5

U.S. releases details of alleged Russian political hacks

Joint analysis by Homeland Security and FBI first such report to attribute malicious cyber activity to particular country


 

WASHINGTON – The U.S. on Thursday released its most detailed report yet on Russia’s efforts to interfere in the U.S. presidential election by hacking American political sites and email accounts.

The 13-page joint analysis by the Homeland Security Department and the Federal Bureau of Investigation was first such report ever to attribute malicious cyber activity to a particular country or actors.

It was also the first time the U.S. has officially and specifically tied intrusions into the Democratic National Committee to hackers with the Russian civilian and military intelligence services, the FSB and GRU, expanding on an Oct. 7 accusation by the Obama administration.

The report said the intelligence services were involved in “an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens.” It added, “In some cases, (the Russian intelligence services’) actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack.”

Over the summer stolen emails from Democrats were posted by an online persona known as Guccifer 2.0, believed by U.S. officials to be linked to Russia. Outrage over documents that appeared to show favouritism for Hillary Clinton forced the DNC’s chair, Debbie Wasserman Schultz, to resign.

The U.S. released the report as President Barack Obama sanctioned the GRU and the FSB, the GRU’s leadership and companies which the U.S. said support the GRU.

MORE: U.S. slaps sanctions on Russia, expels 35 diplomats

Thursday’s sanctions were the administration’s first use of a 2015 executive order for combatting cyberattacks against critical infrastructure and commercial espionage. Because election systems aren’t considered critical infrastructure, Obama amended the order Thursday to allow for sanctions on entities “interfering with or undermining election processes or institutions.”

The retaliation against Russia, just weeks before President-elect Donald Trump takes office, culminated months of political handwringing about how and whether to respond to Moscow’s meddling. U.S. intelligence agencies concluded that Russia’s goal was to help Trump win – an assessment Trump has dismissed as ridiculous. Trump said Thursday he would meet with the intelligence community’s leaders next week for an update on the situation.

The report did not go far beyond confirming details already disclosed by cybersecurity firm CrowdStrike, which was hired to investigate the DNC hacks.

It described the intelligence services’ use of “spearphishing” – fake emails intended to trick victims into typing in their user names and passwords. At least one person opened attachments with malicious software. The report noted that actors “likely associated” with Russian intelligence services are continuing to engage in spearphishing campaigns, including one launched just days after the U.S. election.

The DNC was infiltrated by the FSB in summer 2015 and again by the GRU in spring 2016 using spearphishing emails that often appeared to come from legitimate or official organizations, the report said.

Russian officials have denied any involvement in hacking U.S. political sites and emails.

The report provides clues for cybersecurity workers in the private sector to identify compromised systems and prevent more intrusions. The Homeland Security Department said it has already included this information within its own cyber threat information-sharing program, which automatically flags threats in real time for participating companies and agencies.

U.S. officials also provided antivirus vendors with two malicious software samples used by Russian intelligence services.

Associated Press writer Nataliya Vasilyeva in Moscow contributed to this report.


 

U.S. releases details of alleged Russian political hacks

  1. The US [and Canada]is way behind the rest of the world online.

    • Why elections haven’t been considered as part of the “critical infrastructure” milieu is anyone’s guess. Considering how dependent society is on the internet, it’s shocking that this hasn’t been more aggressively dealt with already. Seems like it would be relatively easy to bring down the power grid, the banking system, etc.

    • Canada – I understand. US – how so?

      Up until 6 months ago, the US Department of Commerce had total control of the internet globally (it had been that way for 20 years as designed by Bill Clinton and gang). It was in 2016 that the US finally gave up control to a non-government organization.

  2. This is all nonsense. This is Obama trying to create as much trouble as he can, before he leaves office. Is this lunatic trying to start world war three?

  3. A side benefit (or effect depending on your perspective) is that Trump’s business dealings in Russia will be affected, This will box Trump into a conflict of interest situation if he tries to unravel Obama’s move. Face it Trump pushed the envelop when he forewarned ( everyone via twitter and his cabinet picks ) of his plan to change established US foreign policy all on his own. And to ape Putin’s strongman routine. Good chess move.

Sign in to comment.