. and 50 percent in the U.K.
Sep. 22. U.S. Department of Homeland Security notifies 21 states that Russian government hackers tried to breach their election systems during the 2016 election.
Sep. 22. Court in United Kingdom jails Hussein Yusef, 21, for six-and-half years for posting personal details of 56 members of the U.S. military on Facebook.
Sep. 21. Facebook announces plan to fight Russian election hacking. Plan includes working with U.S. government on its probe of Russian hacking, making political advertising more transparent, strengthening its review process for political ads, increasing its investment in security and election integrity, expanding its work with election commissions worldwide and sharing threat information with tech and security companies.
Sep. 20. FireEye reports a gang of hackers working for the Iranian government is likely behind a series of cyber attacks on U.S., Saudi Arabian and Korean aviation and energy firms. It asserted the group, known as APT33, planted malware on its targets designed to destroy data.
Sep. 19. Massachusetts Attorney General Maura Healey files lawsuit against credit reporting firm Equifax following data breach exposing personal data of up to 143 million people.
Sep. 19. Federal court in District of Columbia dismisses lawsuit filed by American Federation of Government Employees over 2015 data breach at Office of Personnel Management that compromised personal information of some 21.5 million people.
Sep. 19. European Commission announces plans to set up an EU cybersecurity agency to help member nations deal with cyber threats. It also announced a program for networks and devices to certify their cyber safety, as well as annual cybersecurity exercises.
Sep. 18. Cisco Talos reports popular Windows utility CCleaner compromised by hackers who inserted backdoor software into the program. It noted some two billion downloads may be affected by the attack.
Sep. 16. The Sunday Herald of Scotland reports senior figures in the country’s Parliament have accused China of cyber attack on the legislative body. The sortie caused days of disruption as the hackers attempted to crack passwords for the solons’ email accounts.
Sep. 15. Wall Street Journal reports a congressman tried to strike a deal with the White House to forgive the alleged crimes of WikiLeaks founder Julian Assange. It notes Rep. Dana Rohrabacher, R-Calif., proposed a swap. Assange would provide evidence Russia didn’t hack the Democratic National Committee during the 2016 presidential election. In exchange, he’d receive a pardon or clemency from President Trump.
Sep. 15. Two U.S. senators file legislation to set up commission to probe election hacking. Bill by Kirsten Gillibrand, D-N.Y., and Lindsey Graham, R-S.C., creates the National Commission on the Cybersecurity of the United States Election Systems. The panel would probe hacking of the election process. It would also make recommendations for hardening the election system against cyber attacks.
Sep. 14. U.S. Department of Homeland Security bars federal agencies from using security software from Kaspersky Lab. It says decision prompted by concern over company’s ties to Russian intelligence.
Sep. 9. Hackers deface website of pro-democracy political party Demosisto and post pro-China messages on the site.
Sep. 7. Alliance for Securing Democracy of the German Marshall Fund reports Russia has meddled in the affairs of at least 27 European and North American countries since 2004. It notes meddling ranged from cyber attacks to disinformation campaigns.
Sep. 7. Credit reporting agency Equifax reveals data breach of its systems placing at risk sensitive information of 143 million American consumers.
Sep. 7. European defense ministers test their ability to respond to cyber attacks in their first cyber war game. During the simulated attack, hackers sabotaged the EU’s naval mission in the Mediterranean and launched a social media campaign to discredit EU operations and stir up protests.
Sep. 6. Facebook reports it has identified more than $100,000 in divisive ads on hot-button issues purchased by a Russian company linked to the Kremlin. The ads, which focused on issues not candidates, ran between June 2015 and May 2017.
Sep. 6. Symantec reports hacker group known as Dragonfly has launched a new wave of cyber attacks against the energy sectors in Europe in North America that have the potential to disrupt power providers in those regions.
Sep. 6. White House Homeland Security Adviser Tom Bossert tells attendees of National Security Summit U.S. government may dole out “real world” punishment to nation-states that hack federal systems or violate agreed upon cybersecurity norms.
Sep. 5. Times of London reports data breaches at British universities have doubled in the last two years to 1,152. It notes cyber gangs behind the attacks seek information that they can sell to nation-states.
Sep. 4. Fact-checking website Verrit attacked by hackers after being endorsed in a tweet by Hillary Clinton.
Sep. 4. Upguard, a security research firm, reports third-party contractor for private military contractor TigerSwan accidentally exposed on the Internet resume files of 9,402 people. Data includes job histories of U.S. military veterans, mercenaries and Iraqi and Afghan nationals who worked in their countries with U.S. forces and government institutions.
Sep. 1. New York Times reports hacking of 2016 U.S. election was more extensive than previous.ly disclosed and that the attacks aren’t being examined at the state and local level.
Aug. 28. Buisiness Insider reports that eight of 28 members of the White House’s National Infrastructure Advisory Council resigned within the last week. The council is responsible for overseeing the nation’s response to emerging threats on nation’s power grid and infrastructure.
Aug. 26. Qatar’s Attorney General Ali bin Fetais al-Marri announces Turkey has arrested five people in connection with hack of Doha’s state news agency which resulted in the posting of fake news that set off a diplomatic crisis in the region.
Aug. 25. Hackers post to Internet confidential plot summaries and detailed outlines for the HBO hit series Game of Thrones. They claim to have stolen 1.5 terabytes of data from the network.
Aug. 24. Yu Pingan, a Chinese national, is accused by U.S. Justice Department of being linked to malware used in massive data theft at U.S. Office of Personnel Management. Pingan was arrested Aug. 21 at Los Angeles International Airport.
Aug. 24. Federal District Court in Virginia issues permanent restraining order against Fancy Bear, the group of Russian hackers believed to have meddled in the 2016 presidential election, barring it from sending malware to Microsoft customers and from hacking computers to spy on them. Action opens door for Microsoft to seize domain names used by the hackers and disrupt their control of the malware.
Aug. 24. In memo obtained through an FOIA lawsuit, BuzzFeed reports former CIA Director John Brennan complained some members of Congress briefed in December 2016 about Russian meddling with the 2016 presidential elections did not “understand and appreciate the importance and gravity of the issue.”
Aug. 24. CWIC Cyber Warfare Research Center says North Korea has been launching cyber attacks against South Korean virtual currency exchanges, as well as companies that use blockchain, the technology used to secure digital currency.
Aug. 24. Karim Baratov, 22, pleads not guilty in a San Francisco court to conspiring with Russian intelligence agents to steal account information on some 500 million Yahoo accounts.
Aug. 23. Alliance for Securing Democracy finds a sample of 600 Twitter accounts linked to Russian influence operations were used to amplify right-wing extremist messages following violence at Neo-Nazi rally in Charlottesville, Va.
Aug. 21. U.S. chief of navel operations Admiral John Richardson tweets there is no indication that cyber intrusions or sabotage were responsible for a rash of Navy ships colliding with commercial vessels in the Pacific.
Aug. 19. New York Post reports federal authorities are investigating if sensitive data was stolen from congressional offices by several Pakistani staffers and sold to Pakistan or Russia.
Aug. 18. Karim Baratov, 22, agrees to be extradited from Canada to the United States, where he is accused of conspiring with Russian intelligence agents to steal account information on some 500 million Yahoo users.
Aug. 18. President Donald J. Trump approves plan to create the Unified Combatant Command, a more independent and aggressive replacement for U. S. Cyber Command. The move puts cyber warfare on same level in the military with land, sea, air and space realms of battle.
Aug. 18. Proofpoint reports the Russian hacking group Turla is targeting politicians, policy makers and journalists prior to a G20 event in Hamburg, Germany. Group is trying to infect targets with “backdoor” trojan to gather information and conduct future attacks.
Aug. 17. NetSarang states that an upgrade to its server management program was infected with a “backdoor” that allows unauthorized parties to hijack systems running the software.
Aug. 17. Foreign Policy reports WikiLeaks refused to publish some 68 gigabytes of data leaked from the Russian Interior Ministry during the summer of 2016 that revealed details about the Kremlin’s military and intelligence involvement in Ukraine. FP added the documents were later published on the Internet and received almost no attention or scrutiny.
Aug. 17. Election Systems & Software, a maker of election equipment and software, reports security researcher Chris Vickery found an unsecured backup file on an Amazon Web Services server containing personal information of 1.8 million Chicago voters.
Aug. 17. Roskomnadzor, manager of the .ru Internet domain, revokes domain registration of racist and neo-Nazi website DailyStormer, which has also lost its domains registered with GoDaddy and Google.
Aug. 16. New York Times reports FBI has been contacted by an infamous hacker known as Profexer who claims to have written the software used by Russia for an electronic break-in into the Democratic National Committee during the 2016 presidential campaign.
Aug. 14. Politico reports the Obama administration received multiple warnings from national security officials between 2014 and 2016 that Russia was gearing up its intelligence efforts and building disinformation networks designed to disrupt the U.S. political system.
Aug. 14. Marcus Hutchins, 23, pleads not guilty in U.S. court of creating and selling malware to steal online banking credentials. Hutchins is credited with halting WannaCry ransomware plague that disabled computers around the world.
Aug. 14. Italian foreign ministry confirms Russian hackers planted malware that compromised email systems at its field offices and embassies between 2013 and 2016. Ministry says no sensitive encrypted data was attacked.
Aug. 14. Lt. Gen. Vincent Stewart, head of the U.S. Department of Defense Intelligence Information, says at a defense department conference in Missouri his agency plans to repurpose enemy malware and use it against its perpetrators.
Aug. 14. A group of Indian hackers calling themselves Lulzsec India deface 22 Pakistani government websites. An image of Indian soldiers with the message “We Salute Indian Army” were posted at some sites, as well as messages congratulating India on its 71st Independence Day.
Aug. 13. FireEye reports Fancy Bear, a Russian hacker group believed to have meddled in the 2016 U.S. presidential election, has been using an NSA hacking tool to steal credentials from hotel guests at hotels in Europe and the Middle East.
Aug. 10. China’s state news agency announces the nation has successfully transmitted hack-proof code from a satellite to Earth. The transmission used quantum key technology to protect its data from outside eavesdropping.
Aug. 9. Washington Post reports that on July 26 FBI raided the Alexandria, Va. home of Paul Manafort, former chairman of the Donald J. Trump presidential campaign, and seized documents and other materials related to the special counsel investigation of Russian interference with the 2016 election.
Aug. 7. A hacker group calling itself The Binary Guardians deface a number of Venezuelan government websites posting messages that appear to support the actions of a group of armed men who attacked a military base in the city of Valencia on Aug. 6.
Aug. 3. Reuters reports grand jury subpoenas have been issued in connection with a June 2016 meeting that included U.S. President Donald Trump’s son, his son-in-law and a Russian lawyer. Sources told Reuters that the grand jury issuing the subpoenas has been convened in Washington, D.C. by special counsel Robert Mueller as part of his probe of Russian meddling in the 2016 presidential elections.
Aug. 3. Hacker defaces government website of Pakistan to display India’s national flag. No official statement about the vandalism was issued by the government, but Pakistan Defence issued a tweet saying the site was hosted on an insecure server.
Aug. 2. FBI arrests Marcus Hutchins, 23, for his role in creating and distributing the Kronos banking Trojan. Hutchins has been credited with stalling the spread of WannaCry malware which crippled the U.K.’s national health care system in May.
Aug. 2. Keen Security Lab claims it has discovered multiple security vulnerabilities in the software for Tesla motor cars that allowed them to remotely open the doors and trunk of the vehicle. Keen is owned by Tencent, a Chinese firm that’s invested in Tesla.
Aug. 1. CyberScoop reports North Korean hackers compromised email accounts of an East Asia-focused advisory group working for Hillary Clinton’s presidential campaign. It noted the attackers sought information that would give Pyongyang insights into Clinton’s policies were she elected president.
Jul. 29. Apple removes all VPN programs from its app store in China. VPN software can be used to circumvent China’s censorship system.
Jul. 28. WikiLeaks releases alleged CIA documents that includes hacking tools targeting Mac OS and Linux.
Jul. 28. Christopher Painter leaves his post as U.S. State Department’s “Coordinator for Cyber Issues.” Painter traveled the world coordinating diplomacy in cyber security matters and engaging in cyber dialogues with foreign powers aimed at reducing threats in cyberspace.
Jul. 27. Reuters reports Russian intelligence agents attempted to spy on French President Emmanuel Macron’s election campaign earlier this year by creating phony Facebook personas.
Jul. 26. Facebook announces it’s providing $500,000 to the Defending Digital Democracy campaign based at Harvard University to help protect political parties, voting systems and information providers from hackers and propaganda attacks.
Jul. 26. Motherboard reports Whitescope security and QED Secure Solutions have demonstrated how devices connected to the Internet can be hacked to cause physical harm to persons. The researchers hacked a car wash and gained control of its bay doors, which could be used to damage autos and their occupants.
Jul. 26. Security researchers Ravishankar Borgaonkar and Lucca Hirschi release findings at Black Hat conference in Las Vegas identifying cryptographic flaw in protocol used by 3G and 4G LTE networks that allows low-cost surveillance and tracking of mobile phones.
Jul. 25. IEEE Spectrum reports U.S. House of Representatives approved amendment to Defense Budget allocating $15 million for the development of curriculum, best practices and recruitment materials for a Hacking for Defense program for the military.
Jul. 24. Swedish Prime Minister Stefan Lofven calls data breach at country’s Transport Agency “incredibly serious.” Inadequate safeguards at a government contractor exposed all information in the agency’s database to the contractor’s Eastern European subsidiaries. Data included details about bridges, roads, ports, the subway system in Stockholm and other infrastructure. It also may have included the identities of undercover agents working for the Swedish police and armed forces.
Jul. 24. Group made up of former U.S. intelligence officers and calling itself the Veteran Intelligence Professionals for Sanity submits memo to President Donald J. Trump claiming emails stolen from the Democratic National Committee during the 2016 presidential campaign were leaked by an insider and doctored to incriminate Russia.
July 21. Wired magazine reports that the U.S. State Department plans to shutter its Cyber Security branch and its leader, Christopher Painter, is being forced to leave the department.
July 20. At the annual Aspen Security Forum in Colorado, CIA Director Mike Pompeo, Homeland Security Secretary John Kelly and White House Homeland and Counterterrorism adviser Thomas Bossert all say they back the intelligence community’s conclusion that Russia carried out a campaign of cyberattacks and fake news to influence the 2016 presidential election in favor of Donald J. Trump.
July 20. Kevin Poulsen reports in Daily Beast of Microsoft campaign against Fancy Bear, the group of Russian hackers believed to have meddled with the 2016 U.S. presidential election. Microsoft disrupts the hackers’ activities by diverting traffic to its command and control servers thereby cutting off the bandits from their victims and allowing Microsoft to monitor Fancy Bear’s activities.
Jul. 17. U.S. Justice Department unseals indictment against Iranian nationals, Mohammed Reza Rezakhah, 39 and Mohammed Saeed Ajily, 35. Charges include exporting a defense article without a license and violating sanctions against Iran. According to the DOJ, Rezakhah hacked a Vermont-based engineering consulting and software design company best known for its software that supports aerodynamics analysis and design for projectiles. Ajily then promoted the software for sale to his Iranian clients.
Jul. 17. Motherboard reports U.K.’s National Cyber Security Centre has issued warning about hackers targeting the country’s energy sector. Report notes it’s likely some organization’s industrial control systems have been compromised.
Jul. 16. Washington Post reports U.S. intelligence officials are convinced the United Arab Emirates orchestrated the hacking of news and social media sites of Qatar’s government in May. Hackers posted false quotes to the sites attributed to Qatar’s emir which created turmoil in the region.
Jul. 16. Japan Times reports a government source says the nation’s Defense Ministry is considering increasing the staff of its cyber attack response unit from 110 to 1,000 people. It also noted the ministry is mulling over setting up a new unit to study cyber attack techniques.
Jul. 15. The Times of London reports hackers backed by Russian government attacked energy networks running the national grid in Ireland. It noted senior engineers at the Electricity Supply Board received emails containing malware designed to give the hackers the power to take out portions of the grid.
Jul. 12. Scott Comer, a former Democratic National Committee executive, and Roy Cockrum and Eric Schoenberg, both Democratic Party donors, file lawsuit against presidential campaign of Donald J. Trump and advisor Roger J. Stone Jr. for invasion of privacy, alleging they conspired to release to the public emails and files stolen from the DNC.
Jul. 11. U.S. General Services Administration announces it has removed Kaspersky Lab from the approved list of vendors for two government-wide purchasing contracts that federal agencies use to acquire technology services. GSA made move over concerns Kaspersky, which is based in Russia, could be compromised by the Kremlin.
Jul. 10. Iran’s Al-Alam news network reports hackers affiliated with Saudi Arabia compromised its Twitter account. The network links the attack to its coverage of the liberation of Mosul in Iraq from Takfiri Daesh terrorists. Daesh is linked to Riyadh through Wahhabism, a doctrine preached by some Saudi clerics.
Jul. 6. New York Times reports U.S. Department of Homeland Security and Federal Bureau of Investigation are warning companies operating nuclear power stations, energy stations and manufacturing plants in the United States and other countries that hackers have been penetrating their computer networks since May. The Times notes that there was no indication that the attackers gained access to the control systems of the power facilities.
Jul. 6. Survey of 600 attendees at the 2017 Black Hat security conference finds two-thirds of them (67 percent) believe their organizations will have to respond to to major security breach in the next 12 months.
Jul. 4. Ukrainian police seize computers belonging to M.E. Doc, the accounting software maker suspected of spreading the NotPetya malware through infected updates to its clients. NotPetya infected computers in 65 countries.
Jul. 4. German domestic intelligence agency releases annual report. It names Russia, China and Iran as key cyber espionage adversaries. Main attack targets include foreign office and its diplomatic missions abroad; the ministry of finance; the ministry of economic affairs and energy; and offices of the chancellor and Bundeswehr.
Jul. 3. Georgia voters and Coalition for Good Government file lawsuit in state court to nullify special election in which Republican candidate Karen Handel defeated Democrat Jon Ossoff. Plaintiffs allege state voting system has been compromised and left unprotected from intruders since the summer of 2016 and should be scrapped.
Jul. 3. Electronic Privacy Information Center seeks restraining order to block Advisory Commission on Election Integrity from aggregating voter information from all U.S. states. EPIC argues in complaint filed in federal court that panel did not complete a mandatory privacy impact assessment before requesting the information from the states.
Jul. 1. Former British information security specialist reveals he was approached during the summer of 2016 by Peter Smith, a U.S. Republican Party operative, to verify material stolen from Hillary Clinton’s private email server. The emails were offered to Smith by a hacker on the Dark Web. Tait broke off contact with Smith after Smith demanded Tait sign a non-disclosure agreement.
Jul. 1. SBU, the Ukrainian security agency, accuses Russian security services for launching NotPetya ransomware attack that disrupted computer activity around the world on June 27.
– John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.