Cyberwarfare Report. PHOTO: Cybercrime Magazine.

Cyberwarfare Report, Vol. 4, No. 2: WikiLeaks Founder Indicted, Mueller Report

John P. Mello, Jr.

Northport, N.Y. – Jul. 15, 2019

U.S. Special Counsel Robert Mueller’s final report on Russian interference with the 2016 presidential election highlighted cyberwar events during the April to June time period.

Also this past quarter, Julian Assange, founder of WikiLeaks, lost his sanctuary at the Ecuadorian embassy in London and was indicted by the U.S. Justice Department for his role in one of the largest compromises of classified information in the history of the United States.

Meanwhile, reports appeared that the U.S. has stepped up its offensive cyber activity, including planting malware in Russia’s critical infrastructure.

Diary of cyberwarfare activity for the latest quarter:

 June

Jun. 28. Washington Free Beacon reports U.S. Environmental Protection Agency is warning its employees of increased activity by Iranian hackers directed at U.S. agencies. The agency explains, “Rising tensions between the U.S. and Islamic Republic of Iran has resulted in targeted cyber campaigns that use destructive ‘wiper’ attacks.  These attacks are designed to delete and wipe data rather than the more common ransomware tactics of stealing data or money.”

Jun. 27. Yandex, Russia’s largest Internet company by value, confirms it was targeted in a cyberattack at the end of 2018. The company, known as the Google of Russia, says no user data was compromised and the attack was neutralized before any damage could be done. In its report on the attack, Reuters says the event was staged by individuals working for western intelligence agencies, who attempted to install a rare type of malware used by the agencies to spy on users.

Jun. 16. Security researchers at ThreatConnect release report linking WikiLeaks to Iranian government hackers via a computer server located in Moscow. They note that a few weeks following a notorious series of attacks by the hackers against Saudi Arabia and other Middles Eastern countries, WikiLeaks published hundreds of thousands of diplomatic cables stolen from Saudi Arabia’s foreign ministry.

Jun. 15. NewYork Times reports that the United states has been stepping up intrusions into Russia’s power grid as a warning and demonstration of the Trump administration’s recently obtained authority to deploy cyber tools more aggressively. It says the new authority has resulted in the placement of crippling malware inside Russian systems at a depth and aggressiveness that has never been tried before.

Jun. 12. Service for the popular messaging application Telegram is disrupted by a Distributed Denial of Service attack. The attack affects 200 million users around the world, including those in Hong Kong protesting in the streets against a proposed law related to the extradition of the city’s citizens to China.

Jun. 5. Sydney Morning Herald reports that China is suspected in data breach compromising personal information of some 200,000 current and former students and staff at the Australian National University. It adds that intelligence officials are concerned the information will be used to groom students to become spies for China.

Jun. 5. BuzzFeed News reports that a “sophisticated cyber espionage event” was discovered in April by EU authorities but kept under wraps. It says the event, which occurred just weeks before the EU’s parliamentary elections, was a data breach at the EU’s Moscow embassy that resulted in the theft of data. It adds that officials have no idea how much or what kind of data was taken during the attack.

May

May 29. U.S. Special Counsel Robert Mueller, speaking at a press conference, says his investigation of Russia’s interference with the 2016 presidential election did not exonerate President Donald J. Trump of any crimes. He tells reporters, “If we had had confidence that the president clearly did not commit a crime, we would have said so.”

May 28. ZDNet reports China has launched an initiative to replace the Windows operating system on computers used by its military as a security measure. It says the country’s Internet Security Information Leadership Group will develop the operating system for use by the military.

May 23. U.S. Department of Justice announces 18-count indictment of WikiLeaks founder Julian Assange, 47, related to his alleged role in one of the largest compromises of classified information in the history of the United States. The indictment alleges that Assange was complicit with Chelsea Manning, a former intelligence analyst in the U.S. Army, in unlawfully obtaining and disclosing classified documents related to the national defense.

May 23. UK Foreign Secretary Jeremy Hunt vows at a NATO press conference to use offensive cyber weapons to retaliate against state-backed hackers targeting his country. Britain recently approved £22 million to increase its offensive cyber capabilities. 

May 22. Florida Gov. Ron DeSantis orders a security review of his state’s election systems. The move comes following reports that the systems in two Florida counties were breached during the 2016 presidential election.

May 20. John Abowd, chief scientist at the U.S. Census Bureau, speaking at a forum at the Federal Reserve Bank of Atlanta, says his agency is “very concerned” about Russian hacking of data to be collected in the 2020 census. He adds that government CIOs and security staffers are meeting regularly to assess threats and make preparations for mitigating them.

May 17. TeamViewer, a popular remote control, desktop sharing, online meetings, and web conferencing program, confirms Chinese hackers attacked the software in 2016, but says the suspicious activity was detected before any major damage occurred. That contradicts a report in the German publication Der Spiegel which says Chinese hackers have been inside TeamViewer’s network since 2014 when they installed a backdoor Trojan called Winnti. ZDNet reports that even before the alleged installation of Winnti, there was a wave of TeamViewer account hijackings attributed to Chinese IP addresses.

May 16. Washington Post reports Washington County, located in the Florida panhandle, was one of two counties penetrated by Russian military intelligence during the 2016 presidential election. Candidate Trump received 77 percent of the more than 11,000 votes cast in the county. Federal and state officials say the intrusions did not affect any of the vote tallies.

May 16. Iranian Minister of Communications and Information Technology Mohammad Javad Azari-Jahromi tweets than his nation has developed a firewall for industrial automation systems that can neutralize industrial sabotage, such as was performed by the Stuxnet cyber weapon.

May 16. Military Times reports a Navy prosecutor sent the editor of the Navy Times an email embedded with a tracking device. Exposure of the device comes as the Naval Criminal Investigation Service is conducting an investigation into media leaks during the ongoing trial of Special Operations Chief Edward Gallagher for the murder of an injured teenage militant he allegedly stabbed to death in 2017 in Iraq. A spokesman for NCIS says the device adds an “audit capability” to ensure the integrity of protected documents. He tells the Military Times: “It is not malware, not a virus, and does not reside on computer systems. There is no risk that systems are corrupted or compromised.”

May 15. Politico reports John Weaver, a top adviser for John Kasich’s presidential campaign in 2016 and long-time critic of Russia for interfering in American politics, has accepted a $350,000 contract to lobby in Washington for Tenam Corporation, a subsidiary of Rosatom, a state-owned Russian energy company. The six-month agreement calls for Weaver to lobby the administration and Congress on “sanctions or other restrictions in the area of atomic (nuclear) energy, trade or cooperation involving in any way the Russian Federation.” 

May 14. Hackers deface and disrupt webcast of a Eurovision 2019, a song contest in Tel Aviv. The two-minute interruption includes anti-Israeli messages and a bogus warning of an impending missile attack.

May 13. WhatsApp, a messaging app owned by Facebook, advises users to upgrade to the latest version of the software after a vulnerability was discovered that could be exploited to install spyware surreptitiously on Android and iOS phones running the app. The flaw makes phones vulnerable to programs like Pegasus, a military-strength surveillance app produced by NSO, an Israeli company.

May 10. Security researchers at Fidus Information Security reveal that a white-label cell-network location tracker manufactured in China will leak location information about its user by sending it a text message with a keyword. It notes a command can also be sent to it that will turn on its microphone without a user’s knowledge. It adds that the device can be protected with a PIN, although that option is turned off by default. However, the device can be reset without a PIN, which would open it up again to be hacked. Companies selling the device under their brand include Pebbell by HoIP Telecom, OwnFone Footprint, and SureSafeGo.

May 8. Forbes reports U.S. Immigration and Customs Enforcement has spent more than $1.2 million in the past year to hack the iPhone. It says the agency has executed two contracts — one for $820,000 and another for $384,000 — with Grayshift, of Atlanta, Ga., which makes GrayKey, described as the best iPhone hacking tech for police and intelligence agents.

May 7. CPO Magazine reports sensitve information about a notorious Iranian hacker group known as APT34 (also known as Oilrig) is being leaked to the public via the Telegram app, as well as through online forums, by a group calling itself Lab Dookhtegan. Information includes APT34’s hacking tools and the names, addresses, photos, and phone numbers of some members of the Iranian Ministry of Intelligence responsible for state-sponsored cyberattacks.

May 5. Israel says it has bombed cyber headquarters of Hamas after the Palestinian organization launched a cyber offensive on the Jewish state. A spokesperson for the Israel Defense Forces says after the bombing that Hamas no longer has any cyber capabilities. The airstrike is the first known kinetic response to a cyberattack to date.

May 5. ZDNet reports Japan has started creating malware weapons to defend itself against cyberattacks. It says the weapons, which are being created by private contractors, are expected to be completed by the end of the government’s fiscal year. 

May 2. President Donald J. Trump issues executive order aimed at improving the nation’s cybersecurity workforce. The order requires the federal government to do more to provide access to cybersecurity skills training, to identify the most-skilled cybersecurity workers, and to advance career opportunities in the public and private sectors.

May 1. Kaspersky Lab reveals a mysterious hacker known as Volodya (formerly known as BuggiCorp) has been selling Windows Zero Day vulnerabilities for the past three years to three cyberespionage groups, as well as some cybercriminal gangs. According to ZDNet, the activity reenforces the view that government-backed cyber spies will buy Zero Day vulnerabilities, as well as develop their own. 

 April

April 30. Super Micro Computer, of San Jose, Calif., tells suppliers to move their motherboard production out of China over concerns of supply-chain poisoning by the Chinese government. Last fall, Bloomberg reported that motherboards for servers made by SMC were being implanted with a spy chip by the Chinese government to steal information from companies such as Apple and Amazon. Although independent testers could not verify any tampering with motherboards produced in China, some U.S. customers, especially those doing government work, asked for hardware with motherboards be made outside Beijing’s realm.

Apr. 23. Jared Kushner, son-in-law of President Donald J. Trump, says U.S. Special Counsel Robert Mueller has done more to harm American democracy than Russia. Speaking at a forum sponsored by Time magazine in New York City, he says, “I think the investigations and all of the speculation that’s happened for the last two years had a much harsher impact on our democracy than a couple of Facebook ads.” Mueller’s final report refers to the use of social media, including Facebook, to spread positive information about candidate Trump.

Apr. 18. Before releasing report of U.S. Special Counsel Robert Mueller, Attorney  General William Barr holds press conference to claim report shows no collusion between the 2016 Trump presidential campaign and Russia to swing the election to Donald J. Trump.

Apr. 18. A redacted version of the final report by U.S. Special Counsel Robert Mueller is released by the Justice Department. It finds, among other things, that Russian operatives, posing as Americans, created fake social media accounts to post pro-Trump propaganda that was viewed and shared by millions of Americans.

Apr. 18. Report of U.S. Special Counsel Robert Mueller finds Russian military officers targeted the personal office of former Secretary of State Hillary Clinton hours after presidential candidate Donald J. Trump called on Russia to find Clinton’s “lost” emails in a public speech.

Apr. 17. Cisco System’s Talos security division reveals a hacker group that it’s calling Sea Turtle was behind a broad campaign of espionage that hit 40 organizations. The campaign deployed DNS hijacking, which enabled the attackers to perform “man in the middle” attacks on the organizations and intercept all their Internet data from email to web traffic. Talos does not affiliate any nation with the hackers, but notes most of the targets were ministries of foreign affairs, intelligence agencies, military targets, and energy-related groups, all based in the Middle East and North Africa.

Apr. 16. Ukrainian security services announces it has begun investigation into a cache of emails leaked by Ukrainian hackers showing financial links between the campaign of Volodymyr Zelenskiy, a comedian and presidential candidate, and members of Russia’s security service. Newsweek reports that the emails also appear to show that some of the financing came from Kremlin aide Vladislav Surkov and Russian billionaire Konstantin Malofeev, both of whom allegedly help dictate the Kremlin’s policies towards Ukraine.

Apr. 8. Locked Shields, the world’s largest international cyber warfare exercise, begins. Event is organized by NATO’s Cooperative Cyber Defense Center of Excellence, which says the exercise gives national cyber experts a unique opportunity to practice protection of their countries’ IT systems and critical infrastructure under the pressure of a major cyberattack.

Cyberwarfare Report Archives

John P. Mello, Jr. is a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.