Russian Military Was Behind Hacking Clinton Campaign

Uploaded on 2017-01-04 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE--USA, TECHNOLOGY--Hackers

A cybersecurity firm has uncovered strong proof of the tie between the group that hacked the Democratic National Committee (DNC) and Russia’s military intelligence arm, the primary agency behind the Kremlin’s interference in the 2016 election.

The firm CrowdStrike linked malware used in the DNC intrusion to malware used to hack and track an Android phone app used by the Ukrainian army in its battle against pro-Russia separatists in eastern Ukraine from late 2014 through 2016.

While CrowdStrike, which was hired by the DNC to investigate the intrusions and whose findings are described in a new report, had always suspected that one of the two hacker groups that struck the DNC was the GRU, Russia’s military intelligence agency, it had only medium confidence.

“Now”, said CrowdStrike co-founder Dmitri Alperovitch, “we have high confidence” it was a unit of the GRU. CrowdStrike had dubbed that unit “Fancy Bear.”

The FBI, which has been investigating Russia’s hacks of political, government, academic and other organisations for several years, privately has concluded the same. But the bureau has not publicly drawn the link to the GRU.

CrowdStrike’s fingering of the GRU helps to deepen the public’s understanding of how different arms of the Russian government are carrying out malicious and deeply troubling cyber acts in the United States. The director of national intelligence and the homeland security secretary in October publicly blamed the Russian government for interfering in the US election, including through hacks of political organizations and targeting of state election systems.

After the election, the CIA and other intelligence agencies concluded that one of Russia’s aims was to help President-elect Donald Trump win the election through a campaign of “active measures” or influence operations that included the hacking and dumping of emails onto public websites. The GRU, evidently, was key to this operation.

“The GRU is used for both tactical intelligence collection, in the battlefield in support of Russian military operations and, also strategic active measures or psychological warfare overseas,” said Alperovitch, who is an expert on Russia and a senior fellow at the thinktank Atlantic Council. “The fact that they would be tracking and helping the Russian military kill Ukrainian army personnel in eastern Ukraine and also intervening in the US election is quite chilling.”

CrowdStrike found that a variant of the Fancy Bear malware that was used to penetrate the DNC’s network in April 2016 was also used to hack an Android app developed by the Ukrainian army to help artillery troops more efficiently train their antiquated howitzers on targets.

The Ukrainian Army’s D-30 towed howitzers, which date to the Soviet era, typically take a number of minutes to position based on hand-drawn targeting data. With the Android app, positioning takes 15 seconds, CrowdStrike found.

The Fancy Bear crew evidently hacked the app, allowing the GRU to use the phone’s GPS coordinates to track the Ukrainian troops’ position. In that way, the Russian military could then target the Ukrainian army with artillery and other weaponry.

Ukrainian brigades operating in eastern Ukraine were on the front lines of the conflict with Russian-backed separatist forces during the early stages of the conflict in late 2014, CrowdStrike noted. By late 2014, Russian forces in the region numbered about 10,000. The Android app was useful in helping the Russian troops locate Ukrainian artillery positions.

According to the International Institute for Strategic Studies, Ukrainian artillery forces lost more than 50 percent of their weapons in the two years of conflict and more than 80 percent of their D-30 howitzers, the highest percentage of loss of any artillery piece in their arsenal, the report stated.

The app was not available in the Android app store and was distributed only through the social media page of its developer, who is a Ukrainian artillery officer, Yaroslav Sherstuk, according to CrowdStrike. It could be activated only after the developer was contacted and a code was sent to the individual downloading the application.

The other group that hacked the DNC also works for Russian intelligence, CrowdStrike reported earlier this year. But the firm is not sure if it is the more internally focused FSB, or the foreign intelligence arm, the SVR. Both grew out of the KGB.

That group, which CrowdStrike has called Cozy Bear, has not apparently been deployed in the influence operation, Alperovitch said. Rather, it is focused on traditional espionage. It is the group that is believed to have hacked unclassified networks of the State Department, White House and the Joint Chiefs of Staff.

Washington Post:            Meet The Fancy Bears:                

Clinton Calls Cybersecurity ‘One of the Most Important Challenges’ for the Next U.S. President:

 

« Cyber Criminals Are Making $200k A Month
How Cyber Attacks Will Get Worse In 2017 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CynergisTek

CynergisTek

CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry.

Quaynote Communications

Quaynote Communications

Quaynote Communications is a specialist conference and communications company focused primarily on the maritime, yachting, aviation and security industries.

United Nations Office on Drugs & Crime (UNODC)

United Nations Office on Drugs & Crime (UNODC)

UNODC promotes long-term and sustainable capacity building in the fight against cybercrime through supporting national structures and action.

Arm

Arm

Arm technology is building the future of computing. We architect, develop, and license high-performance, low-cost, and energy-efficient IP solutions for CPUs, GPUs, NPUs and interconnect technologies.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

Fortalice

Fortalice

Fortalice provide customizable consulting services built on proven methodology to strengthen your business cyber security defenses.

Bradley-Morris

Bradley-Morris

Bradley-Morris is a leading recruiting firm specializing in transitioning military and veteran talent into civilian careers including Cybersecurity.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

Toothpic

Toothpic

ToothPic has invented, designed, developed and patented a solution to enable companies to turn every smartphone into a secure key for a user-friendly online authentication.

CyberGate Technologies

CyberGate Technologies

CyberGate Technologies is a world-class, customer focus cyber security service and consultancy company operating the UK, Europe, Middle East, and Africa.

Acronis

Acronis

At Acronis, we protect the data, applications, systems and productivity of every organization – safeguarding them against cyberattacks, hardware failures, natural disasters and human errors.

Aardwolf Security

Aardwolf Security

Aardwolf Security specialise in penetration testing to the highest standards set out by OWASP. We ensure complete client satisfaction and aftercare.

Hartman Executive Advisors

Hartman Executive Advisors

Hartman Executive Advisors is an unbiased IT and cyber advisory firm uniquely designed to help mid-market executives maximize their IT investments.

WaveLink

WaveLink

WaveLink offers low risk, results-oriented Engineering Services and best-of-class Technical Support Services. Areas of expertise include cyber and security engineering.

Silicon Valley Cybersecurity Institute (SVCSI)

Silicon Valley Cybersecurity Institute (SVCSI)

SVCSI aims to investigate, develop, and promote technical excellence and the best security practices for dependable and secure systems and applications.

Open Cybersecurity Alliance (OCA)

Open Cybersecurity Alliance (OCA)

OCA is building an open ecosystems where cybersecurity products interoperate without the need for customized integrations. We're making standards-based interoperable cybersecurity a reality.