Donald Trump, Hillary Clinton & Russian Hackers

Uploaded on 2016-07-05 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

The Bill, Hillary and Chelsea Clinton Foundation was among the organizations breached by suspected Russian hackers in a dragnet of the US political apparatus ahead of the November election, according to three people familiar with the matter.

The attacks on the foundation’s network, as well as those of the Democratic Party and Hillary Clinton’s presidential campaign, compound concerns about her digital security even as the FBI continues to investigate her use of a personal e-mail server while she was secretary of state.

Clinton Foundation officials said the organization hadn’t been notified of the breach and declined to comment further. The compromise of the foundation’s computers was first identified by government investigators as recently as last week, the people familiar with the matter said. Agents monitor servers used by hackers to communicate with their targets, giving them a back channel view of attacks, often even before the victims detect them.

Before the Democratic National Committee disclosed a major computer breach last week, US officials informed both political parties and the presidential campaigns of Clinton, Donald Trump and Bernie Sanders that sophisticated hackers were attempting to penetrate their computers, according to a person familiar with the government investigation into the attacks.

The hackers in fact sought data from at least 4,000 individuals associated with US politics, party aides, advisers, lawyers and foundations, for about seven months through mid-May, according to another person familiar with the investigations.

Thousands of Documents

The thefts set the stage for what could be a Washington remake of the public shaming that shook Sony in 2014, when thousands of inflammatory internal e-mails filled with gossip about world leaders and Hollywood stars were made public. Donor information and opposition research on Trump purportedly stolen from the Democratic Party has surfaced online, and the culprit has threatened to publish thousands more documents.

A hacker or group of hackers calling themselves Guccifer 2.0 posted another trove of documents purportedly from the DNC recently, including what they said was a list of donors who had made large contributions to the Clinton Foundation.

The Republican Party and the Trump campaign have been mostly silent on the computer attacks. In an earlier statement, Trump said the hack was a political ploy concocted by the Democrats. Information about the scope of the attacks and the government warnings raises new questions about how long the campaigns have known about the threats and whether they have done enough to protect their systems.

The Clinton campaign was aware as early as April that it had been targeted by hackers with links to the Russian government on at least four recent occasions, according to a person familiar with the campaign’s computer security.

US Inquiries

The US Secret Service, Federal Bureau of Investigation and National Security Agency are all involved in the investigation of the theft of data from the political parties and individuals over the last several months, one of the people familiar with the investigation said. The agencies have made no public statements about their inquiry.

The FBI has been careful to keep that investigation separate from the review of Clinton’s use of private e-mail, using separate investigators, according to the person briefed on the matter. The agencies didn’t respond to requests for comment.

Clinton spokesman Glen Caplin said that he couldn’t comment on government briefings about cyber security and that the campaign had no evidence that its systems were compromised.

“We routinely communicate and cooperate with government agencies on security-related matters,” he said. “What appears evident is that the Russian groups responsible for the DNC hack are intent on attempting to influence the outcome of this election.”

The DNC wouldn’t directly address the attacks but said in a written statement that it believes the leaks are “part of a disinformation campaign by the Russians.”

Trump spokeswoman Hope Hicks didn’t respond to e-mails seeking comment about the government warnings. The Republican National Committee didn’t respond to e-mail messages. A Sanders spokesman, Michael Briggs, said he wasn’t aware of the warnings.

IDing the Hackers

The government’s investigation is following a similar path as the DNC’s, including trying to precisely identify the hackers and their possible motives, according to people familiar with the investigations. The hackers’ link to the Russian government was first identified by CrowdStrike Inc., working for the Democratic Party.

A law firm reviewing the DNC’s initial findings, Baker & McKenzie, has begun working with three additional security firms, FireEye Inc., Palo Alto Networks Inc. and Fidelis Cybersecurity, to confirm the link, according to two people familiar with the matter, underscoring Democrats’ concerns that the stolen information could be used to try to influence the outcome of the November election.

A spokesman for Baker & McKenzie didn’t respond to requests for comment. DNC spokesman Luis Miranda said the party worked only with CrowdStrike and the law firm Perkins Coie. If the Democrats can show the hidden hand of Russian intelligence agencies, they believe that voter outrage will probably outweigh any embarrassing revelations, a person familiar with the party’s thinking said.

So far the released documents have revealed little that is new or explosive, but that could change. Guccifer 2.0 has threatened to eventually release thousands of internal memos and other documents.

Line of Attack

Sensitive documents from the Clinton Foundation could have the most damaging potential. The Trump camp has said it plans to make the foundation’s activities a subject of attacks against Clinton; the sort of confidential data contained in e-mails, databases and other digital archives could aid that effort.

An analysis by Fidelis confirmed that groups linked to Russian intelligence agencies were behind the DNC hack, according to a published report.

The government fills a crucial gap in flagging attacks that organizations can’t detect themselves, said Tony Lawrence, a former US Army cyber specialist and now chief executive officer of VOR Technology, a computer security company in Hanover, Maryland.

“These state actors spend billions of dollars on exploits to gather information on candidates, and nine times out of ten [victims] won’t be able to identify or attribute them,” he said.

Google Accounts

Bloomberg News reported recently that the hackers who hit the DNC and Clinton’s campaign burrowed much further into the US political system than initially thought, sweeping in law firms, lobbyists, consultants, foundations and policy groups in a campaign that targeted thousands of Google e-mail accounts and lasted from October through mid-May.

Data from the attacks have led some security researchers to conclude that the hackers were linked to Russian intelligence services and were broadly successful in stealing reports, policy papers, correspondence and other information. Dmitry Peskov, a spokesman for President Vladimir Putin, denied that the Russian government was involved.

Russia uses sophisticated “information operations” to advance foreign policy, and the target audience for this kind of mission wouldn’t be US voters or even US politicians, said Brendan Conlon, who once led a National Security Agency hacking unit.

“Why would Russia go to this trouble? Simple answer, because it met their foreign policy objectives, to weaken the US in the eyes of our allies and adversaries,” said Conlon, now CEO of Vahna Inc., a cyber security firm in Washington. Publishing the DNC report on Trump “weakens both candidates, lists out all the weaknesses of Trump specifically while highlighting weaknesses of Clinton’s security issues. The end result is a weaker president once elected.”

Russia Link

Russia has an expansive cyber force that it has deployed in complex disinformation campaigns throughout Europe, according to intelligence officials.

BfV, the German intelligence agency, has concluded that Russia was responsible for a 2015 hack against the Bundestag that forced shutdown of its computer systems for several days. Germany is under “permanent threat” from Russian hackers, said BfV chief Hans-Georeg Maassen.

Security software maker Trend Micro said in May that Russian hackers had been trying for several weeks to steal data from Chancellor Angela Merkel’s Christian Democratic Union party, and that they also tried to hack the Dutch Safety Board computer systems to obtain an advance copy of a report on the downing of a Malaysian aircraft over Ukraine in July 2014. The report said the plane was brought down by a Russian-made Buk surface-to-air missile.

The cyber-attacks are part of a broader pattern of state-sponsored hacking by Russia focused on political targets, with a goal of giving Russia the upper hand in dealing with other governments, said Pasi Eronen, a Helsinki-based cyber warfare researcher who has advised Finland’s Defense Ministry.

Information- Management

« Preventing Hackers From Accessing Financial Information
China’s Cyber War Capabilities Alarm The Neighbours »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Rollbar

Rollbar

Rollbar is a full-stack error monitoring platform for web and mobile applications. We help developers find and fix bugs fast. Built by developers for developers.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Roke Manor Research

Roke Manor Research

Roke is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Trust Stamp

Trust Stamp

Trust Stamp provide Identity and Trust as a Service to answer two fundamental questions: “Who are you?” and “Do I trust you?"

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

ISMAC

ISMAC

ISMAC was founded to create a security solution that would work for smaller to medium as well as bigger corporations at an affordable price.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

Advantage

Advantage

Advantage exists to provide peace of mind in an evolving technology reliant world. We were created by visionaries who for nearly 4-decades have been passionate about providing world-class solutions.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

Esprinet

Esprinet

The Esprinet Group is an enabler of the technology ecosystem: a team of people who promote access to technology through an extensive network of professional resellers.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.