Home Tags Moscow

Tag: Moscow

Cebit showcases security after Snowden

It's almost four years since Edward Snowden leaked U.S. National Security Agency documents revealing the extent of the organization's surveillance of global internet traffic, but he's still making the headlines in Germany.At the Cebit trade show in Hannover, Germany, he'll be looking back at that period in live video interview from Moscow on Tuesday evening.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]There have been a lot of changes on the internet in those four years, but one of the biggest is the growth in the use of encryption.To read this article in full or to leave a comment, please click here

This hard drive will self destruct. Data-wiping malware targets Europe

Meaner strain of Shamoon makes comeback, joined by new, never-before disk wiper.

Apple’s iCloud saved deleted browser records, security company finds

Apple’s iCloud appears to have been holding on to users’ deleted internet browsing histories, including records over a year old.Moscow-based forensics firm Elcomsoft noticed it was able to pull supposedly deleted Safari browser histories from iCloud accounts, such as the date and time the site was visited and when the record was deleted.[ The cloud storage security gap — and how to close it. | 5 ways Microsoft has improved SharePoint security. ]“In fact, we were able to access records dated more than one year back,” wrote Elcomsoft’s CEO Vladimir Katalov in a Thursday blog post.To read this article in full or to leave a comment, please click here

A rash of invisible, fileless malware is infecting banks around the...

Once the province of nation-sponsored hackers, in-memory malware goes mainstream.

Kaspersky Lab Incident Investigations Head Arrested In Russia For 'Treason'

Security firm says the case doesn't affect its computer incidents investigation operations. Kaspersky Lab confirmed today that one of its top cybersecurity investigators was arrested in December in Russia, reportedly amid charges of treason. News of the arrest of Ruslan Stoyanov, head of Kaspersky Lab's computer incidents investigations unit, as well as Sergei Mikhailov, deputy head of the information security department at the FSB, first came via Kommersant, a Russian economic newspaper, and word later spread to US news media outlets. Stoyanov, who had been with Kaspersky Lab since 2012, led the firm's cybercrime investigation that ultimately led to the 2016 arrests of 50 members of the so-called Lurk cybercrime gang that stole more than $45 million from Russian financial institutions.

The case was said to be Russia's largest-ever crackdown on financial cybercrime. Stoyanov's arrest sent a chill throughout the security research community, with speculation by some that his cybercrime investigative efforts may have somehow gotten a little too close to Russian nation-state hacking efforts. Russian hacking has been in the spotlight since the US intelligence community published an unclassified report that concludes Russia - under the direction of Vladmir Putin - attempted to influence the US presidential election via hacks and leaks of data from the Democratic National Committee and Clinton campaign manager John Podesta. According to Kaspersky Lab, the nature of Stoyanov's arrest predates his employment with the security firm. "The case against this employee does not involve Kaspersky Lab.

The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab," the company said in a statement. Stoyanov, a former head of network security for Russian ISP OJSC RTComm.RU, also was with Ministry Of Interior's Moscow-based Cyber Crime Unit in the early 2000s. Security experts say his arrest underscores the sometimes-blurred lines between Russian cybercrime gangs and cyber espionage activity. "I think he flew too close to the sun as his recent investigations more than likely unearthed elements of the Pawn Storm campaign," says Tom Kellermann, CEO fo Strategic Cyber Ventures. "This is a red flag to all security vendors who expose the nexus between the cybercriminal conspiracies and the Russian cyberespionage campaigns." Pawn Storm, aka Fancy Bear and APT 28, was one of the Russian state hacking groups implicated in election-related hacks against the US. Researcher Business As Usual While Kaspersky Lab said it had no information of the "details of the investigation" of Stoyanov and that no official information had been released by the Russian government on the case, the company also maintained that the arrest would not affect its current or future research into Russian cyber activities. The company said that "as an IT security company, Kaspersky Lab is determined to detect and neutralize all forms of malicious programs, regardless of their origin or purpose." For now, Stoyanov is officially suspended from his post at Kaspersky Lab, according to the company. "The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments." Stoyanov in 2015 authored a detailed report for Kaspersky Lab on how Russian financial cybercrime works.

The report notes how the risk of prosecution is low for Russian-speaking cybercriminals: "The lack of established mechanisms for international cooperation also plays into the hands of criminals: for example, Kaspersky Lab experts know that the members of some criminal groups permanently reside and work in Russia’s neighbors, while the citizens of the neighboring states involved in criminal activity often live and operate in the territory of the Russian Federation," he wrote. "Kaspersky Lab is doing everything possible to terminate the activity of cybercriminal groups and encourages other companies and law enforcement agencies in all countries to cooperate," he wrote. Aleks Gostev, chief security expert for Kaspersky Lab's Global Research and Analysis Team, in a tweet today said that Stoyanov "never worked with any APT stuff," dismissing some online speculation that the arrest was somehow related to cyber espionage research. He tweeted that the case wouldn't stop the security firm from its work. Kaspersky Lab is "an international team of experts.
It's impossible to prevent us from releasing data." Related Content:   Kelly Jackson Higgins is Executive Editor at DarkReading.com.
She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ...
View Full Bio More Insights

Kaspersky Lab’s top investigator reportedly arrested in treason probe

reader comments 28 Share this story In a move that stunned some security researchers, a top investigator at Russia's largest antivirus provider, Kaspersky Lab, has been arrested in an investigation into treason, a crime that upon conviction can carry severe sentences. Ruslan Stoyanov Kaspersky Lab Ruslan Stoyanov, the head of Kaspersky Lab's investigations unit, was arrested in December, Russian newspaper Kommersant reported Wednesday.

The paper said that Sergei Mikhailov, a division head of the Russian intelligence service FSB, was also arrested in the same probe.
Stoyanov joined the Moscow-based AV company in 2012 and was chiefly involved in investigating and responding to hacking-related crimes carried out in Russia. His LinkedIn profile shows he served as a major in the cybercrime unit of Russia's Ministry of Interior from 2000 to 2006. "The case against this employee does not involve Kaspersky Lab," company officials wrote in a statement issued following the report. "The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation.

The work of Kaspersky Lab's Computer Incidents Investigation Team is unaffected by these developments." In the past 15 months, Stoyanov wrote three posts for Kaspersky Lab's Securelist blog.

All three involved financially motivated crime conducted inside of Russia.
It's not clear what the maximum penalty is for treason in Russia.

The country has reportedly suspended executions, and the last one was in 1996. Word of the arrest almost immediately ignited a flurry of speculation and concerns of a possibly chilling effect the action might have among security researchers.

The charges were filed under Article 275 of Russia's criminal code, an extraordinarily broad statute that opens individuals to treason charges for providing financial, technical, advisory, or other assistance to a foreign state or international organization that's considered hostile to the Russian government.

As coverage from Forbes reported, such assistance could potentially be as simple as furnishing the FBI with information on a botnet. A much more chilling scenario, offered in this post from Lawfare Blog, is that Stoyanov was a source for US intelligence officers who ultimately concluded Russian-sponsored hacking attempted to interfere with the 2016 US presidential election.

That speculation is likely off base because it doesn't fit with Kaspersky's assertion Stoyanov is being investigated for activities that predated his employment or with this claim from a fellow Kaspersky Lab researcher that Stoyanov's research never involved advanced persistent threats, the term for hacking techniques used by government-sponsored spies. People advancing the theory seem to be basing it on the timing of the arrest, which roughly coincided with the classified release of specific details said to support the US intelligence community's claims the hacking was ordered by President Vladimir Putin. Whatever the specifics are behind the investigation into Stoyanov, security researchers said the arrest will likely cause colleagues in Russia and elsewhere to self-censor potentially sensitive findings. "For those living and working under oppressive regimes, keep up the good fight," Jake Williams, founder of security firm Rendition Software who previously worked for the Department of Defense, wrote in a blog post. "But also remember that no incident response report or conference talk is worth jail time (or worse)." In a message to Ars, he added: "I think that these charges will cause security researchers, particularly those in states with oppressive governments, to carefully consider the weight of reporting details of security incidents." Listing image by Kaspersky Lab

White House Announces Retaliatory Measures For Russian Election-Related Hacking

35 Russian intelligence operatives ejected from the US, and two of the "Cyber Most Wanted" are frozen out by Treasury Department. UPDATED 4:00 PM E.T.

THURSDAY -- The US, today, formally ejected 35 Russian intelligence operatives from the United States and imposed sanctions on nine entities and individuals: Russia's two leading intelligence services (the G.R.U. and the F.S.B.), four individual GRU officers, and three other organizations.

The actions are the Obama administration's response to a Russian hacking and disinformation campaign used to interfere in the American election process. The FBI and the Department of Homeland Security also released new declassified technical information on Russian civilian and military intelligence service cyber activity, in an effort to help network defenders protect against these threats. Further, the State Department is shutting down two Russian compounds, in Maryland and New York, used by Russian personnel for intelligence-related purposes. Plus, the US Department of Treasury sanctioned two members of the FBI's Cyber Most Wanted List, Evgeniy Mikhailovich Bogachev and Aleksey Alekseyevich Belan.
Infosec pros will recognize Bogachev especially as the alleged head of the GameOver Zeus botnet.

A $3 million reward for info leading to his arrest has been available for some time. Treasury sanctioned Bogachev and Belan "for their activities related to the significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for private financial gain.

As a result of today’s action, any property or interests in property of [Bogachev and Belan] within U.S. jurisdiction must be blocked and U.S. persons are generally prohibited from engaging in transactions with them." This is the first time sanctions are being issued under an Executive Order first signed by President Obama in April 2015, and expanded today.

The original executive Order, gives the president authorization to impose some sort of retribution or response to cyberattacks and also allows the Secretary of Treasury, in consultation with the Attorney General and Secretary of State, to institute sanctions against entities behind cybercrime, cyber espionage, and other damaging cyberattacks.

That includes freezing the assets of attackers. The sanctions announced today are not expected to be the Obama administration's complete response to the Russian operations.
In a statement, the president said "These actions are not the sum total of our response to Russia’s aggressive activities. We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized." The moves will put pressure on president-elect Donald Trump to either support or attempt to lift the sanctions on Russian officials and entities.

Trump has expressed skepticism at the validity of American intelligence agencies' assertions that such a campaign occurred at all. When asked by reporters Wednesday night about the fact that these sanctions were set to be announced, Trump said, “I think we ought to get on with our lives.
I think that computers have complicated lives very greatly.

The whole age of computer has made it where nobody knows exactly what is going on.  The NY Times reported today that immediate sanctions are being imposed on four Russian intelligence officials: Igor Valentinovich Korobov, the current chief of the G.R.U., as well as three deputies: Sergey Aleksandrovich Gizunov, the deputy chief of the G.R.U.; Igor Olegovich Kostyukov, a first deputy chief, and Vladimir Stepanovich Alekseyev, also a first deputy chief of the G.R.U. From the Times: The administration also put sanctions on three companies and organizations that it said supported the hacking operations: the Special Technologies Center, a signals intelligence operation in St. Petersburg; a firm called Zor Security that is also known as Esage Lab; and the Autonomous Non-commercial Organization Professional Association of Designers of Data Processing Systems, whose lengthy name, American officials said, was cover for a group that provided special training for the hacking. Wednesday, The Russian Ministry of Foreign Affairs' official representative, Maria Zakharova, said in a statement on the ministry's website: "If Washington really does take new hostile steps, they will be answered ... any action against Russian diplomatic missions in the US will immediately bounce back on US diplomats in Russia." 'Proportional' response The news comes after President Obama stated in October that the US would issue a "proportional" response to Russian cyber attacks on the Democratic National Committee.  The administration has used the word "proportional" when discussing cyber attacks before.
In December 2014, while officially naming North Korea as the culprit behind the attacks at Sony Pictures Entertainment, President Obama said the US would "respond proportionately." That attack was against one entertainment company, however, and not a nation's election system, so the proportions are surely different. "We have never been here before," said security expert Cris Thomas, aka Space Rogue, in a Dark Reading interview in October. "No one really knows what is socially acceptable and what is not when it comes to cyber. We have no 'Geneva Convention' for cyber."  According to Reuters reports, "One decision that has been made, [officials] said, speaking on the condition of anonymity, is to avoid any moves that exceed the Russian election hacking and risk an escalating cyber conflict." As Christopher Porter, manager of the Horizons team at FireEye explained in a Dark Reading interview in October, Russian doctrine supports escalation as a way to de-escalate tensions or conflict. "If the US administration puts in place a proportional response, Moscow could do something even worse to stop a future response … I think that is very dangerous." "The administration, fellow lawmakers and general public must understand the potentially catastrophic consequences of a digital cyber conflict escalating into a kinetic, conventional shooting-war," said Intel Security CTO Steve Grobman, in a statement. "While offensive cyber operations can be highly precise munitions, in that they can be directed to only impact specific targets, the global and interconnected nature of computing systems can lead to unintended consequences.
Impacting digital infrastructure beyond the intended target opens the door to draw additional nation states into a conflict.

This increases risk to civilian populations as countries see the need to retaliate or escalate." ORIGINAL STORY: Officials stated Wednesday that the White House will announce, as early as today, a series of measures the US will use to respond to Russian interference in the American election process.

The news comes after President Obama stated in October that the US would issue a "proportional" response to Russian cyber attacks on the Democratic National Committee.  Not all the measures will be announced publicly.

According to CNN, "The federal government plans some unannounced actions taken through covert means at a time of its choosing." Wednesday, CNN reported that as part of the public response, the administration is expected to name names -- specifically, individuals associated with a Russian disinformation operation against the Hillary Clinton presidential campaign. The actions announced are expected to include expanded sanctions and diplomatic actions. Reuters reported Wednesday that "targeted economic sanctions, indictments, leaking information to embarrass Russian officials or oligarchs, and restrictions on Russian diplomats in the United States are among steps that have been discussed." In April 2015, President Obama signed an Executive Order, which gives the president authorization to impose some sort of retribution or response to cyberattacks.

The EO has not yet been used.
It allows the Secretary of Treasury, in consultation with the Attorney General and Secretary of State, to institute sanctions against entities behind cybercrime, cyber espionage, and other damaging cyberattacks.

That includes freezing the assets of attackers. The Russian Ministry of Foreign Affairs' official representative, Maria Zakharova, said in a statement on the ministry's website: "If Washington really does take new hostile steps, they will be answered ... any action against Russian diplomatic missions in the US will immediately bounce back on US diplomats in Russia." 'Proportional' response The administration has used the word "proportional" when discussing cyber attacks before.
In December 2014, while officially naming North Korea as the culprit behind the attacks at Sony Pictures Entertainment, President Obama said the US would "respond proportionately." That attack was against one entertainment company, however, and not a nation's election system, so the proportions are surely different. "We have never been here before," said security expert Cris Thomas, aka Space Rogue, in a Dark Reading interview in October. "No one really knows what is socially acceptable and what is not when it comes to cyber. We have no 'Geneva Convention' for cyber."  According to Reuters reports, "One decision that has been made, [officials] said, speaking on the condition of anonymity, is to avoid any moves that exceed the Russian election hacking and risk an escalating cyber conflict." As Christopher Porter, manager of the Horizons team at FireEye explained in a Dark Reading interview in October, Russian doctrine supports escalation as a way to de-escalate tensions or conflict. "If the US administration puts in place a proportional response, Moscow could do something even worse to stop a future response … I think that is very dangerous." "The administration, fellow lawmakers and general public must understand the potentially catastrophic consequences of a digital cyber conflict escalating into a kinetic, conventional shooting-war," said Intel Security CTO Steve Grobman, in a statement. "While offensive cyber operations can be highly precise munitions, in that they can be directed to only impact specific targets, the global and interconnected nature of computing systems can lead to unintended consequences.
Impacting digital infrastructure beyond the intended target opens the door to draw additional nation states into a conflict.

This increases risk to civilian populations as countries see the need to retaliate or escalate." Related Content:   Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ...
View Full Bio More Insights

White House Set To Announce Retaliatory Measures For Russian Election Hacking

US expected to name and sanction some individuals involved in disinformation campaign as early as today, and conduct other covert responses at a time of its choosing. Officials stated Wednesday that the White House will announce, as early as today, a series of measures the US will use to respond to Russian interference in the American election process.

The news comes after President Obama stated in October that the US would issue a "proportional" response to Russian cyber attacks on the Democratic National Committee.  Not all the measures will be announced publicly.

According to CNN, "The federal government plans some unannounced actions taken through covert means at a time of its choosing." Wednesday, CNN reported that as part of the public response, the administration is expected to name names -- specifically, individuals associated with a Russian disinformation operation against the Hillary Clinton presidential campaign. The actions announced are expected to include expanded sanctions and diplomatic actions. Reuters reported Wednesday that "targeted economic sanctions, indictments, leaking information to embarrass Russian officials or oligarchs, and restrictions on Russian diplomats in the United States are among steps that have been discussed." In April 2015, President Obama signed an Executive Order, which gives the president authorization to impose some sort of retribution or response to cyberattacks.

The EO has not yet been used.
It allows the Secretary of Treasury, in consultation with the Attorney General and Secretary of State, to institute sanctions against entities behind cybercrime, cyber espionage, and other damaging cyberattacks.

That includes freezing the assets of attackers. The Russian Ministry of Foreign Affairs' official representative, Maria Zakharova, said in a statement on the ministry's website: "If Washington really does take new hostile steps, they will be answered ... any action against Russian diplomatic missions in the US will immediately bounce back on US diplomats in Russia." 'Proportional' response The administration has used the word "proportional" when discussing cyber attacks before.
In December 2014, while officially naming North Korea as the culprit behind the attacks at Sony Pictures Entertainment, President Obama said the US would "respond proportionately." That attack was against one entertainment company, however, and not a nation's election system, so the proportions are surely different. "We have never been here before," said security expert Cris Thomas, aka Space Rogue, in a Dark Reading interview in October. "No one really knows what is socially acceptable and what is not when it comes to cyber. We have no 'Geneva Convention' for cyber."  According to Reuters reports, "One decision that has been made, [officials] said, speaking on the condition of anonymity, is to avoid any moves that exceed the Russian election hacking and risk an escalating cyber conflict." As Christopher Porter, manager of the Horizons team at FireEye explained in a Dark Reading interview in October, Russian doctrine supports escalation as a way to de-escalate tensions or conflict. "If the US administration puts in place a proportional response, Moscow could do something even worse to stop a future response … I think that is very dangerous." "The administration, fellow lawmakers and general public must understand the potentially catastrophic consequences of a digital cyber conflict escalating into a kinetic, conventional shooting-war," said Intel Security CTO Steve Grobman, in a statement. "While offensive cyber operations can be highly precise munitions, in that they can be directed to only impact specific targets, the global and interconnected nature of computing systems can lead to unintended consequences.
Impacting digital infrastructure beyond the intended target opens the door to draw additional nation states into a conflict.

This increases risk to civilian populations as countries see the need to retaliate or escalate." Related Content:   Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ...
View Full Bio More Insights

Kaspersky Lab's North American Channel Chief Bois Leaves Security Vendor

Kaspersky Lab North American Channel Chief Leslie Bois has left the company as the endpoint security vendor looks to position itself for the next-generation market, CRN has learned.

Bois, who had served as vice president of channel sales for North America, recently left the Moscow-based security vendor to take a new role at a startup. Kaspersky confirmed her departure in an email.

"After eight years of valuable service at Kaspersky Lab North America, Leslie Bois stepped down to pursue an external opportunity," a Kaspersky spokesperson said.

[Related: Q&A: Amit Yoran On Leaving RSA, New CEO Role At Tenable And 2017 Security Predictions]

As head of North American channels at Kaspersky, Bois helped drive a channel focus at the security vendor, including driving partner enablement, rolling out a strategic rebate program and pushing a focus on the upper midmarket and enterprise accounts.

The spokesperson said no permanent replacement had been named for Bois, and her responsibilities for managing regional channel sales and the partner community will be assumed in the interim by Michael Canavan, senior vice president for B2B sales.  

Bois has been head of North American channel sales at Kaspersky since December 2015, though she has held various channel leadership roles at the company over the past eight years. Prior to joining Kaspersky in 2008, she held roles at Raritan and EDGE Tech Corp.

Bois was also named this year to CRN's 2016 Top 100 Executives list and the 2016 Power 100, Most Powerful Women of the Channel list.

Michael Knight, president and chief technology officer at Encore Technology Group, a Greenville, S.C.-based Kaspersky partner, said Bois has a "great skill set" and will "move on to do some great things" in her new role, which has not yet been announced.

"I think she did a great job there," Knight said. "I would definitely give her a lot of accolades for the things she's done [at Kaspersky] … Now she has the opportunity to do something different."

Knight said he sees Bois' departure coming at a time when Kaspersky is looking to realign itself to be more competitive in an evolving market for endpoint security. He said Kaspersky is still "absolutely channel friendly," but sees them positioning to be nimbler, technologically advanced and business-focused – changes he said are crucial in today's endpoint security market that is evolving to meet an emerging tsunami of next-generation endpoint security players.

"Kaspersky is realigning to focus on all the foes in the market there and competitors.
I think it's going to be a good thing all around," Knight said. 

Energy firm points to hackers after Kiev power outage

Erm, it was hovering between -9˚C and -1˚C that day A cyber attack is suspected in connection with an outage of the Ukrainian power grid that affected homes around Kiev last weekend. A substation in Pivnichna was cut off from the main power grid for about 75 minutes late on Saturday 17 December, lasting into the early hours of Sunday.

As a result, houses and flats of the right bank district of Kiev* and neighbouring areas lost power. Ukrenergo, a Ukrainian energy provider, said that “hacker attack and equipment failure are among the possible causes for the power failures”, according to local reports. Moreno Carullo, co-founder and chief technical officer at Nozomi Networks, said, “These reports are reminiscent of an attack experienced at a similar time last December that left 225,000 Ukrainians cold at Christmas. Worryingly, if this does prove to be another cyberattack on the Ukrainian grid, it sets an uncomfortable precedent that similar attacks may occur annually at this time of year.” The recent outage appears to centre at a transmission substation.

These are used to transport electricity over long distances, with its primary function to raise/lower and control the voltage, provide power factor correction to protect from overloads, and perform checks to synchronise power flow between two adjacent power systems.

A distribution substation is then used, closer to cities, to carry electricity to users. “All this equipment (the transmission and the primary distribution substations) are automated and remotely controlled, while smaller ones maybe electro-mechanically operated and are certainly unsupervised,” according to Carullo. “Substations have long been considered a weak point, with respect to cybersecurity, due to their remote location making them difficult to manage and monitor for disruptions. While some are completely disconnected, and are therefore considered safe from cyberattack, others form part of a Smart Grid which means they are part of a fully connected series of systems to allow for improved efficiency of the power grid.  However, with Smart Grid connectivity comes increased vulnerability to cyberattacks due to the connected nature of the entire grid,” he added. A hacker who gains access to internet-connected control panels might be able to disable inverters and fire alarms, triggering blackouts and equipment damage to many households in one time.
If hackers did attack Kviv's power grid - something that’s still the subject of investigation - then Russia will almost inevitably become the chief suspect, given recent (unresolved) conflicts between the two countries. Alex Mathews, lead security evangelist at Positive Technologies, remains unconvinced that hackers caused the latest power outage in the Ukraine.

Equipment failure can’t be ruled out as a cause, he pointed out. “Power outages in winter time is a pretty common story for ex-USSR territories where the power equipment is old, so it can shut down when people use too many electric heaters, lamps and other appliances,” Mathews said. “Such power outages happen every year, even in big cities like Moscow, Petersburg and Kiev.” The temperature in Kiev on the day ranged from a -1˚C maximum and a -9˚C minimum. “On the other hand, we should recognise that the chances of successful cyber-attack on power grids are growing in the modern world due to internet,“ he added. ® * Or Kyiv, as Ukrainians would have it; Kiev is the Russian pronunciation. Sponsored: Customer Identity and Access Management

‘I told him to cut it out’ – Obama is convinced...

And so what are you gonna do about it, Barry? Analysis Outgoing US President Barack Obama has promised to take action against Russia over its alleged interference in the presidential election campaign. American intelligence agencies have concluded that hackers linked to the Kremlin infiltrated the computer network of the Democratic National Committee as well as the email account of Hillary Clinton’s campaign chief John Podesta with the aim of influencing the November 8 outcome. Russia has dismissed these allegation as baseless (or “amusing rubbish”), a denial that cut little ice with Obama given the consensus among the US intelligence community that the Kremlin ran a dirty tricks campaign.

Even the FBI now accepts, after initial reluctance, the CIA's conclusion that Russia helped miscreants meddle with the election. "I think there's no doubt that when any foreign government tries to impact on the integrity of our elections, that we need to take action and we will, at a time and a place of our own choosing,” Obama told US public radio network NPR. "Some of it may be explicit and publicized; some of it may not be." Obama also gave a press conference today – his final one as US President – in which he discussed the hacking claims and all but pinned the blame on Vladimir Putin's government. "Mr Putin is well aware of my feelings about this, because I spoke to him directly about it ...
I told him to cut it out," said Obama. Youtube Video Republican president-elect Donald Trump dismissed the accusations against Russia as “ridiculous” and motivated by sour grapes. He questioned why the accusations – which had been circulating for months – had resurfaced with such force only after an election the Democrats lost.
In reality, the claims had been aired in the press for months, and discussed privately among diplomats and officials: it was a looming threat rather than an excuse by sore losers. President Obama's proposed “proportional” reprisals for the alleged meddling need to happen before the Democrat leaves office on January 20 – because, clearly, Trump is not interested in causing trouble for Vlad. Exactly how America will exact revenge is unclear.

A range of options – explicit and covert – are on the table and may involve economic sanctions or the release of sensitive data about the hidden wealth of Russian political and business figures, according to various former diplomats and foreign policy pundits. Similarly worded cyber-threats were made against North Korea after the country was blamed for the Sony Pictures mega-hack. By leaking emails stolen from servers, miscreants threw the Democratic Party and the Clinton campaign off balance at crucial points in the election campaign cycle.

The two biggest bombshells were the DNC emails that sparked the resignation of party chairwoman Debbie Wasserman Schultz in July and the online dumping of the John Podesta emails, through WikiLeaks, in October. The release of the messages was likely designed to cast doubt on the legitimacy of US political processes and its leaders in general. Weakening the Clinton campaign by portraying Hillary – a Putin critic – as elitist and out of touch was an obvious goal.

The American administration's indignation is not focused on the hack itself – all intel agencies target foreign political and business leaders – but that the resulting intelligence was “weaponised” through selective leaks. US spies concluded that the Russians also hacked the Republican National Committee (RNC) as well as the DNC but decided not to leak the Republican data trove. The CIA reckoned Russia was motivated by a desire to tilt the election in favor of Putin-friendly and easily manipulatable Donald Trump. Private intelligence biz Crowdstrike attributed the DNC ransacking to two state-backed elite Russian hacker crews – Fancy Bear and Cozy Bear – which are linked to attacks on the German Bundestag and other campaigns. A previously unknown hacker using the moniker Guccifer 2.0 claimed responsibility for the DNC attack.
Infosec experts and the US intel community have dismissed these claims as a “smokescreen.” Uncle Sam's snoopers have "high confidence" that the Russian government hacked the DNC. In October, the US Department of Homeland Security and Office of the Director of National Intelligence had this to say about election security: The US Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of emails from US persons and institutions, including from US political organizations.

The recent disclosures of alleged hacked emails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.

These thefts and disclosures are intended to interfere with the US election process.
Such activity is not new to Moscow — the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities. The substance of the allegations isn’t in itself new but has been given fresh currency by Obama’s decision to order the intelligence community to review “malicious cyber activity” during the 2016 election process. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

A single typo may have tipped US election Trump’s way

DNC figure John Podesta told to follow phishing link, instead of link to enable 2FA A single typo from a Clinton campaign aide gave Russian hackers access to a decade's worth of emails, some 60,000 in total, owned by Clinton campaign chairman John Podesta. Clinton campaign aide Charles Delavan wrote in an email to one of Podesta's aides. later published by Wikileaks, that Podesta must "immediately" change his password after the exhausted chairman clicked on a phishing email requesting he change his Gmail password. Delavan then urged Podesta's aide to ensure two factor authentication was set up on the account. It was sound advice and could have helped prevent the hack on the Democratic National Committee's (DNC) email server, now all-but confirmed to be the handiwork of Russian hackers with links to Moscow. But Delavan screwed up.

A single typo in which he stated that the email was "legitimate" was enough to see the security advice ignored. "This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account," Delavan wrote in the morning of March 19. "He can go to this link: https://myaccount.google.com/security to do both." "It is absolutely imperative that this is done ASAP." The error has "plagued him ever since", Delavan told the New York Times in its 8,500 word analysis of Russian interference in the US election.

The Times story features intelligence officials, campaign insiders, and security firms laying blame at the feet of Russian president Vladimir Putin. It concludes that the attacks on the DNC and Podesta's email were successful in altering the course of the United States presidential election. President-elect Donald Trump has rejected the "high confidence" assertion of Russian involvement by US intelligence agencies. Delavan said he saw dozens of phishing emails similar that which compromised Podesta. It is unsurprising: Two Russian hacking groups widely thought to be Kremlin-backed have been identified as the culprits of systematic advanced intrusions into the DNC. Recognised Russian hacking outfits CozyBear (also known as "APT 29" or "Dukes") and the older GRU-controlled FancyBear (aka "APT 28" or "Pawn Storm") had both hacked into the DNC in separate attacks, security firms Dell SecureWorks and CrowdStrike have said. Cozy Bear penetrated the DNC mid last year after vast phishing campaigns targeting US agencies, non-profits, and corporations. The information that group and other Russian outfits gleaned would be fed through the data leaker known as Gufficer 2.0, and through Wikileaks. Those groups, which the Times says operated in isolation stealing some of the same files, pillaged emails and documents from the DNC and Republicans, representatives from the CIA told Congress last week. Those revelations prompted calls from Republican senators John McCain, Lindsey Graham, and Democrats Charles E.
Schumer and Jack Reed for a non-partisan response to the Russian attacks. “This cannot become a partisan issue," the senators wrote in the joint statement. "The stakes are too high for our country." Others have called for a stronger response. Pentagon Cyber Command director Admiral Michael Rogers expressed a desire to strike back at Moscow, sources told The New York Times, in a tit-for-tat bid to hack back and expose President Putin's financial links to Russian oligarchs.

The attack was also designed to punch holes in Russia's networks to allow dissidents there to spread messages. Deputy US National Security Adviser Avril Haines considered it an overreaction that would play into Putin's hands in a signal to the public that the US had lost control of its electoral process. For his part, outgoing President Barack Obama is said to have feared escalation in cyber conflict with Russian and was focused on establishing agreements with the nation over the conflict in Syria. The hacking campaigns have not stopped.

Germany now fears Russian influence in its upcoming election, expected in September 2017, with intelligence chief Hans-Georg Maassen saying Moscow has "enourmous resources" it is dedicating to targeting its "government officials, members of parliament, and employees of democratic parties". Security firm Volexity last month detailed wide-spread phishing campaigns sent by Russia's Cozy Bear.

The documents spotted a mere six hours after the conclusion of the US election were shipped from compromised Harvard University email accounts offering malware-laden documents and promised information on the outcome of the presidential election. "Volexity believes that the Dukes are likely working to gain long-term access into think tanks and non-government organisations," the firm's founder Steven Adair said at the time. "And will continue to launch new attacks for the foreseeable future." ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub