Hacking

Hacking and Cyber Warfare

2016 Presidential Campaign Hacking Fast Facts CNN

February 16, 2018: Mueller Issues indictment against 13 Russian Nationals with working for the Russian Internet Research Agency to foment discord in the US. CNN  These people impersonated Americans and held rallies for and against Trump issues, resulting in the count for Identity Theft.

Profexer’s posts, already accessible only to a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in Russian hacking in the United States. American intelligence agencies have determined Russian hackers were behind the electronic break-in of the Democratic National Committee.”

G.O.P. Operative Confirms Alleged Russian Hacker Gave Him 2016 Voter Data Roger Stone wasn’t the only political consultant in touch with Guccifer 2.0 during last year’s election. Vanity Fair ABIGAIL TRACY MAY 25, 2017 5:30 PM

Learning that hacker “Guccifer 2.0” had tapped into a Democratic committee that helps House candidates, Mr. Nevins wrote to the hacker to say: “Feel free to send any Florida based information.”

 Ten days later, Mr. Nevins received 2.5 gigabytes of Democratic Congressional Campaign Committee documents, some of which he posted on a blog called HelloFLA.com that he ran using a pseudonym.

Soon after, the hacker sent a link to the blog article to Roger Stone, a longtime informal adviser to then-candidate Donald Trump, along with Mr. Nevins’ analysis of the hacked data.

“I just threw an arrow in the dark,” Nevins said during an interview with the Journal. But he quickly realized that the data he had received was even more valuable than Guccifer 2.0 likely realized. “Basically if this was a war, this is the map to where all the troops are deployed,” Nevins told the hacker in a series of exchanges reviewed by the Journal. Democrats, Nevins told him, probably “spent millions probably to figure out who these people are that are conducive to their message and now it’s exposed for the other side.” Nevins posted the analysis to his blog, making easily available a set of voter analysis data for a number of critical battleground states including Pennsylvania, which Trump won by less than 70,000 votes.

Nevins’ exchanges with Guccifer 2.0 appear to represent the first confirmed evidence of a G.O.P. operative and an alleged Russian intelligence entity working together to tilt the 2016 election for Republican candidates. Nevins told the Journal that he isn’t convinced Guccifer 2.0 actually represents Russian interests, but that it was irrelevant either way. “If your interests align,” he said, “never shut any doors in politics.”  Vanity Fair 

July 12, 2017 Cyber Berkut started publishing emails starting a rumor that was played on Fox News for the next 5 days. It is believed to be an alter ego of Fancy Bear, pro-Russian hacker group Rachel Maddow Show    

Track what the Russian Bots are doing in Real Time here! 

It’s become clear that Putin intends to sway elections in the Western world. The US, France and UK have been hacked and the US election was influenced by the combined efforts of hackers, American voices of the Alt-Right and the Meme Warriors from the US and abroad. Actual interference into voter rolls and machine vote tallies is being investigated…but not by the agency designed to investigate. Trump’s shutting that down…and instead suggesting a Cyber Security Taskforce with Putin himself at the G20 summit.  Many speculate that Putin’s trying to win the war without firing a bullet, so to speak… taking over one free country at a time and encouraging authoritarian, far-right regimes which restrict women’s rights and freedoms of all kinds.

Trolling for Trump: How Russia Is Trying to Destroy Our Democracy November 6, 2016  Trump isn’t the end of Russia’s information war against America. They are just getting started.

Here’s exactly how Russia can hack the 2018 elections Vice News July 10, 2017

 

Russia’s attempt to hack US election officials, explained Vox

Foreign governments hacking US elections is a real threat. We need to be ready. “According to the NSA, the Russian government began its hacking efforts by attempting to infiltrate an American election technology vendor that the Intercept says is a Florida-based company called VR Systems. The attackers used a “spear phishing” technique, sending personalized emails to several employees of the company to try to trick the employees into entering their passwords into a fake Google login form. Next, the attackers posed as employees of the voting technology company to attack election officials in jurisdictions that used the company’s products. Using real documentation stolen from VR Systems, the hackers created malicious Microsoft Word documents that compromise a victim’s computer when they are opened. The documentation was for EVid, software that manages the voter checkin process at a polling place. We don’t know how many of those 122 election officials clicked on the malicious link and had their computers compromised. We don’t know if Russian spies did anything malicious once they gained access. The attackers sent out malicious emails to 122 election officials around the country” —Vox News


Steele Dossier

Quoting the Steele Dossier about planting malware in cheap Russian IT games: “In terms of the FSB’s recruitment of capable cyber operatives to carry out its, ideally deniable, offensive cyber operations, a Russian IT specialist with direct knowledge reported in June 2016 that this was often done using coercion and blackmail. In terms of ‘foreign’ agents, the FSB was approaching US citizens of Russian (Jewish) origin on business trips to Russia. In one case a US citizen of Russian ethnicity had been visiting Moscow to attract investors in his new information technology program.

The FSB clearly knew this and had offered to provide seed capital to this person in return for them being able to access and modify his IP, with a view to targeting priority foreign targets by planting a Trojan virus in the software. The US visitor was told this was common practice. The FSB also had implied significant operational success as a result of installing cheap Russian IT games containing their own malware unwittingly by targets on their PCs and other platforms.

In a more advanced and successful FSB operation, an IT operator inside a leading Russian SOE, who previously had been employed on conventional (defensive) IT work there, had been under instruction for the last year to conduct an offensive cyber operation against a foreign director of the company. Although the latter was apparently an infrequent visitor to Russia, the FSB now successfully had penetrated his personal IT and through this had managed to access various important institutions in the West through the back door.

6. The senior Russian government figure cited above also reported that non-state sponsored cyber crime was becoming an increasing problem inside Russia for the government and authorities there. The Central Bank of Russia claimed that in 2015 alone there had been more than 20 attempts at serious cyber embezzlement of money from corresponding accounts held there, comprising several billions Roubles. More generally, s/he understood there were circa 15 major organised crime groups in the country involved in cyber crime, all of which continued to operate largely outside state and FSB control. These included the so-called ‘Anunak’, ‘Buktrap‘ and ‘Metelorganisations.

– Further evidence of extensive conspiracy between campaign team and Kremlin, sanctioned at highest levels and involving Russian diplomatic staff based in the US

– TRUMP associate admits Kremlin behind recent appearance of DNC e-mails on WikiLeaks, as means of maintaining plausible deniability

– Agreed exchange of information established in both directions.

Team using moles within DNC and hackers in the US as well as outside in Russia. PUTIN motivated by fear and hatred of Hillary CLINTON. Russians receiving intel from team on Russian oligarchs and their families in US

Mechanism for transmitting this intelligence involves ‘pension’ disbursements to Russian emigres living in US as cover, using consular officials in New York, DC and Miami

– Suggestion from source close to TRUMP and MANAFORT that Republican campaign team happy to have Russia as media bogeyman to mask more extensive corrupt business ties to China and other emerging countries


Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election   June 5, 2017 The Intercept: “Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.”

 Federal contractor Reality Leigh Winner arrested for sending classified NSA intelligence to news outlet “A 25-year-old federal contractor is facing charges she leaked a classified National Security Agency document to a news outlet in May.The charges against Reality Leigh Winner came about an hour after the publication of a story based on an NSA document detailing Russian attempts to hack American voting systems in 2016.” Washington Examiner


Alleged hacker held in Prague at center of ‘intense’ US-Russia tug of war  The Guardian

Yevgeniy Nikulin faces extradition requests from both countries amid lingering disquiet over Moscow’s alleged interference in the US presidential election

Yevgeniy Nikulin was charged with offences relating to the hacking of computer networks belonging to LinkedIn, Dropbox and Formspring.
 Yevgeniy Nikulin was charged with offences relating to the hacking of computer networks belonging to LinkedIn, Dropbox and Formspring. Photograph: YouTube

“An alleged computer hacker being held in the Czech Republic is at the centre of an international legal tussle between the United States and Russia amid lingering disquiet over Moscow’s alleged interference in the recent US presidential election.

Yevgeniy Nikulin, 29, faces extradition requests from both countries after being detained by Czech police on an Interpol arrest warrant issued by US authorities.

Nikulin, a Russian citizen, was arrested in a restaurant in Prague on 5 October shortly after arriving in the city during a holiday with his girlfriend.

He faces a maximum 30 years in prison and up to $1m in fines if convicted on charges including computer intrusion, aggravated identity theft, conspiracy, damaging computers and trafficking in illegal access devices.

There is no acknowledged link between Nikulin’s alleged offences and the hacking of Hillary Clinton’s presidential campaign, but his arrest came just three days before the Obama administration formally accused Russia of stealing emails from the Democratic National Committee and disclosing them through WikiLeaks.

Formspring, one of the sites he allegedly hacked, was the platform used for sexting by Anthony Weiner, the former New York mayoral candidate and husband of Huma Abedin, Clinton’s closest aide. The discovery of emails linked to Clinton on Weiner’s laptop damaged her campaign in its final two weeks after the FBI director, James Comey, revealed their existence.

Meanwhile, Russia has responded to the American extradition request against Nikulin by tabling one of its own, demanding that he be returned to face allegations dating back to 2009 that he hacked another person’s bank account and stole 111,000 roubles (£1,465).

“He was never formally accused at that time. I think the reason is that he was recruited [by the Russian security services],” said Ondrej Kundra, political editor with the Czech weekly magazine Respekt, which has reported that the Russian services offer alleged offenders immunity from prosecution in exchange for collaboration.

One theory is Nikulin – even if not personally involved in the election hacking – may know other hackers who were.
Pinterest
 One theory is Nikulin – even if not personally involved in the election hacking – may know other hackers who were. Photograph: Police of the Czech Republic

“There’s intense lobbying in this case. People from the US and Russian side are talking to the Czech authorities because both really want Nikulin in their countries.”

Fuelling speculation is the existence of sealed US court documents, tabled six days after the original indictment against Nikulin on 20 October but whose contents have not been revealed.

“A number of documents were filed under seal, which means you cannot talk about them,” a US justice department spokesman told the Guardian.

Adam Kopecky, Nikulin’s Czech lawyer, said his client denied both the US and Russian charges and suggested he had become a political pawn. “My client and myself think it’s a political affair,” Kopecky said.

“Given the international situation, when one superpower accuses a citizen of the other of hacking their computers and then the other superpower accuses the same citizen of another crime, it’s kind of strange.”

Nikulin has suffered health problems since his arrest, his lawyer said.

Kopecky lodged an official complaint after prison authorities put his client under high-level supervision that included monitoring his communications with the lawyer.

“He is unhappy about being detained for a long time in a foreign country and about the accusations against him. He wants to return to Russia – but as a free man,” Kopecky said.

The case is currently in the hands of Prague’s chief prosecutor, who is expected to issue a decision on the twin extradition requests at the end of this month or early in February, a spokeswoman for the city’s municipal court said.

Russia’s embassy in Prague declined to comment but cited a previous foreign ministry statement in which a spokeswoman compared the affair to other incidents and called it “another proof that the US law enforcement agencies are hunting for Russian citizens across the world”.

A 32-year-old Russian computer programmer named only as Lisov was arrested by Spanish police at Barcelona airport this month on another US arrest warrant. Police in Spain said he was suspected of leading a financial fraud network and having designed and used software to steal account details from banks and individuals.

Another Russian citizen, Roman Valerevich Seleznev, was convicted last year of 38 hacking-related charges by a US court after he was arrested and extradited from Guam in 2014. Russia said Seleznev’s arrest amounted to “kidnapping”.” The Guardian


Trump’s Server, Revisited “Sorting through the new evidence, and competing theories, about the Trump server that appeared to be communicating with a Russian bank. By   Slate  November 2, 2016  “In a detailed post critiquing my piece, cybersecurity expert Rob Graham wrote, “The evidence available on the Internet is that Trump neither (directly) controls the domain trump-email.com, nor has access to the server.” This echoes the point raised by Vox, the Intercept, and others that the server was not operated by the Trump Organization directly. Rather, it was run and managed by Cendyn, a vendor that organizes email marketing campaigns for hotels and resorts…I entered the internet protocal address for mail1.trump-email.com to check if it ever showed up in Spamhaus and DNSBL.info. There were no traces of the IP address ever delivering spam…There’s a much smaller spike during the Democratic convention and no apparent increase before or during the Republican convention,” he noted. “In short, this chart seems to be totally unrelated to the political calendar.” He wonders why the largest spike occurs in August, after the party conventions. This happened to be a moment of potential interest in Russia, since those weeks were the denouement of the Paul Manafort era in the Trump campaign, with the exposure of logs showing he received $12.7 million in off-the-book payments from the Putin-backed Party of Regions. But Lee’s fundamental response is understandable: The chart shows possible correlations, not proven causation. There were reports that the Trump campaign had ordered the Republican Party to rewrite its platform position on Ukraine, maneuvering the GOP toward a policy preferred by Russia, though the Trump campaign denied having a hand in the change. Then Trump announced in an interview with the New York Times his unwillingness to spring to the defense of NATO allies in the face of a Russian invasion. Trump even invited Russian hackers to go hunting for Clinton’s emails, then passed the comment off as a joke. (I wrote about Trump’s relationship with Russia in early July.) After Tea Leaves posted his analysis on Reddit, a security blogger who goes by Krypt3ia expressed initial doubts—but his analysis was tarnished by several incorrect assumptions, and as he examined the matter, his skepticism of Tea Leaves softened somewhat. I asked nine computer scientists—some who agreed to speak on the record, some who asked for anonymity—if the DNS logs that Tea Leaves and his collaborators discovered could be forged or manipulated. They considered it nearly impossible.

* * *

Tea Leaves and his colleagues plotted the data from the logs on a timeline. What it illustrated was suggestive: The conversation between the Trump and Alfa servers appeared to follow the contours of political happenings in the United States. “At election-related moments, the traffic peaked,” according to Camp. There were considerably more DNS lookups, for instance, during the two conventions.

In September, the scientists tried to get the public to pay attention to their data. One of them posted a link to the logs in a Reddit thread. Around the same time, the New York Times’ Eric Lichtblau and Steven Lee Myers began chasing the story.* (They are still pursuing it.) Lichtblau met with a Washington representative of Alfa Bank on Sept. 21, and the bank denied having any connection to Trump. (Lichtblau told me that Times policy prevents him from commenting on his reporting.)  Slate

The spike in August was at the same time the Mercer camp and their SuperPac money publicly joined Trump, with Kellyanne Conway replacing Paul Manafort as Campaign Director and Steve Bannon getting more heavily involved in the Campaign.

4/3/17 Keith Olberman on Trump’s panic over the Russian election hack, which may be about Cambridge Analytica getting the official voter information rolls from about 20 States. Cambridge Analytica has been run by Steve Bannon and owned by Trump’s savior donors, Robert and Rebekah Mercer. Mikhael Kalugin identified as the Steele Dossier Russian spy under surveillance at the US Embassy, and the key player in the election scheme, suddenly pulled back to Moscow.

Trump gave a speech in New York City on June 22, which was written to be delivered on June 9, the same day as the Campaign was anticipating receiving Kompromat, or a Blackmail File, on Clinton’s campaign. The press conference was delayed until the 22nd because of the Pulse nightclub shooting in Orlando. The same day as this speech was delivered, the Trump Tower – Alfa Bank Pings began. Full Transcript and Video on Politico.  “Because it’s not just the political system that’s rigged. It’s the whole economy. It’s rigged by big donors who want to keep down wages. It’s rigged by big businesses who want to leave our country, fire our workers, and sell their products back into the U.S. with absolutely no consequences for them. It’s rigged by bureaucrats who are trapping kids in failing schools. It’s rigged against you, the American people. Hillary Clinton has perfected the politics of personal profit and theft. She ran the State Department like her own personal hedge fund – doing favors for oppressive regimes, and many others, in exchange for cash. Then there are the 33,000 emails she deleted. While we may not know what is in those deleted emails, our enemies probably do. So they probably now have a blackmail file over someone who wants to be President of the United States. This fact alone disqualifies her from the Presidency. We can’t hand over our government to someone whose deepest, darkest secrets may be in the hands of our enemies.”

June 22, 2016:

(5) FWIW. June 22: 10 days after Trump’s Reddit gets a big spike in members, less than 2 weeks post-Jr.’s meeting, TT-Alfa Bank pings begin. pic.twitter.com/lO2nViMitX

— Seth Abramson (@SethAbramson) July 10, 2017

Link to Dr. Jean Camp’s Graph


June 12, 2016

(h/t DM) 72 hours after Don Jr met with a Russian agent at Trump Tower, the top Trump fan-site had its largest-ever membership spike by FAR. pic.twitter.com/3ntfZ6USfi

— Seth Abramson (@SethAbramson) July 10, 2017

2016 Presidential Campaign Hacking Fast Facts CNN

Timeline:
June 14, 2016 – The Washington Post reports hackers working for the Russian government accessed the Democratic National Committee’s computer system, stealing oppositional research on Donald Trump and viewing staffers’ emails and chat exchanges. The Kremlin, however, denies that the government was linked to the hack, and a US official tells CNN that investigators have not yet concluded that the cyberattack was directed by the Russian government.

Yandex raided for Treason in Kiev, Ukraine

Russian search engine Yandex’s Ukraine offices raided for ‘treason’  Sending data home to Putin, puffs president Poroshenko 30 May 2017   The Register.co.uk   “Already under sanctions by the Ukrainian government, Russian search giant Yandex has been raided by the country’s security services. The raids, in capital Kiev and the southern city Odessa, were conducted under the treason articles of the country’s criminal code, according to Russian state newsagency TASS. Reuters says the basis of the complaint is that the company is collecting user data on Ukrainians and sending it back to Russia. The SBU has posted a statement saying the information sent to Russia was “for use in reconnaissance and acts of sabotage”.  The Register    Poroshenko requesting people cut off Yandex from access.

President of Ukraine Poroshenko, Translated from VK Social Media:

Hybrid warfare requires adequate responses to the challenges. Therefore, in order to influence the game and my team has used counter-top in some Russian social networks.

But the massive Russian cyber attacks around the world, in particular – the recent intervention in the election campaign in France, suggest that it is time to do things differently and more strongly.

Ukrainian ISPs should stop providing access to “facebook”, “Classmates”, “Yandex” and other Russian services. All official pages of the President in these services will be closed. I urge all fellow citizens to immediately leave from Russian servers for security reasons.”


Hospitals Gain Control After Ransom Hack, More Attacks May Come   

Bloomberg    

“Ransom Hackers Who Hit Hospitals Dealt Setback; May Return,” by Bloomberg’s Jordan Robertson: “The cyber-attack that spread rapidly around the globe was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to return as many computers remain at risk. Hackers can still gain easy access to personal computers that lack a security update issued in March by Microsoft Corp. to fix the vulnerability in its Windows operating system. … More than 75,000 computers in 99 countries were compromised in Friday’s attack, with a heavy concentration of infections in Russia and Ukraine.”


July 7, 2017: Russia Steps Up Spying Efforts After Election  Former DNI James Clapper: I think Russia’s goal here is to “prep the battlefield” for the 2018 election CNN 

Russia has actual spy college, wherein people get trained in a variety of legitimate careers and then placed in strategic companies and organizations for espionage. They acually employ hackers, as the investigations have shown.


THE DNC EMAIL HACK

Hacked from March 2015-June 2016


THE PODESTA EMAILS

Hacked in March 2016 and released October 2016