Q4 2017 is a quarterly diary of cyberwarfare activity. What is cyberwarfare? Cyberwarfare is defined as the most aggressive form of attack by a foe or rival over the internet. It largely applies to actions by states and involves denying internet services to communities or countries, or, at worst, destroying critical infrastructure or industrial facilities.


Election meddling, rise of Iranian hackers and Kaspersky saga headline year-end cyberwar stories

johnmelloembossedJohn P. Mello, Jr.

Sausalito, Calif. – Jan. 3, 2018

As the last quarter of 2017 closed, more evidence appeared that the presidential campaign of Donald J. Trump had an inside knowledge on Russia’s meddling with the 2016 US elections.

The New York Times reported just days before the year ended that George Papadopoulos, a foreign policy adviser to the campaign, after a night of heavy drinking at a London bar, told Australia’s top diplomat in Britain that the Russians had “dirt” on Hillary Clinton. Two months later, when stolen emails from the Democratic National Committee were leaked online, that diplomat, Alexander Downer, let his US counterparts know about the conversation which, the Times says, contributed to the FBI’s decision to open a probe of Russian interference in the elections.

Earlier during the quarter, Papadopoulos pleaded guilty to lying to FBI agents investigating Russia’s meddling in the elections. At the time, Papadopoulos was one of three former campaign members targeted by Special Counsel Robert Mueller. Paul Manafort and Richard Gates III, were indicted by the Special Counsel for money laundering and tax evasion.

Another connection between Russia and the elections occurred in a Moscow courtroom where Konstantin Kozlovsky, 29, a hacker on trial for cybercrimes, claimed the FSB, Russia’s secret service, directed him to steal data from the DNC, Clinton and the US military.

The role American social media played in Russia’s election interference also became more apparent during the quarter. Google, for example, revealed that a Russian “troll farm” bought $4,700 in ads on the search service. Facebook reported that inflammatory messages from Russian outlets reached 126 million Facebook users and Twitter revealed they appeared in 131,000 tweets. In addition, Russian agents uploaded more than 1,000 videos to YouTube.

Despite the news of voter manipulation, election information continued to be endangered during the period. Security research firm Kromtech reported voter registration records for 19.3 million California voters was stolen from an unprotected MongoDB database and ransomed. Meanwhile, Gizmodo reported that a server used by a presidential commission on election integrity had been compromised.

Another development during the quarter was Iran’s rise as a cybewar player. Tehran was fingered as the perpetrator of an attack on some 9,000 UK parliamentary email accounts. An Iranian hacker was also charged during period with the HBO hack that resulted in a number of unaired shows being stolen and posted to the Internet. Campaigns by Iranian hackers were also revealed to steal information about financial, government, energy, chemical and telecommunications entities, as well as plant malware on the computers of academic researchers, human rights activists, media outlets and political advisors focusing on Iran.

Meanwhile, Moscow-based Kaspersky Lab rode a roller coaster during the quarter. The company’s troubles began when it was reported that Russian hackers exploited Kaspersky’s antivirus software to steal a collection of NSA hacking tools from the personal computer of one of the agency’s contractors. The contractor, Nghia Hoang Pho, 67, later pled guilty to willful retention of national defense information.

Concerns over Kaspersky’s connection to Russian spy agencies resulted in the US Homeland Security Department banning the use of the software. Similar concerns were voiced by British intelligence. Meanwhile, WikiLeaks claimed the CIA was forging digital certificates attributed to Kaspersky to avoid detection when stealing data from national security targets. In addition, an assistant secretary at DHS told a congressional committee that her agency had no conclusive evidence the company’s software had been exploited to breach federal government information systems. Kaspersky finally decided to the let the US courts settle the matter. It filed a lawsuit to flip the DHS ban because the action denied the Russian company of due process.


Dec. 30. New York Times reports two months before emails stolen from the Democratic National Committee began appearing online George Papadopoulos, a foreign policy adviser to the Trump presidential campaign, after a night of heavy drinking in a London bar, told Australia’s top diplomat in Britain that Russia had political dirt on Hillary Clinton. It says the diplomat, Alexander Downer, later told the US about the Papadopoulos conversation, which contributed to the FBI opening an investigation into Russian meddling in the 2016 presidential election. 

Dec. 29. Mihai Alexandru Isvanca, 25, and Eveline Cismaru, 28, are charged by the U.S. Justice Department of hacking District of Columbia police computers linked to the city’s surveillance cameras days before the inauguration of Donald J. Trump. The pair intended to use the cameras to send ransomware demands to nearly 180,000 email addresses.

Dec. 26. US federal court in Miami denies motion by Russian tech executive and entrepreneur Aleksej Gubarev that Buzzfeed reveal the source of a dossier connected to the Trump-Russia controversy. Court ruled Gubarev, who is suing Buzzfeed for defamation, did not adequately prove the dossier was unavailable from other sources.

Dec. 26. Reuters reports Vietnam has a 10,000 person military cyber warfare unit to counter “wrong views” on the Internet. It says the unit, Force 47, is in operation in several sectors and appears to be focused on domestic Internet users.

Dec. 22. the Associated Press reports that journalists were the third largest group of targets on a “hit list” belonging to Fancy Bear , a Russian hacker group believed to be connected to the Kremlin’s military. The two largest groups on the list were diplomats and Democrats.

Dec. 21. Malaysia’s largest political party, Umno, announces it’s requiring all its branches to have information technology and social media committees by the end of January in preparation for  cyberwar during the country’s 2018 elections.

Dec. 19. US and UK officially attribute WannaCry attack that affected more than 300,000 computers in 150 countries to North Korea. Australia, Canada and New Zealand joined US and UK in pinning attack on Pyongyang.

Dec. 19. Youbit, a South Korean bitcoin exchange, files for bankruptcy after hackers siphoned off 17 percent of the entity’s reserves. An earlier attack on the exchange was attributed to North Korea, and it’s suspected that Pyongyang is behind the latest robbery, too.

Dec. 18. Kaspersky Lab asks a US federal court to lift a ban on the use of the company’s products in government networks because the move deprived the Moscow-based business of due process. The US Department of Homeland Security ordered civilian government agencies to remove Kaspersky software from their networks over concern it enabled Russian espionage and endangered national security.

Dec. 15. Information security research firm Kromtech reports voter registration records for 19.3 million California voters was stolen from an unprotected MongoDB database and ransomed.

Dec. 14. Information security company FireEye reveals it’s discovered Triton, a family of malware specifically designed to damage or destroy industrial equipment. The malicious software attacks safety systems in industrial settings creating the potential for loss of human life.

Dec. 13. Times of London reports Konstantin Kozlovsky, 29, told a Moscow court that he hacked the US Democratic National Committee, Hillary Clinton’s email and the US Military under the direction of the FSB, the Kremlin’s secret service.

Dec. 10. Germany’s intelligence agency BfV (Bundesamt für Verfassungsschutz) accuses China of using fake LinkedIn accounts to target at least 10,000 politicians and officials in an attempt to recruit them as informants.

Dec. 9. Alastair MacGibbon, the cybersecurity adviser to Australian Prime Minister Malcolm Turnbull, reveals that Vietnamese hacker Le Duc Hoang Hai, 31, broke into the computer systems at Perth Airport and stole “a significant amount of data” relating to the airport, including building schematics and details of physical security at airport buildings.

Dec. 9. US Air Force stages Hack the Air Force Day in New York City in which 25 civilian hackers and seven Air Force members discovered 55 flaws at the military branch’s more than 300 public websites in nine hours. Civilian hackers earned $26,883 in bug bounties from the event.

Dec. 7. Reuters reports WikiLeaks is being investigated by three U.S. congressional committees for its role in influencing the 2016 presidential election.

Dec. 7. Information security company FireEye reports a hacker group it’s calling APT34 is involved in a long-term cyber espionage operation largely focused on reconnaissance to benefit the Iranian government.It says the group has  targeted a number of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. 

Dec. 5. ClearSky Cyber Security reveals campaign by Iranian cyber espionage group “Charming Kitten” to infect with malicious software computers of academic researchers, human rights activists, media outlets and political advisors focusing on Iran.

Dec. 3. Nghia Hoang Pho, 67, pleads guilty in a Maryland federal court of willful retention of national defense information for taking home classified information on his personal computer. It’s believed that computer contained an NSA spy tool, Equation, which was captured by Kaspersky Lab’as antivirus software. Kaspersky says it destroyed the code when it realized it was classified material.


Nov. 29. The Intelligence Bureau of India advises the country’s troops stationed on its border with China to delete 42 Chinese apps from their phones over concern the programs could be used to collect data on India’s security installations.

Nov. 28. Karim Baratov, 22, pleads guilty in a California federal court for computer hacking and other criminal offenses in connection with the massive data breach at Yahoo.

Nov. 28. Three Chinese nationals are charged in a Pittsburgh federal court of hacking into Siemens, Trimble and Moody’s to steal business secrets. The three men are affiliated with the Guangzhou Bo Yu Information Technology Company, which the US government says is affiliated with China’s People’s Liberation Army Unit 61398, and that most, if not all its hacking operations, are state-sponsored and directed.

Nov. 26. The Associated Press reports the FBI failed to notify scores of US officials that Russian hackers were trying to break into their personal Gmail accounts, even though the agency knew for at least a year the officials were Kremlin targets.

Nov. 21. Behzad Mesri, a member of the Turk Black Hat Security hacking team and who has worked for the Iranian military on computer attacks against Israel, is charged in a New York federal court with hacking into HBO’s computer system, stealing unaired episodes of hit shows and demanding millions in Bitcoin as ransom.  

Nov. 18. Security research firm UpGuard discovers three misconfigured  AWS S3 buckets containing data belonging to the US military exposed to the public on the Internet. The several terabytes of data includes social media posts and similar pages from around the world.

Nov. 16. Hacktivist collective Anonymous takes down more than a dozen neo-Nazi websites as part of its campaign against domestic terrorism in the United States.

Nov. 15. ReFirm, a cybersecurity startup, reports flaws in some IoT devices sold by TRENDnet, Belkin and Dahua allow them to be easily hacked and their video feeds exposed online. It also notes that cameras made by Dahua, a Chinese company, contain a backdoor that allows access to their feeds.

Nov. 14. Jeanette Manfra, U.S. Department of Homeland Security assistant secretary for cybersecurity and communications, tells the House Science, Space and Technology Oversight Subcommittee her agency has seen no conclusive evidence the antivirus software of Kaspersky Lab has been exploited to breach federal government information systems.

Nov. 13. BBC reports flaw in popular office collaboration program Huddle put at risk of unauthorized access to sensitive information several UK government agencies, as well as anyone else using the software. Huddle told the BBC it has fixed the flaw.

Nov. 12. Wall Street Journal reports surveillance cameras made by Hangzhou Hikvision Digital Technology, which is partially owned by the Chinese government, could pose security risk at U.S. Army bases, embassies and other locations where they’re used.

Nov. 12. The Financial Times reports Britain’s digital surveillance agency, GCHQ, has concerns over Barclays bank offering Kaspersky Lab’s antivirus software to its customers. It says the agency is worried the software may be being used by the Russian government to gather information from the computers it’s installed on.

Nov. 12. Pro-Saudi Arabian Hackers vandalize Lebanon’s Ministry of Foreign Affairs and 20 of the country’s embassy websites. As part of their mischief, the “Bad Dream” hackers posted a message predicting war between Lebanon and the Saudis, who have been accused of interfering with Lebanon’s internal politics.

Nov. 9. Gizmodo reports Interstate Crosscheck System deployed by a national election integrity commission created by President Donald J. Trump is placing the personal data of millions of American voters at risk. Both the server where the voter information resides and multiple sets of login credentials have been compromised, it reported.

Nov. 9. ZDNet reports NATO will be creating a new Cyber Operations Centre as part of its strategy to add the cyberwarfare capabilities of it member states to the range of options available to the organization.

Nov. 9. WikiLeaks publishes documents claiming the CIA forged digital certificates for Kaspersky Lab to more easily exfiltrate data from entities targeted by the agency.

Nov. 8. The Daily Beast reports the FBI broke into thousands of computers around the world–including some in Russia, china and Iran–during a child pornography investigation. Experts note indiscriminate “kicking down of digital doors” could have future geopolitical consequences.

Nov. 8. At the 2017 CyberSat Summit in Virginia, Robert Hickey, aviation program manager in the U.S. Department of Homeland Security, explains how to remotely hack a Boeing 757.

Nov. 7. U.S. Commerce Secretary Wilbur Ross says he will “probably” not keep his holdings in Navigator Holdings, a shipping company with business ties to Russian President Vladimir Putin. One of Navigator’s clients is Sibur, a Russian gas and petrochemical company whose owners include Putin’s son-in-law Kirill Shamalov and Gennady Timchenko, a Putin associate who is subject to U.S. Treasury sanctions.

Nov. 7. Information security software maker McAfee reveals Fancy Bear, a hacking group believed to be connected to the Russian military, has launched new phishing campaign that exploits an ISIS terror attack in New York City and a US Army exercise in Eastern Europe to plant malware on computers.

Nov. 7. Hackers redirect visitors to four school websites in the United States to a pro-ISIS YouTube video. Some 800 school and district web pages in Arizona, Connecticut, Virginia and New Jersey were affected by the attack.

Nov. 3. Turkish hackers take down websites of the Times of Israel and Asia Times and post pro-Palestinian messages in them.

Nov. 3. ZDNet reports Chinese hacking group known as KeyBoy has expanded its operations from the Asia-Pacific region to the West. It says hackers have begun infecting Western organization with malware that can take screenshots, key-log, browse and download files, and gather extended system information about a machine, as well as shut it down.


Oct. 31. Google reveals a Russian “troll farm,” the Internet Research Agency, bought $4,700 in Google ads during the 2016 election cycle.

Oct. 31. Kyeong Dae-soo, a South Korean lawmaker, reveals hackers have stolen 60 classified documents, including blueprints and technical data for submarines and vessels equipped with Aegis weapon systems, from the systems of Daewoo Shipbuilding & Marine Engineering.

Oct. 30. New York Times reports Russian agents attempting to create discord among Americans in the the run up to the 2016 presidential elections posted inflammatory messages that reached 126 million Facebook users, published more than 131,000 tweets on Twitter and uploaded over 1,000 videos to YouTube.

Oct. 30. George Papadopoulos, a former foreign policy aide to the Donald J. Trump presidential campaign, pleads guilty in federal court to lying to FBI agents investigating Russian interference with 2016 U.S. presidential election. Two other campaign officials, Paul Manafort and Richard Gates III, indicted by Special Counsel Robert Mueller for money laundering and tax evasion.

Oct. 27. Associated Press reports Center for Elections Systems at Kennesaw State University wiped server hosting information crucial to a lawsuit against the state of Georgia’s election officials. Litigation seeks to retire state’s election technology, which security experts say is vulnerable to hackers.

Oct. 26. Twitter announces ban on advertising from RT and Sputnik, two information outlets associated with the Russian government.

Oct. 24. Reuters reports a wave of cyber attacks using the “BadRabbit” malware has hit Russia and other nations. The malicious software disrupted operations at Russia’s Interfax news agency and caused flight delays at the Odessa airport in the Ukraine.

Oct. 23. The Telegraph reports the UK’s Royal Air Force is recruiting cyber security experts to examine its aircraft for system flaws that could be exploited by hackers.

Oct. 22. Cisco Talos reveals phishing campaign by hackers connected to the Russian military to infect with malware the computers of potential attendees to CyCon U.S., a conference sponsored by Army Cyber Institute at the United States Military Academy, NATO Cooperative Cyber Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence.

Oct. 19. Verisk Analytics estimates losses to Merk & Co. due to “NotPetya” attack in June could cost insurers $275 million.

Oct. 16. Kaspersky Lab reports cyber espionage groups previously preoccupied with stealing data have expanded their activities to include stealing money from financial institutions in the Asia Pacific region. Financial institutions in financial institutions in Malaysia, South Korea, Indonesia, Philippines, Hong Kong, Bangladesh and Vietnam have all been successfully breached, the security software company notes.

Oct. 16. Adobe patches flaw in its Flash player being exploited in the wild by the BlackOasis APT group to plant FinSpy malware on computers running the Windows, Mac, Linux and Chrome OS systems. FinSpy is highly sophisticated software used by nation-states to monitor people, such as criminals, activists and journalsts.

Oct. 14. The Times of London reports Iran was behind cyber attack in June on members of the British parliament. Some 9,000 accounts were attacked, including Prime Minister Theresa May’s and other cabinet ministers, but only 90 were compromised.

Oct. 13. Microsoft President Brad Smith says in interview with ITV News that WannaCry cyber attack that affected 200,000 computers in 150 countries was launched by North Korea using tools or weapons stolen from the NSA.

Oct. 10. BBC reports North Korean hackers snatched 235 gigabytes of military documents from South Korea’s Defense Integrated Data Center, including US-South Korean wartime contingency plans and a plan to assassinate North Korea’s leader Kim Jong-un.

Oct. 10. Microsoft confirms it’s investigating the sale of advertising to Russians through its Bing search engine prior to the 2016 US presidential election.

Oct. 9. The Independent reports North Korean cyber gangs are launching almost daily attacks on Irish companies, banks and utilities as Pyongyang turns to international online robbery to offset losses caused by UN and US sanctions against it.

Oct. 5. Politico reports White House Chief of Staff John Kelly’s personal cellphone was compromised while he was secretary of Homeland Security. The compromise was discovered by White House tech staff after he turned the device over to them complaining it hadn’t been working properly for months.

Oct. 5. Wall Street Journal reports Russian state hackers exploited Kaspersky antivirus software to steal a collection of NSA hacking tools and documents from the home computer of a contractor to the agency.

Oct. 5. Hans-Georg Maassen, head of Germany’s domestic intelligence agency, urges lawmakers to give the country’s spy organizations authority to conduct offensive cyber operations against foreign powers.

Oct. 4. Wall Street Journal reports Russia hacked the smartphones of a group of at least 4,000 NATO troops in Eastern Europe in a campaign to obtain sensitive military information such as troop numbers.

Oct. 4. Dyn Research reports North Korea has opened a second Internet connection provided by Russia. Experts say the move could increase Pyongyang’s ability to launch cyber attacks around the world.

Oct. 2. Reuters reports Hewlett Packard Enterprise allowed a Russian defense agency to review the source code of HPE’s ArcSight software, which serves a central role in the cybersecurity of much of the U.S. military.

Stay tuned for the Q1 2018 edition of Cyberwarfare Diary.

John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.


Q3 2017 is a quarterly diary of cyberwarfare activity. What is cyberwarfare? Cyberwarfare is defined as the most aggressive form of attack by a foe or rival over the internet. It largely applies to actions by states and involves denying internet services to communities or countries, or, at worst, destroying critical infrastructure or industrial facilities.


Election meddling continues to dominate cyber news during quarter

johnmelloembossedJohn P. Mello, Jr.

Menlo Park, Calif. – Oct. 3, 2017

Russian meddling with the 2016 U.S. presidential election, cyber attacks on national power grids and clandestine attacks on North Korean military networks were top cyberwar stories during this year’s third quarter.

During the period, the U.S. Department of Homeland Security finally notified the 21 states it believes had their election systems targeted by Russian hackers during the 2016 presidential election.

Meanwhile, Facebook announced a plan to prevent its social network from being exploited by nations or others wishing to meddle with U.S. elections. It also pledged half a million dollars to the Defending Digital Democracy campaign to help protect political parties, voting systems and information providers from hackers and propaganda attacks.

Microsoft, too, was combating election meddling by taking on the Russian hacking group, Fancy Bear, believed to be behind much of that mischief. Redmond received the nod from a federal court that opened the door for the company to disrupt the hackers’ operations around the world.

The probe of election meddling being mounted by special counsel Robert Mueller got more aggressive during the period. Mueller reportedly convened a grand jury to gather evidence for his investigation. In addition, the FBI raided the home of former Trump campaign chairman Paul Manafort and seized documents and other materials for Mueller’s investigation.

Cyber attacks on the energy sector in Ireland and the United States were also reported during the period. The Irish attack involved emails poisoned with malware targeting senior engineers at the country’s Electricity Supply Board. In the United States, the FBI and Homeland Security warned companies operating nuclear power stations, energy stations and manufacturing plants in the United States and other countries that hackers have been penetrating their computer networks since May.

It was also revealed during the period that the bluster war between President Trump and North Korea supreme leader Kim Jong-un was more than bluster. According to the Washington Post, the United States has been launching DDoS attacks against Pyongyang’s military spy agency, the Reconnaissance General Bureau, pursuant to a directive signed by the president soon after he was sworn into office.

North Korea was busy with cyber attacks of its own. It’s been targeting virtual currency exchanges in South Korea, as well as companies that use blockchain technology, which is used to secure digital currency.

Pyongyang’s neighbor China was busy during the period boosting its cyber defenses. Beijing announced it had successfully transmitted hack-proof code, using Quantum key technology, from a satellite to Earth. Later it revealed it had used the same technology to set up a communication line between the nation’s capital and Shanghai.

China, which has been linked to some massive data breaches in the United States, was linked to another one during the quarter. It’s also suspected that Chinese hackers were behind the data breach at Equifax that compromised the credit information of more than 140 million Americans.



Sep. 30. Washington Post reports President Trump signed a directive early in his administration outlining a strategy to pressure North Korea that included DDoS attacks by U.S. Cyber Command on Pyongyang’s military spy agency, the Reconnaissance General Bureau.

Sep. 29. China launches first “hack proof” quantum communication line between Beijing and Shanghai.

Sep. 28. Twitter says it is in dialogue with congressional committees investigating Russian meddling in 2016 presidential election. It notes Russia Today, which is believed to have strong ties to the Russian government, spent $274,100 on advertising on Twitter in 2016.

Sep. 25. Avast confirms 40 computers at 11 companies were hit with a secondary malware infection after initially infected by malicious software embedded in its CCleaner program for Windows. Researchers believe the secondary infections were designed for espionage on the companies’ networks.

Sep. 24. Salon reports Fancy Bear, a hacker group believed to be linked to Russian government, has been exploiting security flaw in Google Accelerated Mobile Pages to launch attacks on investigative journalists.

Sep. 24. Washington Post reports Fancy Bear, a Russian hacking group believed to be linked to the Kremlin, began to create fake Facebook accounts as early as June 2016 to spread information from emails stolen from the Democratic National Committee in 2015.

Sep. 23. Hiscox, provider of liability insurance for small businesses, reports 65 percent of German manufacturing and technology companies were hit with cyber attacks in 2016, compared to 62 percent in the U.S. and 50 percent in the U.K.

Sep. 22. U.S. Department of Homeland Security notifies 21 states that Russian government hackers tried to breach their election systems during the 2016 election.

Sep. 22. Court in United Kingdom jails Hussein Yusef, 21, for six-and-half years for posting personal details of 56 members of the U.S. military on Facebook.

Sep. 21. Facebook announces plan to fight Russian election hacking. Plan includes working with U.S. government on its probe of Russian hacking, making political advertising more transparent, strengthening its review process for political ads, increasing its investment in security and election integrity, expanding its work with election commissions worldwide and sharing threat information with tech and security companies.

Sep. 20. FireEye reports a gang of hackers working for the Iranian government is likely behind a series of cyber attacks on U.S., Saudi Arabian and Korean aviation and energy firms. It asserted the group, known as APT33, planted malware on its targets designed to destroy data.

Sep. 19. Massachusetts Attorney General Maura Healey files lawsuit against credit reporting firm Equifax following data breach exposing personal data of up to 143 million people.

Sep. 19. Federal court in District of Columbia dismisses lawsuit filed by American Federation of Government Employees over 2015 data breach at Office of Personnel Management that compromised personal information of some 21.5 million people.

Sep. 19. European Commission announces plans to set up an EU cybersecurity agency to help member nations deal with cyber threats. It also announced a program for networks and devices to certify their cyber safety, as well as annual cybersecurity exercises.

Sep. 18. Cisco Talos reports popular Windows utility CCleaner compromised by hackers who inserted backdoor software into the program. It noted some two billion downloads may be affected by the attack.

Sep. 16. The Sunday Herald of Scotland reports senior figures in the country’s Parliament have accused China of cyber attack on the legislative body. The sortie caused days of disruption as the hackers attempted to crack passwords for the solons’ email accounts.

Sep. 15. Wall Street Journal reports a congressman tried to strike a deal with the White House to forgive the alleged crimes of WikiLeaks founder Julian Assange. It notes Rep. Dana Rohrabacher, R-Calif., proposed a swap. Assange would provide evidence Russia didn’t hack the Democratic National Committee during the 2016 presidential election. In exchange, he’d receive a pardon or clemency from President Trump.

Sep. 15. Two U.S. senators file legislation to set up commission to probe election hacking. Bill by Kirsten Gillibrand, D-N.Y., and Lindsey Graham, R-S.C., creates the National Commission on the Cybersecurity of the United States Election Systems. The panel would probe hacking of the election process. It would also make recommendations for hardening the election system against cyber attacks.

Sep. 14. U.S. Department of Homeland Security bars federal agencies from using security software from Kaspersky Lab. It says decision prompted by concern over company’s ties to Russian intelligence.

Sep. 9. Hackers deface website of pro-democracy political party Demosisto and post pro-China messages on the site.

Sep. 7. Alliance for Securing Democracy of the German Marshall Fund reports Russia has meddled in the affairs of at least 27 European and North American countries since 2004. It notes meddling ranged from cyber attacks to disinformation campaigns.

Sep. 7. Credit reporting agency Equifax reveals data breach of its systems placing at risk sensitive information of 143 million American consumers.

Sep. 7. European defense ministers test their ability to respond to cyber attacks in their first cyber war game. During the simulated attack, hackers sabotaged the EU’s naval mission in the Mediterranean and launched a social media campaign to discredit EU operations and stir up protests.

Sep. 6. Facebook reports it has identified more than $100,000 in divisive ads on hot-button issues purchased by a Russian company linked to the Kremlin. The ads, which focused on issues not candidates, ran between June 2015 and May 2017.

Sep. 6. Symantec reports hacker group known as Dragonfly has launched a new wave of cyber attacks against the energy sectors in Europe in North America that have the potential to disrupt power providers in those regions.

Sep. 6. White House Homeland Security Adviser Tom Bossert tells attendees of National Security Summit U.S. government may dole out “real world” punishment to nation-states that hack federal systems or violate agreed upon cybersecurity norms.

Sep. 5. Times of London reports data breaches at British universities have doubled in the last two years to 1,152. It notes cyber gangs behind the attacks seek information that they can sell to nation-states.

Sept. 4. Fact-checking website Verrit attacked by hackers after being endorsed in a tweet by Hillary Clinton.

Sep. 4. Upguard, a security research firm, reports third-party contractor for private military contractor TigerSwan accidentally exposed on the Internet resume files of 9,402 people. Data includes job histories of U.S. military veterans, mercenaries and Iraqi and Afghan nationals who worked in their countries with U.S. forces and government institutions.

Sept. 1. New York Times reports hacking of 2016 U.S. election was more extensive than disclosed and that the attacks aren’t being examined at the state and local level.


Aug. 28. Buisiness Insider reports that eight of 28 members of the White House’s National Infrastructure Advisory Council resigned within the last week. The council is responsible for overseeing the nation’s response to emerging threats on nation’s power grid and infrastructure.

Aug. 26. Qatar’s Attorney General Ali bin Fetais al-Marri announces Turkey has arrested five people in connection with hack of Doha’s state news agency which resulted in the posting of fake news that set off a diplomatic crisis in the region.

Aug. 25. Hackers post to Internet confidential plot summaries and detailed outlines for the HBO hit series Game of Thrones. They claim to have stolen 1.5 terabytes of data from the network.

Aug. 24. Yu Pingan, a Chinese national, is accused by U.S. Justice Department of being linked to malware used in massive data theft at U.S. Office of Personnel Management. Pingan was arrested Aug. 21 at Los Angeles International Airport.

Aug. 24. Federal District Court in Virginia issues permanent restraining order against Fancy Bear, the group of Russian hackers believed to have meddled in the 2016 presidential election, barring it from sending malware to Microsoft customers and from hacking computers to spy on them. Action opens door for Microsoft to seize domain names used by the hackers and disrupt their control of the malware.

Aug. 24. In memo obtained through an FOIA lawsuit, BuzzFeed reports former CIA Director John Brennan complained some members of Congress briefed in December 2016 about Russian meddling with the 2016 presidential elections did not “understand and appreciate the importance and gravity of the issue.”

Aug. 24. CWIC Cyber Warfare Research Center says North Korea has been launching cyber attacks against South Korean virtual currency exchanges, as well as companies that use blockchain, the technology used to secure digital currency.

Aug. 24. Karim Baratov, 22, pleads not guilty in a San Francisco court to conspiring with Russian intelligence agents to steal account information on some 500 million Yahoo accounts.

Aug. 23. Alliance for Securing Democracy finds a sample of 600 Twitter accounts linked to Russian influence operations were used to amplify right-wing extremist messages following violence at Neo-Nazi rally in Charlottesville, Va.

Aug. 21. U.S. chief of navel operations Admiral John Richardson tweets there is no indication that cyber intrusions or sabotage were responsible for a rash of Navy ships colliding with commercial vessels in the Pacific.

Aug. 19. New York Post reports federal authorities are investigating if sensitive data was stolen from congressional offices by several Pakistani staffers and sold to Pakistan or Russia.

Aug. 18. Karim Baratov, 22, agrees to be extradited from Canada to the United States, where he is accused of conspiring with Russian intelligence agents to steal account information on some 500 million Yahoo users.

Aug. 18. President Donald J. Trump approves plan to create the Unified Combatant Command, a more independent and aggressive replacement for U. S. Cyber Command. The move puts cyber warfare on same level in the military with land, sea, air and space realms of battle.

Aug. 18. Proofpoint reports the Russian hacking group Turla is targeting politicians, policy makers and journalists prior to a G20 event in Hamburg, Germany. Group is trying to infect targets with “backdoor” trojan to gather information and conduct future attacks.

Aug. 17. NetSarang states that an upgrade to its server management program was infected with a “backdoor” that allows unauthorized parties to hijack systems running the software.

Aug. 17. Foreign Policy reports WikiLeaks refused to publish some 68 gigabytes of data leaked from the Russian Interior Ministry during the summer of 2016 that revealed details about the Kremlin’s military and intelligence involvement in Ukraine. FP added the documents were later published on the Internet and received almost no attention or scrutiny.

Aug. 17. Election Systems & Software, a maker of election equipment and software, reports security researcher Chris Vickery found an unsecured backup file on an Amazon Web Services server containing personal information of 1.8 million Chicago voters.

Aug. 17. Roskomnadzor, manager of the .ru Internet domain, revokes domain registration of racist and neo-Nazi website DailyStormer, which has also lost its domains registered with GoDaddy and Google.

Aug. 16. New York Times reports FBI has been contacted by an infamous hacker known as Profexer who claims to have written the software used by Russia for an electronic break-in into the Democratic National Committee during the 2016 presidential campaign.

Aug. 14. Politico reports the Obama administration received multiple warnings from national security officials between 2014 and 2016 that Russia was gearing up its intelligence efforts and building disinformation networks designed to disrupt the U.S. political system.

Aug. 14. Marcus Hutchins, 23, pleads not guilty in U.S. court of creating and selling malware to steal online banking credentials. Hutchins is credited with halting WannaCry ransomware plague that disabled computers around the world.

Aug. 14. Italian foreign ministry confirms Russian hackers planted malware that compromised email systems at its field offices and embassies between 2013 and 2016. Ministry says no sensitive encrypted data was attacked.

Aug. 14. Lt. Gen. Vincent Stewart, head of the U.S. Department of Defense Intelligence Information, says at a defense department conference in Missouri his agency plans to repurpose enemy malware and use it against its perpetrators.

Aug. 14. A group of Indian hackers calling themselves Lulzsec India deface 22 Pakistani government websites. An image of Indian soldiers with the message “We Salute Indian Army” were posted at some sites, as well as messages congratulating India on its 71st Independence Day.

Aug. 13. FireEye reports Fancy Bear, a Russian hacker group believed to have meddled in the 2016 U.S. presidential election, has been using an NSA hacking tool to steal credentials from hotel guests at hotels in Europe and the Middle East.

Aug. 10. China’s state news agency announces the nation has successfully transmitted hack-proof code from a satellite to Earth. The transmission used quantum key technology to protect its data from outside eavesdropping.

Aug. 9. Washington Post reports that on July 26 FBI raided the Alexandria, Va. home of Paul Manafort, former chairman of the Donald J. Trump presidential campaign, and seized documents and other materials related to the special counsel investigation of Russian interference with the 2016 election.

Aug. 7. A hacker group calling itself The Binary Guardians deface a number of Venezuelan government websites posting messages that appear to support the actions of a group of armed men who attacked a military base in the city of Valencia on Aug. 6.

Aug. 3. Reuters reports grand jury subpoenas have been issued in connection with a June 2016 meeting that included U.S. President Donald Trump’s son, his son-in-law and a Russian lawyer. Sources told Reuters that the grand jury issuing the subpoenas has been convened in Washington, D.C. by special counsel Robert Mueller as part of his probe of Russian meddling in the 2016 presidential elections.

Aug. 3. Hacker defaces government website of Pakistan to display India’s national flag. No official statement about the vandalism was issued by the government, but Pakistan Defence issued a tweet saying the site was hosted on an insecure server.

Aug. 2. FBI arrests Marcus Hutchins, 23, for his role in creating and distributing the Kronos banking Trojan. Hutchins has been credited with stalling the spread of WannaCry malware which crippled the U.K.’s national health care system in May.

Aug. 2. Keen Security Lab claims it has discovered multiple security vulnerabilities in the software for Tesla motor cars that allowed them to remotely open the doors and trunk of the vehicle. Keen is owned by Tencent, a Chinese firm that’s invested in Tesla.

Aug. 1. CyberScoop reports North Korean hackers compromised email accounts of an East Asia-focused advisory group working for Hillary Clinton’s presidential campaign. It noted the attackers sought information that would give Pyongyang insights into Clinton’s policies were she elected president.


Jul. 29. Apple removes all VPN programs from its app store in China. VPN software can be used to circumvent China’s censorship system.

Jul. 28. WikiLeaks releases alleged CIA documents that includes hacking tools targeting Mac OS and Linux.

Jul. 28. Christopher Painter leaves his post as U.S. State Department’s “Coordinator for Cyber Issues.” Painter traveled the world coordinating diplomacy in cyber security matters and engaging in cyber dialogues with foreign powers aimed at reducing threats in cyberspace.

Jul. 27. Reuters reports Russian intelligence agents attempted to spy on French President Emmanuel Macron’s election campaign earlier this year by creating phony Facebook personas.

Jul. 26. Facebook announces it’s providing $500,000 to the Defending Digital Democracy campaign based at Harvard University to help protect political parties, voting systems and information providers from hackers and propaganda attacks.

Jul. 26. Motherboard reports Whitescope security and QED Secure Solutions have demonstrated how devices connected to the Internet can be hacked to cause physical harm to persons. The researchers hacked a car wash and gained control of its bay doors, which could be used to damage autos and their occupants.

Jul. 26. Security researchers Ravishankar Borgaonkar and Lucca Hirschi release findings at Black Hat conference in Las Vegas identifying cryptographic flaw in protocol used by 3G and 4G LTE networks that allows low-cost surveillance and tracking of mobile phones.

Jul. 25. IEEE Spectrum reports U.S. House of Representatives approved amendment to Defense Budget allocating $15 million for the development of curriculum, best practices and recruitment materials for a Hacking for Defense program for the military.

Jul. 24. Swedish Prime Minister Stefan Lofven calls data breach at country’s Transport Agency “incredibly serious.” Inadequate safeguards at a government contractor exposed all information in the agency’s database to the contractor’s Eastern European subsidiaries. Data included details about bridges, roads, ports, the subway system in Stockholm and other infrastructure. It also may have included the identities of undercover agents working for the Swedish police and armed forces.

Jul. 24. Group made up of former U.S. intelligence officers and calling itself the Veteran Intelligence Professionals for Sanity submits memo to President Donald J. Trump claiming emails stolen from the Democratic National Committee during the 2016 presidential campaign were leaked by an insider and doctored to incriminate Russia.

July 21. Wired magazine reports that the U.S. State Department plans to shutter its Cyber Security branch and its leader, Christopher Painter, is being forced to leave the department.

July 20. At the annual Aspen Security Forum in Colorado, CIA Director Mike Pompeo, Homeland Security Secretary John Kelly and White House Homeland and Counterterrorism adviser Thomas Bossert all say they back the intelligence community’s conclusion that Russia carried out a campaign of cyberattacks and fake news to influence the 2016 presidential election in favor of Donald J. Trump.

July 20. Kevin Poulsen reports in Daily Beast of Microsoft campaign against Fancy Bear, the group of Russian hackers believed to have meddled with the 2016 U.S. presidential election. Microsoft disrupts the hackers’ activities by diverting traffic to its command and control servers thereby cutting off the bandits from their victims and allowing Microsoft to monitor Fancy Bear’s activities.

Jul. 17. U.S. Justice Department unseals indictment against Iranian nationals, Mohammed Reza Rezakhah, 39 and Mohammed Saeed Ajily, 35. Charges include exporting a defense article without a license and violating sanctions against Iran. According to the DOJ, Rezakhah hacked a Vermont-based engineering consulting and software design company best known for its software that supports aerodynamics analysis and design for projectiles. Ajily then promoted the software for sale to his Iranian clients.

Jul. 17. Motherboard reports U.K.’s National Cyber Security Centre has issued warning about hackers targeting the country’s energy sector. Report notes it’s likely some organization’s industrial control systems have been compromised.

Jul. 16. Washington Post reports U.S. intelligence officials are convinced the United Arab Emirates orchestrated the hacking of news and social media sites of Qatar’s government in May. Hackers posted false quotes to the sites attributed to Qatar’s emir which created turmoil in the region.

Jul. 16. Japan Times reports a government source says the nation’s Defense Ministry is considering increasing the staff of its cyber attack response unit from 110 to 1,000 people. It also noted the ministry is mulling over setting up a new unit to study cyber attack techniques.

Jul. 15. The Times of London reports hackers backed by Russian government attacked energy networks running the national grid in Ireland. It noted senior engineers at the Electricity Supply Board received emails containing malware designed to give the hackers the power to take out portions of the grid.

July 12. Scott Comer, a former Democratic National Committee executive, and Roy Cockrum and Eric Schoenberg, both Democratic Party donors, file lawsuit against presidential campaign of Donald J. Trump and advisor Roger J. Stone Jr. for invasion of privacy, alleging they conspired to release to the public emails and files stolen from the DNC.

Jul. 11. U.S. General Services Administration announces it has removed Kaspersky Lab from the approved list of vendors for two government-wide purchasing contracts that federal agencies use to acquire technology services. GSA made move over concerns Kaspersky, which is based in Russia, could be compromised by the Kremlin.

Jul. 10. Iran’s Al-Alam news network reports hackers affiliated with Saudi Arabia compromised its Twitter account. The network links the attack to its coverage of the liberation of Mosul in Iraq from Takfiri Daesh terrorists. Daesh is linked to Riyadh through Wahhabism, a doctrine preached by some Saudi clerics.

Jul, 6. New York Times reports U.S. Department of Homeland Security and Federal Bureau of Investigation are warning companies operating nuclear power stations, energy stations and manufacturing plants in the United States and other countries that hackers have been penetrating their computer networks since May. The Times notes that there was no indication that the attackers gained access to the control systems of the power facilities.

Jul. 6. Survey of 600 attendees at the 2017 Black Hat security conference finds two-thirds of them (67 percent) believe their organizations will have to respond to to major security breach in the next 12 months.

Jul. 4. Ukrainian police seize computers belonging to M.E. Doc, the accounting software maker suspected of spreading the NotPetya malware through infected updates to its clients. NotPetya infected computers in 65 countries.

Jul. 4. German domestic intelligence agency releases annual report. It names Russia, China and Iran as key cyber espionage adversaries. Main attack targets include foreign office and its diplomatic missions abroad; the ministry of finance; the ministry of economic affairs and energy; and offices of the chancellor and Bundeswehr.

Jul. 3. Georgia voters and Coalition for Good Government file lawsuit in state court to nullify special election in which Republican candidate Karen Handel defeated Democrat Jon Ossoff. Plaintiffs allege state voting system has been compromised and left unprotected from intruders since the summer of 2016 and should be scrapped.

Jul. 3. Electronic Privacy Information Center seeks restraining order to block Advisory Commission on Election Integrity from aggregating voter information from all U.S. states. EPIC argues in complaint filed in federal court that panel did not complete a mandatory privacy impact assessment before requesting the information from the states.

Jul. 1. Former British information security specialist reveals he was approached during the summer of 2016 by Peter Smith, a U.S. Republican Party operative, to verify material stolen from Hillary Clinton’s private email server. The emails were offered to Smith by a hacker on the Dark Web. Tait broke off contact with Smith after Smith demanded Tait sign a non-disclosure agreement.

Jul. 1. SBU, the Ukrainian security agency, accuses Russian security services for launching NotPetya ransomware attack that disrupted computer activity around the world on June 27.

Stay tuned for the Q4 2017 edition of Cyberwarfare Diary.

John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.


Q2 2017 is a quarterly diary of cyberwarfare activity. What is cyberwarfare? Cyberwarfare is defined as the most aggressive form of attack by a foe or rival over the internet. It largely applies to actions by states and involves denying internet services to communities or countries, or, at worst, destroying critical infrastructure or industrial facilities.


Cyberattacks on election systems more widespread than originally believed.

johnmelloembossedJohn P. Mello, Jr.

Menlo Park, Calif. – Jun. 30, 2017

Russian meddling in the 2016 presidential elections dominated the daily news during the first half of 2017. Although former President Barrack Obama was criticized for not taking more forceful action against Russia during the last year of his presidency, it was revealed that GOP politicians and Congress shrugged off warnings from the White House about the severity of the problem.

News reports found cyberattacks on election systems was more widespread than originally believed with 39 systems coming under attack. Meanwhile, a top secret report leaked to the press revealed that at least one U.S. voting software supplier was targeted by Russian military intelligence during the runup to the presidential election.

Russian election meddling was also alleged in the French elections in May by winner Emmanuel Macron, but those allegations were later discounted by Guillaume Poupard, director general of ANSSI, France’s cyber defense agency.

In the diplomatic realm, NATO leaders declared that a cyberattack could trigger alliance action in the same way a conventional attack would do so.



Jun. 30. Financial Times reports cybersecurity analysts and western intelligence officials believe the GoldenEye/NotPetya ransomware attack that crippled businesses worldwide was the work of a hostile nation and not a criminal group.

Jun. 30. Wall Street Journal reports Peter W. Smith, a GOP operative claiming to be working with former National Security Adviser Michael Flynn, conducted an extensive online search before the 2016 presidential election for emails from Hillary Clinton’s private email server, suspecting it had been hacked by Russia.

Jun. 29. Valcom Consulting, which does millions of dollars in business with the Canadian military, confirms its website was recently defaced but adds that initial indications are that no sensitive data was compromised.

Jun. 28. CNBC reports that hackers who set off GoldenEye/NotPetya ransomware epidemic made less less than $10,000 from their victims.

Jun. 28. GoldenEye/NotPetyq ransomware spreads from Ukraine disrupting business and government computing activity in at least 65 nations. Businesses affected by the virus include Russian oil company Rosneft, shipping firm A.P. Moller-Maersk and pharmaceutical giant Merck.

Jun. 28. Sen. Jeanne Shaheen, D-N.H., amends defense spending policy bill to prohibit the U.S. Defense Department from using Kaspersky Lab software platforms because the company “might be vulnerable to Russian government influence.”

Jun. 28. ABC News reports federal authorities are investigating a low risk level breach of a business system at a U.S. nuclear power plant.

Jun. 28. Jens Stoltenberg, the NATO secretary general, reveals at news conference in Brussels that the alliance’s members agree that a cyber attack could trigger a response in the same way as a conventional military assault.

Jun. 28. An online group calling itself Team System Z claims responsibility for vandalizing several government websites across the country with the message “You will be held accountable Trump, you and all your people for every drop of blood flowing in Muslim countries.”

Jun. 27. The Wall Street Journal reports at least 10 White House officials and former aides have retained attorneys or are moving to do so in conjunction with the ongoing investigations into collusion by the Trump political organization with Russia during the 2016 election campaign.

Jun. 26. China and Canada sign agreement to not conduct state-sponsored cyberattacks against each other aimed at stealing trade secrets or other confidential business information.

Jun. 26. North American Electric Reliability Corporation releases its “State of Reliability” report for 2017 which says there were no reportable cybersecurity incidents in 2016; however, NERC also says threats continue to increase and are becoming more serious.

Jun. 26. Idaho State Treasurer Ron Crane reports his website has been vandalized by hackers who scrawled “I love the Islamic state” on one of its web pages.

Jun. 23. Washington Post reports on Obama Administration’s efforts to punish Russia for meddling with 2016 U.S. elections and indifference by Republican Party leaders on state and national level to seriously consider intelligence on election interference.

Jun. 23. The Times of London reports that stolen email addresses and passwords of tens of thousands of government officials in the UK are being sold or bartered on Russian-speaking hacking sites.

Jun. 21. Honda Motor Co. halts production at its vehicle making plant in Sayama for a day after discovering WannaCry ransomware on its computer network.

Jun. 20. Wired Magazine reports on how Russia is using Ukraine as a testing ground for cyberwar.

Jun. 19. Hackers claiming to be members of ISIS vandalize Website of Argentina’s army. Grafitti posted to site says, “This is a threat. ISIS is in Argentina and you will hear from us soon.”

Jun. 16. Russian President Vladimir Putin claims in an Oliver Stone series on the Showtime TV channel that he proposed forging a cyber treaty with the United States but his overtures were ignored by the Obama Administration.

Jun. 16. Chinese scientists say they’ve set a new record for the distance they’ve been able to transmit a quantum signal from space. The development is a milestone in Beijing’s program to create a hack-proof communications network.

Jun. 16. U.S. Senate approves on roll call vote of 98-2 new sanctions against Iran and Russia, as well as limiting  the Trump Administration’s ability to weaken existing sanctions.

Jun. 14. White House Deputy Press Secretary Sarah Huckabee Sanders tells reporters aboard Air Force One President Donald J. Trump has no intention of firing special counsel Robert Mueller, who is leading an investigation into Russian meddling with the 2016 presidential election.

Jun. 13. Bloomberg reports cyberattacks on U.S. election system in the summer and fall of 2016 occurred in 39 states and included compromise of software used by poll workers and penetration of a campaign finance database.

Jun. 13. Microsoft releases patches for all supported and some unsupported versions of Windows to address vulnerabilities that pose elevated risk to attack by nation-states.

Jun. 13. U.S. CERT warns that North Korean government threat actors are targeting U.S. businesses with malware and botnet-related attacks that are part of a campaign called “Hidden Cobra.”

Jun. 12. New York Times reports that intelligence about disguising bombs as laptop batteries exposed to Russian officials by President Donald J. Trump originated with Israeli intelligence.

Jun. 12. Eset and Dragos announce they’ve discovered the malicious software that caused a power outage in the Ukraine in December 2016.

Jun. 9. Al-Jazeera Network confirms that its websites and digital platforms are undergoing continual hacking attempts as surrounding Arab states pressure Qatar to break terrorist ties with Iran and Hamas.

Jun. 8. U. S. Department of Defense releases annual report to Congress on China’s military developments which includes finding that throughout 2016, China continued to develop its Strategic Support Force, an organization it established late in 2015 to unify space, cyber, and electronic warfare capabilities.  

Jun. 7. CNN reports U.S. security agencies believe Russian hackers were behind the hack of Qatar’s state news agency and planting of fake news.

Jun. 7. National Legal and Policy Center reports that more than 235,000 comments filed with the FCC in support of net neutrality rules adopted during the Obama administration originated from domains in France, Germany and Russia and that many of them are from fake addresses.

Jun. 7. FBI reports that Russian hackers-for-hire were behind a cyberattack resulting in fake messages being sent out by the Qatar government, which precipitated a diplomatic crisis with other Persian Gulf states.

Jun. 6. Reality Leigh Winner, 25, is accused by U.S. Justice Department of removing classified documents from a government facility in Georgia and leaking them to press.

Jun. 6. Eset reports Russian hackers are using the comments section on Britney Spears’ Instagram account to control their malicious actions.

Jun. 7. Washington Beacon reports Iran tried to hack the email and social media accounts of U.S. State Department officials in the fall of 2015 while a nuclear deal was being hammered out with Tehran.

Jun. 5. A highly classified intelligence report leaked to The Intercept reveals Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent phishing emails to more than 100 local election officials just days before the 2016 presidential election.

Jun. 5. Congressman Mike Quigley (D-Ill.), a member of the House Intelligence Committee, says Russian operatives hacked into the Illinois State Board of Elections last year to access voter database files.

Jun. 5. Defense Systems reports that Army trainers successfully used cyber weapons and electronic warfare technology to thwart a simulated tank assault at a training exercise conducted at the Army National Training Center at Fort Irwin, Calif.

Jun. 6. FireEye reports hackers linked to Russian intelligence launched phishing attacks related to European military movements and NATO meetings against Montenegro prior to its formally joining the alliance on June 5.

Jun. 2. The Guardian reports Nigel  Farage, former head of the UK Independence Party, is a person of interest in an investigation by the FBI of collusion between Russia and Donald J. Trump’s presidential campaign.

Jun. 1. Russian President Vladimir Putin acknowledges that some “patriotically minded” Russian hackers could have been involved in cyber meddling with the 2016 U.S. presidential election.

Jun. 1. Guillaume Poupard, director general of ANSSI, France’s cyber defense agency, says he’s found no evidence of Russian hacking of the campaign of President Emmanuel Macron during the recent French elections.

Jun. 1. Radio Free Asia reports that North Korea’s security agency has stepped up its hacking into the mobile phones, laptops and cameras of foreign travelers and infecting them with malware.

Jun. 1. The British American Security Information Council reports that the UK’s Trident submarine fleet is vulnerable to a “catastrophic” cyberattack that could render Britain’s nuclear weapons useless.


May 31. Shadow Brokers, the hacker group that released a number of hacking tools believed to be stolen from the NSA, announces it plans to sell more purloined tools to anyone willing to pay more than $22,000 for them.

May 31. Rep. Tom Graves, R-Ga., files bill allowing victims of cyberattacks to hack their attackers, as well as hack into other victims’ computers for “reconnaissance” purposes.

May 30. Moscow-based threat intelligence outfit Group-IB says it has “no doubt” that Lazarus, the hacker group believed to be behind the cyberattacks on Sony Pictures and an $81 million bank robbery in Bangladesh, is connected to North Korea.

May 29. Newly elected French President Emmanuel Macron, while standing beside Russian President Vladimir Putin at a press conference at the Versailles Palace, accuses Kremlin of coordinating “lying propaganda” against him during the French election.

May 26. ABC News reports the FBI is investigating an attempted overseas cyberattack on the Trump Organization, which has been run by President Donald J. Trump’s sons since he became president.

May 25. Flashpoint reports with high confidence that the authors of the WannaCry ransomware were fluent in Chinese, although that alone is not enough to determine the nationality of the malware.

May 25. Wall Street Journal reports Republican political operative Aaron Nevins received from Russian hacker Guccifer 2.0 confidential voter analysis information stolen from the Democratic National Committee and posted it to his blog before the 2016 presidential election.

May 25. Citizen Lab says it has discovered an extensive international hacking campaign with a clear link to Russia that steals documents from its targets, modifies them and sends them out as  disinformation aimed at undermining civil society and democratic institutions.

May 25. Sens. Maggie Hassan, D-N.H., and Rob Portman, R-Ohio, file legislation to establish a bug bounty program in the U.S. Department of Homeland Security.

May 25. FireEye reports hackers linked to the Vietnamese government are likely targeting Philippine state agencies to gather intelligence related to a South China Sea maritime dispute between the two countries.

May 24. Quatar says hackers broke into its state-run news agency and published a fake story that prompted Saudi Arabia and the United Arab Emirates to block the country’s media, including Al-Jazeera.

May 23. Former CIA Director John Brennan testifies before U.S. House Intelligence committee that he was so concerned with Russian interference with the presidential election and contacts between Americans involved with the Trump campaign that he formed a group in July made up of officials from the CIA, FBI and NSA to focus exclusively on the issue.

May 18. Website Netzpolitik publishes leaked draft of amendment to German laws expanding powers of government to break into people’s smartphones and computers.

May 17. The UK National Cyber Security Centre says members of Parliament have been targeted by hackers trying to break into their online accounts. The agency refuses to say who was behind the attack.

May 17. Gizmodo reports network security at several Trump family retreats, including Mar-a-Lago, the Trump National Golf Club in Bedminster, N.J. and the Trump International Hotel in Washington, D.C., is weak and could be easily hacked.

May 16. TrapX reports that for the first time it has identified Iranian and Russian hackers teaming up to launch a cyber attack. It adds that the attack on a military contractor was unsuccessful.

May 15. Ukrainian President Petro Poroshenko orders access to Russia’s most popular social media websites and search engines be blocked in retaliation for Russia’s annexation of Crimea.

May 12. WannaCry, a ransomware program based on software stolen from the NSA, infects thousands of computers in more than 100 countries, forces the UK’s health care system to turn away patients and disables computers in Russia’s Interior Ministry.

May 12. Reuters reports suspected Russian hackers have launched exploratory cyber attacks against the energy networks of Lithuania, Latvia and Estonia raising concerns of NATO.

May 12. Lebanon accuses Israel of hacking into its telecommunications network and sending to some 10,000 people messages claiming Hezbollah leader Sheikh Hassan Nasrallah was behind the death of the groups’s military commander Mustafa Badreddine.

May 12. Survey by Booz Allen Hamilton and Alta Associates finds that U.S. government information security personal are paid $7,000 less than their private sector counterparts.

May 12. Area 1 Security reports Russian hackers targeted the 2008 presidential campaign of Barack Obama, as well as U.S. government officials, which they have continued to attack since they left office.

May 11. President Donald J. Trump signs executive order to bolster the federal government’s cyber security and protect critical infrastructure from cyber attacks.

May 11. Yevgeniy Nikulin, 29, a Russian citizen awaiting extradition from the Czech Republic for hacking LinkedIn, Dropbox and Formspring, claims the FBI offered him U.S. citizenship, an apartment and cash for confessing to stealing Hiliary Clinton’s campaign chief John Podesta’s emails for Russian President Vladimir Putin.

May 11. U.S. General Service Administration announces bug bounty program for its Technology Transformation Service.

May 11. CyberScoop reports Fancy Bear, a hacker group believed to be connected to Russian military intelligence, mounted a phishing campaign pretending to represent NATO on diplomatic organizations in Europe. It notes the phishing emails contain a malicious Microsoft Word file.

May 6. Sen. Dianne Feinstein, the ranking member of the committee that oversees the FBI says the agency paid $900,000 to break into the locked iPhone of a gunman in the San Bernadino, Calif. shootings.

May 5. Campaign of French presidential candidate Emmanuel Macron declares it has been hacked and a combination of real and fabricated emails and documents uploaded to the Internet.

May 5. HackerOne refuses to host a bug bounty program for FlexiSPY, a maker of spyware, because it says the company is operating illegally and unethically. 

May 2. U. S. Director of National Intelligence reports the NSA collected 151 million records about American Phone Calls in 2016, a reduction from the billions of records per day gathered by the agency before Congressional intervention.

May 1. Select committee of UK parliament accuses Google, Twitter and Facebook of failing to address terrorism, violence and hatred and recommends social media operators be prosecuted for leaving unlawul messages online.


Apr. 28. U.S. National Security Agency announces it has stopped collecting emails and texts of Americans that mention identifying terms related to foreigners the agency is spying on, a practice that was part of the warrantless surveillance program launched after the Sept. 11, 2001 terrorist attacks on the United States.

Apr. 28. German Attorney General announces arrest of “Daniel M.,” 54, a Swiss citizen working for his country’s intelligence service in plot to uncover who is leaking data related to German tax dodgers stashing money in Swiss banks.

Apr. 28. Australian Federal Police confirms it unlawfully accessed a journalist’s phone records without a warrant.

Apr. 27. McAfee reports sophisticated hackers possibly linked to a foreign nation have increased their activity aimed at disrupting key organizations in Saudi Arabia.

Apr. 27. Arne Schoenbohm, president of the BSI federal cyber security agency, confirms his agency is aware of computer attacks on two foundations tied to Germany’s ruling coalition parties for some time and was helping analyze the situation.

Apr. 26. Israel’s national cyber bureau says it has repelled an attack of about 120 organizations, government offices, public institutions and private citizens by hackers directed by a foreign country attempting to infiltrate agencies involved in civilian research, development and advanced technologies.

Apr. 26. U.S.Air Force and HackerOne announce bug bounty program for vetted security researchers to test the security at the service’s public websites.

Apr. 26. ABC News/Washington Post poll finds 39 percent of Americans believe Donald J. Trump and his campaign worked with Moscow during his presidential campaign.

Apr. 25. Indian hackers take down 30 Pakistan government websites to protest death penalty for Kulbhushan Jadhav, an Indian national and former Naval officer.

Apr. 25. Times of India reports Pakistani hackers attacked the websites of three major educational institutions in India in retaliation for an attack by Indian hackers on the website for Pakastanti Railways and to protest people killed by the Indian Army in Kashmir.

Apr. 25. Trend Micro reports Fancy Bear, a hacking group believed to be closely linked to the Russian military, launched phishing campaign against U.S. military contractor Academi, formerly known as Blackwater. Academi is reportedly working with the Ukrainian government which Russia is trying to undermine.

Apr. 24. Trend Micro reports it found signs of a phishing attack by hackers tied to the Russian military on the campaign of French Presidential candidate Emmanuel Macron in an attempt to steal credentials and plant malware on campaign workers computers.

Apr. 24. Danish Foreign Minister Claus Hjort Frederiksen tells newspaper Berlingske that Fancy Bear, a hacker group associated with the Russian government, broke into the Danish Defense Ministry and gained access to employees’ email in 2015 and 2016.

Apr. 21. FireEye director of cyber-espionage analysis John Hultquist tells Wall Street Journal that his company has detected a surge in Chinese hacker attacks since February against South Korean organizations associated with the deployment of an anti-ballistic missile system in South Korea.

Apr. 20. CBS News reports a manhunt has been launched by the CIA and FBI to find an insider who leaked CIA secrets, including hacking tools, to WikiLeaks.

Apr. 19. Daily Mail reports that documents released by the hacker group called Shadow Brokers suggest the NSA has been monitoring presidential websites in Iran and Russia and that the U.S. spy agency compromised the Russian Federal Nuclear Center’s website.

Apr. 19. Chinese President Xi Jinping announces restructuring of the People’s Liberation Army with a greater emphasis on cyberspace, electronic and information warfare.

Apr. 19. Al Khansaa Kateeba, an all female division of the United Cyber Caliphate, releases self-promotion video claiming it has hacked more than 100 Twitter accounts during its one month of existence.

Apr. 15. Microsoft announces all exploits released online by the hacker group called Shadow Brokers and allegedly stolen from the NSA have been patched in all current versions of Windows.

Apr. 14. The hacker group called Shadow Brokers release more alleged NSA documents revealing the agency hacked deep into the financial infrastructure of the Middle East and compromised the global SWIFT transaction system.

Apr. 13. The Times of London reports Facebook is at risk of criminal prosecution in the UK for refusing to remove from its site child pornography and terrorist content, including an Islamic State beheading and posters glorifying recent terrorist attacks in London and Egypt.

Apr. 13. Microsoft releases six-month transparency report revealing the number of U.S. foreign intelligence surveillance requests — which are used to collect foreign intelligence and monitor spies — made to the company doubled from the second half of 2015 to the first half of 2016.

Apr. 12. The Public Accounts Select Committee of the House of Commons releases report with finding that foreign hackers may have disrupted access to the British government’s voter registration website on the last day people could register to vote on Brexit.

Apr. 11. Caucasus Chronicles reports Azerbaijani government has installed an net appliance to block three opposition news sites, but one of the sites, Azadliq Qezeti, is circumventing the government’s action through Amazon Web Services.

Apr. 10. The hacker group known as Shadow Brokers releases password to an archive of NSA hacking tools and documents posted on the Internet in protest of the U.S. air strike in Syria.

Apr. 9. Pyotr Levashov, a Russian programmer and alleged spam czar, is arrested in Barcelona under a U.S. international warrant for his connection to the Kelihos crime botnet and possibly for meddling with the 2016 presidential election.

Apr. 7. Dallas officials report city’s warning system was hacked setting off emergency alarms throughout the city for an hour and 40 minutes causing 911 phone lines to be flooded with calls from fearful and confused citizens.

Apr. 7. Twitter drops lawsuit against U.S. government after U.S. Customs and Border Protection withdraws summons demanding identity of people behind a Twitter account critical of President Donald J. Trump.

Apr. 7. Software developer Zhengquan Zhang arrested by FBI for stealing employee information and source code from his employer KCG Holdings.

Apr. 6. Fidelis Cybersecurity reports that hackers working for the Chinese government set up a watering hole attack at the Foreign Trade Council in Washington, D.C. in order to perform reconnaissance activity on members of the council which includes executives from Amazon, Coca-Cola, eBay, ExxonMobil, Google, IBM, KPMG, Microsoft, Oracle, Pfizer, Visa and Walmart.

Apr. 6. Chairman of the House Intelligence Committee Devin Nunes, R-Calif, recuses himself from his panel’s probe into Russian interference with 2016 presidential election after the House Ethics Committee announces it’s investigating him for possible unauthorized disclosure of classified information.

Apr. 4. Chosen Ilbo newspaper reports North Korea hackers may have gained access to a portion of the secret war plans of the United States and South Korea against the North should hostilities resume on the peninsula.

Apr. 4. FBI alerts Vermont authorities that the email system of the state legislature is being targeted by a foreign attacker.

Apr. 4. The United Cyber Caliphate urges lone wolf attacks on a hit list of 8,786 names and addresses, including that of President Donald J. Trump, in six-minute video posted to the Internet.

Apr. 3. International Association of Athletics Federation announces data breach it believes was perpetrated by Fancy Bear, the group of Russian hackers who meddled with the 2016 U.S. presidential election, but can’t confirm if any data was stolen in the attack.

Apr. 3. UK National Cyber Security Centre and the cyber units of PwC and BAE systems report a group of Chinese hackers they’re calling APT10 have been attacking large British corporations through their IT suppliers.

Apr. 2. UK government warns nation’s nuclear power industry to be on guard for terrorists, spies and hacktivists looking to exploit vulnerabilities in the industry’s Internet defenses.

Apr. 2. The Financial Times reports that the FBI is planning to create a special unit based in Washington, D.C. and staffed with about 20 special agents to investigate Russian meddling with the 2016 presidential election.

Apr. 1. New York Post says its push notification system has been compromised which resulted in a message being sent to its users that read “Heil President Donald Trump.”

Apr.l 1. To beef up its online defenses, Germany launches the Cyber and Information Space Command as a new wing of its military.

Stay tuned for the Q3 2017 edition of Cyberwarfare Diary.

John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.


Q1 2017 is a quarterly diary of cyberwarfare activity. What is cyberwarfare? Cyberwarfare is defined as the most aggressive form of attack by a foe or rival over the internet. It largely applies to actions by states and involves denying internet services to communities or countries, or, at worst, destroying critical infrastructure or industrial facilities.


Russian election hacking, intelligence leaks dominate cyberwarfare news for first quarter of 2017

johnmelloembossedJohn P. Mello, Jr.

Menlo Park, Calif. – Mar. 31, 2017

News about Russian hacking of the 2016 presidential election created a blizzard of headlines during the first three months of 2017. The controversy became so hot it forced the President’s National Security Advisor to resign and the U.S. Attorney General to recuse himself from any investigations into Russian election meddling.

Meanwhile, both the CIA and NSA were compromised during the period. WikiLeaks dumped confidential documents from the CIA on the Net and the NSA was stung by the indictment of one of its former contractors who stole 500 million pages of documents.

Also during the time frame, a Microsoft executive called on nations to hold a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace.



Mar. 31. WikiLeaks releases “Vault 7 Marble,” 676 source code files for a CIA framework used to hamper forensic investigators and antivirus companies from attributing to the CIA cyberattacks by the agency.

Mar. 31. Sen. Mark Warner, the ranking Democrat on the U.S. Senate committee investigating Russian interference in the 2016 presidential election, says the Kremlin paid an army of 1,000 people to create fake anti-Hilliary Clinton news stories targeting key swing states.

Mar. 30.  Michael Flynn, the former national security adviser for President Donald J. Trump, offers to testify before House and Senate panels investigating the Trump campaign’s ties to Russia in exchange for immunity from prosecution.

Mar. 30. Azerbaijan’s government blocks primary independent news websites for several days in what’s believed to be an attempt to dampen criticism of the appointment of the country’s first lady as vice president.

Mar. 30. Globe and Mail reports that a cyberattack by Chinese hackers in 2014 at Canada’s Natonal Research Council cost the country hundreds of millions dollars.

Mar. 27. The Times of London reports that the Islamic State has flooded YouTube with hundreds of violent recruiting videos following a terrorist attack on Parliament on March 22.

Mar. 24. German Federal Office for Information Security says that last year it foiled two cyberattacks by the Russian hackers alleged to have interfered with the U.S. presidential election — one an attempt to create a domain in the Baltic region for a German political party; the other a spear-phishing scheme directed against parties in the country’s lower house of parliament.

Mar. 23. Twitter releases transparency report revealing it shut down 376,890 accounts for “violations related to the promotion of terrorism” from July 1 to December 31 of 2016.

Mar. 23. CNN reports that the FBI has information that indicates associates of President Donald J. Trump communicated with suspected Russian operatives to possibly coordinate the release of information damaging to Hillary Clinton’s 2016 presidential campaign.

Mar.21. Reuters reports that Google and Jigsaw have begun offering free Protect Your Election packages to election organizers and civic groups so they can guard themselves from politically-motivated cyberattacks.

Mar. 20. FBI Director James Comey confirms his agency is investigating possible links between Russian hackers and President Donald J. Trump’s election team at a hearing by the U.S. House Intelligence Committee.


RELATED: Hackerpocalypse — World War III is underway, and it’s cyber… timeline ad infinitum.


Mar. 17. Alfa Bank, a privately-owned Russian financial institution, confirms it has contacted U.S. law enforcement authorities and offered complete cooperation in finding out who attempted to use its servers to make it appear that the bank was communicating with the Trump organization.

Mar. 16. Trump Administration releases budget proposal that includes $1.5 billion for cybersecurity and protecting the nation’s critical infrastructure.

Mar. 16. Canada’s Department of National Defense releases documents revealing that the country is taking steps to strengthen its cyber warfare arsenal.

Mar. 15. U.S. Justice Department indicts for hacking half a billion Yahoo accounts Russian Federal Security Service agents Dmitry Dokuchaev and Igor Sushchin and two co-conspirators, Alexsey Belan and Karim Baratov.

Mar. 15. Twitter accounts of high-profile news outlets, international brands and politicians are hacked and tweets posted in support of Turkish President Tayyip Erdogans who is in a heated dispute with several European countries over whether Turkish politicians should be allowed to speak at political rallies in those nations.

Mar. 12. MacKeeper security researchers report they’ve discovered a misconfigured device connected to the Internet belonging to a U.S. Air Force officer that has exposed sensitive information to the public, including a spreadsheet with details about ongoing investigations by the service.

Mar. 12. British spy agency GCHQ calls emergency summit with UK political parties after warning them that they are at risk of Russian cyberattacks disrupting the next general election in the country.

Mar. 8. Information Technology and Innovation Foundation reports that 92 percent of U.S. government websites fail to meet basic standards for security, speed, mobile friendliness or accessibility.

Mar. 9. Korean Herald reports Chinese hackers who forced website of retailer Lotte Mart offline in retaliation for its role in the siting of a U.S. missile defense base in Korea have expanded their attacks to include 30 public and company websites of the peninsula nation, including sites for the 2018 Olympics and 2017 WTF World Taekwondo Championships.

Mar. 7. WikiLeaks posts online thousands of documents it says were leaked from the U.S. Central Intelligence Agency, including information on tools used by the spies to hack computers and mobile phones.

Mar. 6. Bloomberg reports that Russian hackers have been launching cyberattacks on U.S. progressive groups in attempts to find embarrassing emails that can be used to extort money from them.

Mar. 4. New York Times reports that the United States has been waging a secret cyber war for three years against North Korea to disrupt its missile program.

Mar. 3. FBI opens investigation into possible data breach at the Center for Election Systems at Kennesaw State University in Georgia that could potentially impact 7.5 million voter records.

Mar. 2. Retired Gen. Keith Alexander, former head of the National Security Agency, at hearing by U.S. Senate Armed Services Committee says federal agencies are unable to protect the nation against digital threats because they don’t share information.

Mar. 2. U.S. Attorney General Jeff Sessions announces he will recuse himself from any investigation into charges that Russia meddled in 2016 presidential election after it was discovered he failed to disclose during his confirmation hearing two meetings he had with the Russian ambassador to the United States.


Feb. 28. The Defense Science Board releases study on state of cyber defense in the United States forecasting that in the next five to 10 years other nations will have offensive cyber capabilities that “far exceed the United States’ ability to defend and adequately strengthen the resilience of its critical infrastructures.”

Feb. 21. McClatchy Washington Bureau reports that U.S. investigators are examining whether or not Russia’s Federal Security Service funneled payments disguised as pension benefits to operatives in the United States used to hack Democratic party emails and discredit Hilliary Clinton’s presidential campaign.

Feb. 20. Professor Sheena Geitens, an East Asia expert at the University of Missouri, tells Time magazine that Chinese suspension of coal imports from North Korea as punishment for assassinating the half-brother of Supreme Leader Kin Jong Un at a Malaysian airport will result in stepped up cybercrime by North Korea’s army of 6,800 state-sponsored hackers.

Feb. 18. Fortune magazine reports that FBI is conducting at least three investigations into the alleged Russian hacking of the U.S. presidential elections — one into the breach of the Democratic National Committee, another into the theft of emails of Clinton campaign manager John Podesta and a third into links between Russia and Trump associates.

Feb. 17. Rep. Ted Lieu (D-Calif.) and 14 other members of Congress request House Oversight Committee to investigate the cybersecurity practices of President Donald J. Trump, including his use of an unsecured personal phone.

Feb. 16. IBM’s X-Force Incident Response and Intelligence Services identifies propagation techniques used by the Shamoon malware, which has been a major weapon in the cyberwar between Saudi Arabia and Iran.

Feb. 16. A report by Google leaked to the public reveals the company knew about Fancy Bear before the group was linked to the data breach as the Democratic National Convention.

Feb. 16. Patrick Wardle, a former NSA staffer and current research head at Synack, a bug hunting company, tells Forbes magazine that malware leaked online and believed to belong to Fancy Bear, the group of Russian hackers connected a data breach at the Democratic National Committee, contains “chunks” of code from hacking tools stolen from the Italian cyber mercenary firm Hacking Team.


RELATED: Training Cyber War Fighters – Cybersecurity Ventures has announced its 2017 List of Master’s Degree Programs in Cybersecurity


Feb. 15. Oleksandr Tkachuk, Ukraine’s security service chief of staff, accuses Russian hackers of targeting his country’s power grid, financial systems and other infrastructure with a new type of computer virus that attacks industrial processes,

Feb. 15. Threat intelligence company Recorded Future reports Russian-speaking hacker it calls Rasputin, who breached the U.S. Election Assistance Commission in November, is selling unauthorized access to more than 60 universities and government agencies.

Feb. 14. Brad Smith, president and chief legal officer of Microsoft, calls for a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace.

Feb. 14. New York Times reports U.S. law enforcement and intelligence agencies have phone records and intercepted calls that show members of Donald J. Trump’s 2016 presidential campaign and other Trump associates had repeated contacts with senior Russian intelligence officials in the year before the election.

Feb. 13. Richard Ferrand, secretary-general of the French En Marche party, accuses Russia of targeting presidential frontrunner Emmanuel Macron through media and Internet attacks to help the election campaigns of his rivals.

Feb. 10. The Guardian reports that Russia is suspected by Italian officials of being behind a sustained hacking attack on the country’s foreign ministry last year that compromised email communications and lasted for many months.

Feb. 8. U.S. prosecutors air indictment against Harold T. Martin III, a former NSA contractor who is accused of stealing some 500 million pages of classified documents from the agency.

Feb. 7. General Stephen W. Wilson, vice chief of staff for the U.S. Air Force, testifies before Congress that in 2016, his service branch conducted 4,000 cyber missions against more than 100,000 targets, enabling more than 200 high-value, kill-capture missions.

Feb. 6. Security researchers Claudio Guarnieri and Collin Anderson report Iranian hackers are using malware designed to infect Apple computers to attack the U.S. defense industry and human rights groups.

Feb. 3. Norwegian security service warns that country’s Labor Party, defense and foreign ministries and the security service itself have been targeted by Fancy Bear, hacker group believed to be linked to Russia.

Feb. 3. Science Advances publishes paper by Canadian researchers explaining how to hack into a quantum network similar to one being built by the Chinese, which they claim is hack-proof.

Feb. 3. Rob Bertholee, head of the Dutch AIVD security service, says Russia, China and Iran have made hundreds of attempts to hack into Dutch government departments and companies in the last six months.

Feb. 2. UK Law Commission recommends the country’s Official Secrets Act be modified so that spies and civil servants who leak national security secrets face up 14 years in prison.

Feb. 2. Russia charges four people, including two officers in its FSB spy agency, with treason for passing to the United States information believed to be about the Kremlin’s efforts to influence the 2016 presidential election in the United States.

Feb. 1. Dutch government announces it is scrapping the computer software it uses to tally and transmit election results and perform the tasks by hand for fear the election results could be hacked.

Feb. 1. Dan Tentler, founder of cybersecurity firm Phobos Group, warns that several servers run by the U.S. Department of Defense that have been misconfigured for at least eight months could be easily penetrated by threat actors who could use the systems to launch cyberattacks that appear to originate on those systems.


Jan. 30. Maagad Ben Juwad Oydeh, who hacked the video feeds from Israeli drones hovering over Gaza, agrees to plea deal with a suggested jail sentence of nine years.

Jan. 30. Rzeczpospolita reports a failed phishing attack on several employees of the Polish Foreign Ministry is believed to be the work of Fancy Bear, the Russian hacker group tied to trying to influence the outcome of the U.S. presidential election.

Jan. 29. The Times of London reports Dmitry Dokuchaev has been arrested in Russia on treason charges, the third such arrest since the Kremlin’s interference with the U.S. presidential election was exposed.

Jan. 26. SecureWorks reports that Fancy Bear, the group of Russian hackers believed to have targeted the U.S. political system during the run-up to the 2016 presidential election, infiltrated a UK television network for almost a year and monitored its operation.

Jan. 26. The Electronic Privacy Information Center files a lawsuit against the Office of the Director of National Intelligence seeking the release of the U.S. intelligence community’s entire assessment of Russia’s interfence with the 2016 presidential election.

Jan.17. CNN/ORC releases poll showing 58 percent of Americans believe the outcome of the presidential election would have been the same whether Russia tried to influence the outcome or not.

Jan. 16. Secureworks says Fancy Bear, the group of Russian hackers believed to have influenced the U.S. elections, has hacked a Norwegian military attache stationed in Eastern Europe and the Norwegian diplomatic mission in Central Asia.

Jan. 16. Nikolay Patrushev, head of Russia’s Security Council, says his country has been experiencing increased attempts to penetrate its information systems by foreign countries, including the United States, China and India.

Jan. 16. Cybersecurity Ventures announces it has acquired for an undisclosed price the domain name from a private seller.

Jan. 15. The Daily Express reports Russian electronic units are hacking into the systems of RAF bombers and forcing them to abort missions over Syria.

Jan. 14. Dutch media reports Russian hackers attempted to access a report prepared by Dutch investigators on Malaysian Airlines flight MH17, which was shot down above the Ukraine, two weeks before the report was released.

Jan. 13. U.S. Senate Intelligence Committee announces it will investigate allegations Russia used cyber attacks to influence U.S. presidential elections.

Jan. 13. Boston Police announce they’re scrapping a $1.4 million plan to buy software to monitor social media postings for criminal activity and threats to public safety after objections about the technology were raised by more than a dozen civil rights groups and religious organizations.

Jan. 13. Manager of City of Ashland, Wisc. says Russian and East European hackers tried to continually but unsuccessfully to break into the city’s computer systems in the months prior to the 2016 presidential elections.

Jan. 12. Motherboard reports it has received from a hacker 900 gigabytes of data stolen from Cellebrite — an Israeli mobile hacking company that’s done work for U.S. federal and state law enforcement agencies as well as Russia, the United Arab Emirates and Turkey — including customer information, databases, and a vast amount of technical data regarding its products.


RELATED: The Phi Beta Cyber Society — Connecting the top U.S. men and women in cybersecurity with our high school students.


Jan. 12. Shadow Brokers, a mysterious group of hackers that gained notice when they previously published hundreds of hacking tools belonging to the NSA, announces it is disbanding and releases a number of Zero Day Windows vulnerabilities.

Jan. 11. Palestinian militant group Hamas baits dozens of Israeli soldiers with online “honeypots” that encouraged them to download malicious apps that compromised their phones and lead to Hamas accessing sensitive army information and intelligence.

Jan. 10. FBI Director James Comey testifies before U.S.Senate Intelligence Committee that Russia hacked into Republican state political campaigns and old email domains of the Republican National Committee but did not release any of the information they obtained from those locations.

Jan. 10. The Arizona Department of Administration says it has found no evidence of tampering with with a state employee timekeeping system after some legislators saw Russian prompts on it; however, the state is continuing to investigate a number of computers used by legislators and staff infected with malware.

Jan. 9. Hans-Georg Maassen, head of Germany’s domestic intelligence service, says his agency has discovered evidence that the Kremlin-linked hacking group Fancy Bear, also known an APT28, was behind an attack on the computers of the Organisation for Security and Cooperation in Europe, the organization responsible for monitoring the ceasefire between government forces and pro-Russian rebels in eastern Ukraine.

Jan. 8. French Defense Minister Jean-Yves Le Drian says in an interview published in Le Journal du Dimanche that in 2016 his ministry thwarted 24,000 cyber attacks involving harassment, surveillance, espionage and disruption of its drone program.

Jan. 6. U.S. intelligence officials release report concluding that Russian President Vladimir Putin personally ordered an influence campaign in 2016 that turned from denigrating Hillary Clinton to developing a clear preference for President-elect Donald Trump.

Jan. 6. U.S. Homeland Security Secretary Jeh Johnson designates U.S. elections systems part of the nation’s critical infrastructure, which will allow the federal government to give states greater assistance in preventing cyber attacks on those systems.

Jan. 6. California Department of Insurance finds data breach that compromised 78.8 million consumer records at health insurer Anthem was performed on behalf of a foreign government.

Jan. 6. Ukraine’s military denies report by cybersecurity firm Cloudstrike that Russia hacked targeting software for Ukraine’s heavy artillery which allowed the Kremlin to track the big guns.

Jan. 6. Department 13, a Maryland company and DARPA spinoff, says it can take control of drones in flight without the use of jamming.

Jan. 5. Armed Services Committee of U.S. Senate holds public hearing with top intelligence officials on Russian cyber aggression and interference with presidential election.

Jan. 5. U.S. Director of National Security James Clapper, Undersecretary of Defense for Intelligence Marcel Lettre and NSA and U.S .Cyber Command Director Admiral Mike Rogers issue joint statement saying more than 30 countries are developing cyber attack capabilities.

Jan. 5. Former CIA Director James Woolsey resigns as an adviser to President-elect Donald Trump.

Jan. 5. Center for Strategic and International Studies task force on cyber policy chaired by Rep. Michael McCaul (R.-Texas) and Sen. Sheldon Whitehouse (D.-R.I.) recommends Trump administration develop new policies to deter and respond to nation-states engaged in hostile behavior in cyberspace.

Jan. 3. U.S. Department of Homeland Security and the FBI warn Hydro One, the main distributor of electricity in the Canadian province of Ontario, that it may have been the target of a Russian cyberattack that planted malware on the power provider’s computer systems.

Stay tuned for the Q2 2017 edition of Cyberwarfare Diary.

John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.


Q4 2016 is a quarterly diary of cyberwarfare activity. What is cyberwarfare? Cyberwarfare is defined as the most aggressive form of attack by a foe or rival over the internet. It largely applies to actions by states and involves denying internet services to communities or countries, or, at worst, destroying critical infrastructure or industrial facilities.


U.S. v. Russia cyber conflict intensifies

johnmelloembossedJohn P. Mello, Jr.

Menlo Park, Calif. – Dec. 30, 2016

The quarter began with an official accusation that Russia interfered with elections in the United States and ended with dozens of the Kremlin’s diplomats being expelled from their American digs in retaliation for that interference.

In between, there was a destructive cyberattack on Saudi Arabia, a demonstration of a new stealth fighter build with stolen U.S. tech, a call for banning Lenovo hardware in the Defense Department and a hacker assault on a U.S. aircraft carrier in the South China Sea.



Dec. 31. U.S. Department of Homeland Security says malware found on a laptop belonging to the Burlington (Vermont) Electric Company matches malicious software attributed to Russian hackers found on the computers of the  Democratic National Committee.

Dec. 30. President Barrack Obama expels from the United States 35 suspected Russian spies for “malicious cyber activity and harassment” in connection with Russia’s attempt to influence the 2016 presidential election.

Dec. 29. U.S. Department of Homeland Security and FBI release 13-page report on Russian interference with U.S. Presidential election by hacking American political sites and email accounts.

Dec. 29. Ukrainian President Petro Poroshenko says his country’s state institutions have been targeted about 6,500 times in the past two months by hackers, including agents of Russian security services.

Dec. 28. The Organization for Security Cooperation in Europe, which monitors the Ukraine-Russian conflict, says it suffered a data breach that compromised the security of its computer network.


RELATED: Hackerpocalypse — World War III is underway, and it’s cyber… timeline ad infinitum.


Dec. 23. CNBC reports the FBI is investigating infiltration of computers at Federal Deposit Insurance Corporation, which insures consumer deposits in U.S. banks, believed to be perpetrated by China’s military.

Dec. 22. Crowdstrike, an information security company, reports the Russian hacking group that stole data from the computers of the Democratic National Committee also used their skills to pinpoint and kill Ukrainian soldiers in 2014.

Dec. 15. CBS News reports that in August 2015 Russian hackers seized control of the non-classified email system of the U.S. Joint Chiefs of Staff used by about 3,500 officers and civilians.

Dec. 15. The Wall Street Journal reports the Republican National Committee foiled attempts to break into its computer systems using the same techniques that compromised the systems of its Democratic counterpart.

Dec. 9. Hans-Georg Maassen, head of the BfV, Germany’s domestic intelligence agency, says in statement that his agency has seen aggressive and increased cyber spying and cyber operations aimed at weakening and destabilizing the Federal Republic of Germany.

Dec. 2. Russia’s Federal Security Service says it has thwarted a cyberattack mounted by “foreign intelligence services” designed to destabilize its country’s financial system.

Dec. 1. Bloomberg reports cyberattacks believed to be launched from Iran against Saudi Arabia have erased data and disrupted operations at the agency running the country’s airports.


Nov. 17. Recruitment website for the Canadian armed forces hacked and visitors redirected to the home page of the Chinese government.

Nov. 4. NBC News reports that U.S.military hackers have penetrated Russia’s power grid, telecommunications networks and command systems making them vulnerable to American cyber weapons.

Nov. 4. Swiss Attorney General’s office suspends 18-month investigation into cyber espionage at Iran nuclear program talks in 2015 because it can’t find who was behind the criminal wrongdoing.


RELATED: Training Cyber War Fighters – Cybersecurity Ventures has announced its 2017 List of Master’s Degree Programs in Cybersecurity


Nov. 3. WikiLeaks founder Julian Assange tells Russian-government run news station that Kremlin did not feed him stolen emails from Democratic Party organizations in the United States.

Nov. 2. Microsoft says Russian hackers accused of interfering with U.S. elections exploited a “zero day” vulnerability in Windows to attack users of that operating system.

Nov. 1. Chinese demo their J-20 stealth fighter, which is believed to be based on blueprints for the U.S. F-22 stealth fighter stolen by hackers from the military.


Oct. 31. A group called Shadow Brokers dumps online a list of servers compromised by the Equation Group, which has been linked to the NSA, and appear to be have been used for surveillance and other activity.

Oct. 28. Volexity, a network security company, says Chinese hackers launched a network attack targeting defense officials, defense industry representatives, defense security experts and think-tank scholars attending U.S.-Taiwan Defense Industry Conference in Williamsburg, Va. earlier this month.

Oct. 27. Ukrainian hackers release thousands of emails that appear to link between Russian President Vladimir Putin’s adviser Vladislav Surkov and the pro-Russia rebels fighting Ukrainian forces.

Oct. 24. The Washington Beacon reports the Pentagon’s J-2 intelligence directorate is warning the military against using equipment produced by Chinese firm Lenovo because it could introduce compromised hardware into the U.S. Defense Department supply chain.

Oct. 21. U.S. Navy confirms Chinese hackers launched a cyberattack against the Nimitz-class aircraft carrier U.S.S. Ronald Reagan while it was on patrol in the South China Sea, but there was no evidence the foray was successful.


RELATED: The Phi Beta Cyber Society — Connecting the top U.S. men and women in cybersecurity with our high school students.


Oct. 18. Information security firm ThreatConnect reports Chinese hackers have compromised a European drone company and the U.S. subsidiary of a French energy management company to most likely obtain information to help Chinese businesses in those sectors.

Oct. 12. CNN reports federal investigators believe Russian hackers compromised a contractor for Florida’s election system and exposed information about the state’s voters.

Oct. 12. CrowdStrike, an information security company, says commercial hacking by China against U.S. firms has declined 90 percent since the Beijing and Washington inked an agreement 13 months ago to curb economic espionage.

Oct. 11. The Telegraph reports that ministers of UK Prime Minister Theresa May’s government have been banned from wearing Apple Watches to cabinet meetings for fear the devices could be hacked by Russian spies.

Oct. 7. The Obama administration officially accuses Russia of attempting to interfere with the 2016 U.S. elections by hacking the computers of the Democratic National Committee and other political organizations.

Oct. 1. National Cyber Safety and Standards of India claims it has infiltrated Pakistan’s critical and defense infrastructure and could destroy it if ordered to do so by the Indian government.

Stay tuned for the Q1 2017 edition of the Cyberwarfare Diary.

John P. Mello, Jr. a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.


© 2016-2017 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.