Progress Pond

DNC Server Intrusion and Unswered Questions [Update]

Off the Cuff – Off the Mark :: Use of twitter by Emptywheel …

The geographical location of The Netherlands on a crucial Internet node and has forced the Dutch to specialize on cyber security by willing to go on the offense. For many years I have posted diaries and comments to illustrate this fact. The Dutch for decades have been “proud” followers of the AngloSaxon nations of Canada, USA and Great Britain on gathering intelligence. The Dutch are a key player in the Nine Eyes. Amsterdam Schiphol airport hosts a Mossad local branch according to Rafi Eitan in an interview.

Recently the AIVD head Rob Bertholee was interviewed on a TV program called College Tour and revealed the Dutch will not be sharing all intelligence with NSA / FBI under leadership of Trump in the White House …?? The AIVD will be selective. Where and from which agency have I heard that warning before?

There are still too many open questions left unanswered as:  “Why didn’t the FBI do an extensive search of the compromised DNC servers but left a troublesome CrowdStrike with links to the Ukraine and the Atlantic Council make up the report on the “hack.” Most likely was the primary intrusion made by Guccifer and others followed. Another pressing question is why the Obama administration and the FBI failed in securing the DNC servers, knowing about Cozy Bear and Fancy Bear from the summer (June?) of 2014. In July the MH-17 crash took place near Donetsk in Eastern Ukraine after the European authorities were warned of the potential threat of Buk missiles ealier in the same month. Why is the intelligence community sitting on such a “threat” to democracy itself by remaining silent and not act adequately for months.

See yesterday’s diary @BooMan

Dutch Hackers Infiltrated Kremlin’s Cozy Bear in 2014

More below the fold …
[Update-1] In the aftermath of the coup d’état in Kiev, Ukraine, exploited by the US, Russia decided to push its effort in asymmetrical warfare of cyber attacks on United States Government (USG) entities. Touché! Although the FBI and NSA knew through Dutch intelligence what the “Dukes” were up to, the attack on the State Department in November 2014 took 24 hours to repel.

From a February report, many government agencies were vulnerable to malware and hacking due to unpatched software! Blame the Russians, of course. DNC’s poor Internet security blew the presidential election for Hillary Clinton … thx DWS.

Three months from the incursion in the network of the U.S. State Department e-mail system, US specialists are still working to secure the networks

In November 2014 the State Department has taken the unprecedented step of shutting down its entire unclassified email system in response to a suspected cyber attack.

‘Activity of concern’ was detected in the system concurrently with another cyber attack which hit the network at the White House computer network. A State Department staffer answering a call to the State Department Operations Center revealed that, as a precautionary measure, the e-mail system remained down.

    The system outages was caused “as a result of measures we have taken to defend our network,” said the official.

    According the experts the hacker was engaged in reconnaissance, there is no evidence of data breach, neither of sabotage. The attacker was trying to discover the composition of the unclassified White House network.

In the same period, other US agencies were targeted by hackers, including the U.S. Postal Service and the National Weather Service, the U.S. Military confirmed that its systems were secured, according to official sources, none of the State Department’s classified systems were affected.

The State Department personnel were asked to stop using official emails and use Gmail instead.

In November, Government officials reported to the ABC News agency that hackers have compromised computing systems in many nation’s critical infrastructure .

    A recent report published [cached] by The Federal Government’s Track Record onCybersecurity and Critical Infrastructure, provides a scaring picture on the nation’s defense situation.

    Over 48,000 successfully cyber attacks breached the US defense, they were caused by the failure to employ very basic security measures, weak passwords, unpatched software and inadequate controls are the principal causes of the incidents observed in US government infrastructure.

The attackers have infected the software that runs in the critical infrastructure with a malware, the circumstance creates a lot of anxiety in Intelligence and military industry due to the vital role of the hacked architecture. Sources reported to the news agency that the attacks appear to be state-sponsored hacking campaign and that the Russia is the nation that is coordinating them.

END of Update-1

[Update-2] FBI and Homeland Security detail Russian hacking campaign in new report | The Guardian – Dec. 29, 2016 |

Experts say report is too little too late and comes after several others from private sector detailing alleged exploits of groups Fancy Bear and Cozy Bear.

The US Department of Homeland Security (DHS) and FBI have released an analysis of the allegedly Russian government-sponsored hacking groups blamed for breaching several different parts of the Democratic party during the 2016 elections.

The 13-page document, released on Thursday and meant for information technology professionals, came as Barack Obama announced sanctions against Russia for interfering in the 2016 elections. The report was criticized by security experts, who said it lacked depth and came too late.

“The activity by [Russian intelligence services] is part of an ongoing campaign of cyber-enabled operations directed at the US government and its citizens,” wrote the authors of the government report. “This [joint analysis report] provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the US government.”

The government report follows several from the private sector, notably a lengthy section in a Microsoft report from 2015 on a hacking team referred to as “advanced persistent threat 28” (APT 28), which the company’s internal nomenclature calls Strontium and others have called Fancy Bear. Also mentioned in the government document is another group called APT 29 or Cozy Bear.

The Microsoft report contains a history of the groups’ operation; a report by security analysts ThreatConnect describes the team’s modus operandi; and competing firm CrowdStrike detailed the attack on the Democratic National Committee shortly before subsequent breaches of the Democratic Congressional Campaign Committee and the Hillary Clinton campaign were discovered.

Security experts on Twitter criticized the government report as too basic. Jonathan Zdziarski, a highly regarded security researcher, compared the joint action report to a child’s activity center.

Tom Killalea, former vice-president of security at Amazon and a Capital One board member, wrote: “Russian attack on DNC similar to so many other attacks in past 15yrs. Big question: Why such poor incident response?

END of Update-2

[Update-3] The give-away by NSA director Robert Ledgett in a speech at the Aspen Forum in March 2017 …

Candid camera: Dutch hacked Russians hacking DNC, including security cameras | Ars Technica |

Based on the images, analysts at AIVD later determined that the group working in the room was operated by Russia’s Foreign Intelligence Service (SVR). An information and technology sharing arrangement with the National Security Agency and other US intelligence agencies resulted in the determination that Cozy Bear’s efforts were at least in part being driven by the Russian Federation’s leadership—including Russian President Vladimir Putin.

The data collected by AIVD began to pay off in November of 2014, when the agency alerted US intelligence officials that the Cozy Bear group had obtained login credentials and email from US State Department employees. enabling the National Security Agency, the Federal Bureau of Investigations, and the State Department to shut down the attack within 24 hours. A later attack on the White House was also picked up by the AIVD analysts, de Volkskrant’s Huib Modderkolk reported.

In a speech at the Aspen Forum in March of 2017, NSA Deputy Director Robert Ledgett described the effort to defend the State Department as “hand-to-hand combat,” acknowledging that information on the attack had come from a then-unnamed ally. At that time, unnamed current and former intelligence officials had indicated to The Washington Post that said ally had gained access to both the hackers’ computers and the surveillance cameras inside their workspace.

Details emerge about 2014 Russian hack of State Department: It was ‘hand-to-hand combat’

The NSA defenders, aided by the FBI, prevailed over the intruders, who were working for a Russian spy agency. Private sector analysts have given the hacking group various names, including Cozy Bear, APT29 and The Dukes. That group also compromised unclassified systems at the White House and in Congress, current and former officials said.

The NSA was alerted to the compromises by a Western intelligence agency. The ally had managed to hack not only the Russians’ computers, but also the surveillance cameras inside their workspace, according to the former officials. They monitored the hackers as they maneuvered inside the U.S. systems and as they walked in and out of the workspace, and were able to see faces, the officials said.

The Russians’ heightened belligerence is aimed not just at collecting intelligence, but also confronting the United States, said one former senior administration official. “They’re sending a message that we have capabilities and that you are not the only player in town,” said the official.

Cyber Threats: Perspectives from the NSA and FBI | Aspen March 21, 2017 |
Claims GCHQ wiretapped Trump ‘nonsense’ – NSA’s Ledgett | BBC News – March 18, 2017 |

End of update-3

The DNC’s Evolving Story about When They Knew They Were Targeted by Russia | Emptywheel – Dec. 16, 2016 |

This week’s front page story {NYT] about the Democrats getting hacked by Russia starts with a Keystone Kops anecdote explaining why the DNC didn’t respond more aggressively when FBI first warned them about being targeted in September. The explanation, per the contractor presumably covering his rear-end months later, was that the FBI Special Agent didn’t adequately identify himself.

    His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

    The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.

This has led to (partially justified) complaints from John Podesta about why the FBI didn’t make the effort of driving over to the DNC to warn the higher-ups (who, the article admitted, had decided not to spend much money on cybersecurity).

    The low-key approach of the F.B.I. meant that Russian hackers could roam freely through the committee’s network for nearly seven months before top D.N.C. officials were alerted to the attack and hired cyberexperts to protect their systems. In the meantime, the hackers moved on to targets outside the D.N.C., including Mrs. Clinton’s campaign chairman, John D. Podesta, whose private email account was hacked months later.

    Even Mr. Podesta, a savvy Washington insider who had written a 2014 report on cyberprivacy for President Obama, did not truly understand the gravity of the hacking.

This NYT version of the FBI Agent story comes from a memo that DNC’s contractor, Yared Tamene, wrote at some point after the fact. The NYT describes the memo repeatedly, though it never describes the recipients of the memo nor reveals precisely when it was written (it is clear it had to have been written after April 2016).

Prior articles or archived diaries …

Dutch Cooperated with Sergei Mikhailov (FSB)
Dark Web: Hansa Market Seized by Dutch Police
GCHQ and EU Intelligence Eavesdropped on Trump Tower Communication
Metadata collection by Dutch MIVD instead of NSA

0 0 votes
Article Rating
Exit mobile version