The stories you want. The opinions that matter.
No, thanks
Tag: russian hackers
US Recovers Over Half Of Ransom Paid To Colonial Pipeline Hackers

US Recovers Over Half Of Ransom Paid To Colonial Pipeline Hackers

Washington (AFP) - The US Justice Department announced Monday that it had recovered more than half of the $4.4 million paid by Colonial Pipeline to Russia-based ransomware extortionists Darkside, who had forced the shutdown of a major US fuel network. "Today, we turned the tables on Darkside by going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency," said Deputy Attorney General Lisa Monaco. The seizure came one month after the group gave the US government a security scare by breaking into the computer s...

Colonial Pipeline

Trump Ignored Cyber Defense, But GOP Blames Biden For Pipeline Hack

Reprinted with permission from American Independent

EDITOR'S UPDATE: Colonial Pipeline announced that its East Coast gas line resumed operations around 5 pm ET on Wednesday evening. But the company cautioned that operations will ramp up for a few days before the line reaches full capacity.

Gas prices are up this week after a hacker attack shut down a major East Coast gas pipeline. Congressional Republicans are blaming the increased prices on President Joe Biden.

On May 8, the Colonial Pipeline Company announced it had been the victim of a cyberattack involving ransomware. The attack forced a shutdown of most of the privately held company's 5,500-mile East Coast pipeline, which ordinarily delivers 45% of the region's fuel and runs from Houston to New York. Panic-buying since the announcement has resulted in gas stations running out of fuel and the highest gas prices in six years.

According to the Federal Bureau of Investigation, a group of hackers with ties to Russia is behind the attacks, though there is no evidence they are acting on behalf of any government. The group, DarkSide, has a history of extorting money after hacking into company computer systems in the United States and Europe.

Rather than blame the problems on the group behind the attack or inadequate security at Colonial Pipeline, several Republican lawmakers have blamed the shutdown and the gas price spikes on Biden and cited it as evidence to condemn his presidency.

"Increased taxes, the largest increase in inflation since the '08 Obama jobless economy, and skyrocketing gas, energy, and household goods prices," accusedSen. Todd Young of Indiana on Wednesday. "American workers and families are being pummeled by the Biden economy."

"Highest gas prices in 6 years," tweeted Rep. Markwayne Mullin of Oklahoma. "Working families cannot afford Joe Biden's America."

"The people of NC-11 are feeling the effects of Biden's utter incompetence as they see gas prices soar and inflation loom," complained Rep. Madison Cawthorn of North Carolina. "Biden is hurting our people. I will fight for a better life for my neighbors every day. Enough is enough."

"Skyrocketing gas prices," wrote Alabama Rep. Barry Moore. "This is Joe Biden's America."

"Lines around city blocks for a gallon of gas," said Louisiana Rep. Mike Johnson. "By any objective measure, Biden's first 100 days have been a disaster."

"In Joe Biden's America you can't get gas or a job," added Colorado Rep. Ken Buck.

"In the 1970's, during the last major gas shortage, Joe Biden was already in government," said Rep. Lauren Boebert, also of Colorado.

While Republican lawmakers are busy tweeting, the Biden administration saysthe attack "has triggered a comprehensive federal response focused on securing critical energy supply chains." This includes creating an interagency response group, temporarily waiving fuel standards, giving emergency safety waivers to those transporting fuel, and providing security guidance for other infrastructure.

Colonial Pipeline Company praised the White House on Tuesday for "leadership and collaboration in resolving this matter."

Ransomware attacks predate Biden's 112-day-old administration, but few, if any, GOP lawmakers attacked Donald Trump for his handling of cybersecurity.

Experts say Trump not only failed to take the problem seriously, but actually made things worse. "Much of the work done … [during the Trump administration] was weakened by a president who didn't prioritize cyber-issues and who, in many cases, actively undercut any actions or messaging against our adversaries," Chris Painter, who coordinated cyber operations at the State Department under President Barack Obama, told the Washington Post in December.

Biden announced Monday that his administration will do everything possible to "disrupt and prosecute ransomware criminals" and "will be pursuing a global effort of ransomware attacks by transnational criminals who often use global money-laundering networks to carry them out."

But, Biden noted, much of the nation's vital infrastructure "is privately owned and managed, like Colonial," and those "private entities are making their own determination on cybersecurity."

The president added, "So to jumpstart greater private-sector investment in cybersecurity, we launched a new public-private initiative in April. It begins with a 100-day sprint to improve cybersecurity in the electric sector, and we'll follow that with similar initiatives in natural gas pipelines, water, and other sectors."

Republican Sen. Marsha Blackburn of Tennessee used the exposure by hackers of the vulnerability of one company to claim that America needs another oil pipeline.

"America is facing a gas shortage," Blackburn tweeted on Wednesday. "We need to get the Colonial pipeline back to work, and the Keystone pipeline back to construction."

Unlike the Colonial Pipeline, the proposed Keystone XL oil pipeline would not transport oil to Americans; it would be used by a Canadian company to transfer tar sands oil from Alberta to refineries in the Gulf of Mexico. Most of that refined oil would then likely be exported overseas.

Published with permission of The American Independent Foundation.

Mueller Links Roger Stone Indictment To Russian Hacking And Wikileaks

Mueller Links Roger Stone Indictment To Russian Hacking And Wikileaks

Reprinted with permission from Alternet.

When Special Counsel Robert Mueller issued the indictment against Roger Stone, a long-time ally of President Donald Trump, he filed it while noting that it was connected to another case: the indictment of Russians who hacked Democratic emails during the 2016 campaign.

Stone has been charged with lying to Congress, tampering with a witness, and obstructing justice.

Stone’s lawyers objected to the assertion that the cases were connected, a motion that could have triggered the case to be assigned to a different judge. But on Friday, Mueller responded to the lawyers’ objections and revealed why the cases are connected:

In Netyksho, eleven Russian military officers are charged by indictment with, inter alia, conspiring to hack into the computers of U.S. persons and entities involved in the 2016 U.S. presidential election, steal documents from those computers, and stage releases of the stolen documents to interfere with the 2016 U.S. presidential election.

As alleged in the Netyksho indictment, in 2016, the Netyksho defendants stole documents from the DNC, the Democratic Congressional Campaign Committee, and the Clinton campaign chairman. Those defendants then released many of the stolen documents, including through a website maintained by Organization 1. In the course of investigating that activity, the government obtained and executed dozens of search warrants on various accounts used to facilitate the transfer of stolen documents for release, as well as to discuss the timing and promotion of their release. Several of those search warrants were executed on accounts that contained Stone’s communications with Guccifer 2.0 and with Organization 1. Evidence obtained from those search warrants resulted in the allegations that the Netyksho defendants hacked and stole documents for release through intermediaries, including Organization 1, and that Stone lied to a congressional committee investigating, among other things, the activities of Organization 1 regarding those stolen documents.

Here, “Organization 1” refers to WikiLeaks, which published the stolen emails.

Mueller also argued that Stone’s actions are part of the same “alleged criminal event or transaction” as those at issue in Netyksho.

He explained that the “criminal conduct alleged in Netyksho was a central focus of the congressional investigation that the defendant is alleged to have obstructed, and therefore the activities underlying the crimes charged in that case are part of the same activities underlying the crimes charged in this case.”

Since Stone’s lies came up in the context of an investigation the Russian election interference and possible connections to the actions of Americans, the cases are linked.

“The defendant’s false statements did not arise in a vacuum,” the filing said.

Perhaps most damningly, prosecutors noted that they had seized hundreds of thousands of Stone’s communications: “The government obtained and executed dozens of search warrants on various accounts used to facilitate the transfer of stolen documents for release, as well as to discuss the timing and promotion of their release.
“Several of those search warrants were executed on accounts that contained Stone’s communications with Guccifer 2.0 and with Organization 1.”

 

Dutch Spies Caught Russian Hackers Invading Obama White House and Democratic Party

Dutch Spies Caught Russian Hackers Invading Obama White House and Democratic Party

Dutch spies alerted their American counterparts as early as 2014 about Russian hacking into State Department and White House computers and subsequent Russian hacking of the Democratic Party in the 2016 election, according to a series of reports in Dutch media.

The joint investigation by de Volkskrant newspaper and Nieuwsuur (“News Hour”), a current-affairs television program, describe how Dutch intelligence experts accessed the Russian hackers’ computers and cameras in hallways at a university in Moscow. The Dutch spies watched a team of Russian hackers infiltrate the State Department, the White House and the Democratic Party to pilfer emails and electronic documents, including 2016 campaign emails later published by Wikileaks.

The disclosures add new details to Russian hacking of the 2016 presidential election, which, according to the Dutch reports, was part of a larger pattern of Russian meddling in Western elections. The reports also raise questions about why the Democratic Party did not sufficiently respond when alerted to the hacking, which shadowed the Democratic National Committee and Hillary Clinton’s campaign.

“In the summer of 2015, Dutch intelligence services were the first to alert their American counterparts about the cyber-intrusion of the Democratic National Committee by Cozy Bear, a hacking group believed to be tied to the Russian government,” Nieuwsuur’s report began. “Intelligence hackers from Dutch AIVD (General Intelligence and Security Service) had penetrated the Cozy Bear computer servers as well as a security camera at the entrance of their working space, located in a university building adjacent to the Red Square in Moscow.”

“Over the course of a few months, they saw how the Russians penetrated several U.S. institutions, including the State Department, the White House, and the DNC. On all these occasions, the Dutch alerted the U.S. intelligence services, Dutch TV program Nieuwsuur and de Volkskrant, a prominent newspaper in the Netherlands, jointly report on Thursday,” Nieuwsuur said. “This account is based on interviews with a dozen political, diplomatic and intelligence sources in the Netherlands and the U.S. with direct knowledge of the matter. None of them wanted to speak on the record, given the classified details of the matter.”

Dutch intelligence spied in real time on the hackers’ computers and a hallway security camera in a nearby corridor, the journalists said. They said the Dutch soon realized they were observing a notorious Russian cyber-espionage unit. The Dutch agents “consider Cozy Bear an extension of the SVR, the Russian foreign intelligence service, which is firmly controlled by President Putin.”

“The information shared by the Netherlands about the hacks at the DNC ended up on the desk of Robert Mueller, the special prosecutor leading the FBI investigation into possible Russian interference in the American elections,” Nieuwsuur said. “As early as December, the New York Times reported that information from, among others, Australia, the United Kingdom, and the Netherlands had propelled the FBI investigation.”

The journalists also offered new details about what information and communication channels were accessed across the U.S. executive branch and Democratic Party. The report also describes battles fought in cyberspace between Russian hackers and western counter-espionage technologists, with attacks, countermoves and continued assaults.

The Dutch news reports said their country’s intelligence service broke into the elite Russian operation four years ago, but initially did not know its significance.

“It’s the summer of 2014. A hacker from the Dutch intelligence agency AIVD has penetrated the computer network of a university building next to the Red Square in Moscow, oblivious to the implications,” Volkskrant reported. “One year later, from the AIVD headquarters in Zoetermeer, he and his colleagues witness Russian hackers launching an attack on the Democratic Party in the United States. The AIVD hackers had not infiltrated just any building; they were in the computer network of the infamous Russian hacker group Cozy Bear. And unbeknownst to the Russians, they could see everything.”

Soon after, the Dutch spy agency observed a real-time and successful Russian hacking attack on State Department and White House computers, Nieuwsuur reported.

“After a few months, in November 2014, the Dutch watched as the Russian hackers penetrated the computer network of the State Department. After being alerted to this by the Dutch intelligence chiefs, it took the Americans over 24 hours to avert the Russian attack, after a digital clash which, years later, at a discussion forum in Aspen, the Deputy Director of the NSA would refer to as hand-to-hand combat. Basing itself on intelligence sources, the Washington Post wrote that a Western ally had been of assistance. In the autumn of 2014, the Russians also gained access to the non-classified computer network of the White House. This allowed them to see confidential memos and non-public information about the itinerary of President Obama, and to at least part of President Obama’s email correspondence. These hacks, too, were exposed by the Dutch intelligence services, which subsequently notified the Americans.”

Volkskrant gave more details about the State Department and White House attacks.

“Using so-called command-and-control servers, digital command centers, the Russians attempt to establish a connection to the malware in the Department, in order to request and transfer information. The Americans, having been told by the Dutch where the servers are, repeatedly and swiftly cut off access to these servers, followed each time by another attempt by the Russians. It goes back and forth like this for 24 hours. Afterwards, sources tell CNN that this was the ‘worst hack attack ever’ on the American government. The Department has to cut off access to the e-mail system for a whole weekend in order to upgrade the security.

“Luckily, the NSA was able to find out the means and tactics of their attackers, deputy director of the NSA Richard Ledgett states at a discussion forum in Aspen in March 2017. ‘So we could see how they were changing their methods. That’s very useful information.’ On the authority of intelligence services, American media write that this was thanks to a ‘western ally.’ Eventually, the Americans manage to dispel the Russians from the Department, but not before Russian attackers use their access to send an e-mail to a person in the White House.”

Volkskrant reported the Russian hackers posed as a State Department employee to gain access to the White House’s computer networks.

“A White House official ‘thinks he’s received an e-mail from the State Department—the e-mail address is similar—and clicks a link in the message. The link opens a website where the White House employee then enters his login credentials, now obtained by the Russians. And that is how the Russians infiltrate the White House,’ the paper said, adding that successful hack even allowed Russia to spy on President Obama.

“They even gain access to the email servers containing the sent and received emails of President Barack Obama, but fail to penetrate the servers that control the message traffic from his personal Blackberry, which holds state secrets, sources tell the New York Times. They do, however, manage to access e-mail traffic with embassies and diplomats, agendas, notes on policy and legislation. And again, it’s the Dutch intelligence agencies who alert the Americans about this.”

Several months later, with the 2016 presidential election underway, the Dutch spy agency saw the Russian hackers turn to a new target: The Democratic Party. According to Volkskrant:

“That’s how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won’t be the last time they alert their American counterparts. And yet, it will be months before the United States realize what this warning means: that with these hacks the Russians have interfered with the American elections. And the AIVD hackers have seen it happening before their very eyes.

“The Dutch access provides crucial evidence of the Russian involvement in the hacking of the Democratic Party, according to six American and Dutch sources who are familiar with the material, but wish to remain anonymous. It’s also grounds for the FBI to start an investigation into the influence of the Russian interference on the election race between the Democratic candidate Hillary Clinton and the Republican candidate Donald Trump.”

The FBI investigation into Russian interference in the presidential election was taken over by former FBI director Robert Mueller in 2017. The information provided by the Dutch intelligence agencies to the U.S. spy agencies was the basis for top federal officials to state with confidence in late 2016 that Russia was behind the hacking.

The Dutch report raises new questions about incompetence at the Democratic National Committee, which needless to say, did not heed warnings about Russian hacking, even though a Democratic administration had been successfully attacked.

“It is not clear why the hacks at the DNC could continue for so long despite the Dutch warnings,” Nieuwsuur wrote. “Last year, the New York Times reported that for months, the DNC had not taken the FBI warnings seriously. Eventually, cybersecurity company Crowdstrike, which was investigating the matter on behalf of the Democratic Party, also concluded that Cozy Bear and Fancy Bear were jointly responsible for the hacks. According to the U.S. intelligence services, Russian officials eventually passed on the emails hacked by Fancy Bear to Wikileaks, which published them. The published emails caused a huge scandal in the American election campaign.”

The stolen DNC emails certainly caused a scandal, one that Robert Mueller and several congressional committees are still investigating. In the meantime, it appears that a leading Dutch TV program and newspaper have filled in many blanks about what happened in the election. Their reports raise new questions about why the federal government and the Democratic Party lost the opening rounds in this century’s early cyber-wars.

Steven Rosenfeld covers national political issues for AlterNet, including America’s democracy and voting rights. He is the author of several books on elections and the co-author of Who Controls Our Schools: How Billionaire-Sponsored Privatization Is Destroying Democracy and the Charter School Industry (AlterNet eBook, 2016).

PHOTO: A view shows a construction site near the Kremlin (L) and St. Basil’s Cathedral, with the Moskva river seen in the foreground, in central Moscow, Russia, March 1, 2016. REUTERS/Grigory Dukor