new info on russian hacking

em português
Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.
The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is*the most detailed U.S. government account of Russian interference in the election that has yet come to light.
While the document provides*a rare window*into the NSA’s*understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based.*A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document*because a single analysis is not necessarily definitive.


NSA Report on Russia Spearphishing
5 pages
The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It*states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted*the cyber attacks described in the document:
Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.
This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU.
The NSA analysis does not draw conclusions about whether the interference had any effect on the election’s outcome and concedes that much remains unknown about the extent of the hackers’ accomplishments. However, the report raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.
The NSA and the Office of the Director of National Intelligence were both contacted for this article. Officials*requested that we not publish or report on the top secret document and declined to comment on it. When informed that we intended to go ahead with this story, the NSA*requested a number of redactions. The Intercept agreed to*some of the redaction requests after determining that the disclosure of that material was*not clearly in the public interest.
The report adds significant new detail to*the picture that emerged from the unclassified intelligence assessment about Russian election meddling released by the Obama administration in January.*The January assessment presented*the U.S. intelligence community’s conclusions but omitted many specifics, citing concerns about disclosing sensitive sources and methods. The assessment concluded with high confidence that the Kremlin ordered an extensive, multi-pronged propaganda effort “to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”
That review*did not attempt to assess what effect the Russian efforts had on the election, despite the fact that “Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards.” According to the Department of Homeland Security, the assessment reported*reassuringly, “the types of systems we observed Russian actors targeting or compromising are not involved in vote tallying.”
The NSA has now learned, however, that Russian government hackers, part of a team with a “cyber espionage mandate specifically directed at U.S. and foreign elections,” focused on parts of the system directly connected to the voter registration process, including a private sector manufacturer of devices that maintain and verify the voter rolls. Some of the company’s devices are advertised as having wireless internet and Bluetooth connectivity, which could have provided an ideal staging point for further malicious actions.
Attached to the secret NSA report is an overview chart detailing the Russian government’s spear-phishing operation, apparently missing a second page that was not provided to The Intercept. Graphic: NSA
The Spear-Phishing Attack
As described by the classified NSA report, the Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.
But in order to dupe*the local officials, the hackers needed access to an election software vendor’s internal systems to put together a convincing disguise. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.
The spear-phishing email contained a link directing the employees to a malicious, faux-Google website that would request their login credentials and then hand them over to the hackers. The NSA identified seven “potential victims” at the company. While malicious emails targeting three of the potential victims were rejected by an email server, at least one of the employee accounts was likely compromised, the agency concluded. The NSA notes in its report that it is “unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data from the victim could have been exfiltrated.”
VR Systems declined to respond to a request for comment on the specific hacking operation outlined in the NSA document. Chief Operating Officer Ben Martin replied by email to The Intercept’s request for comment with the following statement:
Phishing and spear-phishing are not uncommon in our industry. We regularly participate in cyber alliances with state officials and members of the law enforcement community in an effort to address these types of threats. We have policies and procedures in effect to protect our customers and our company.
Although the NSA report indicates*that VR Systems was targeted only with login-stealing trickery, rather than computer-controlling malware, this isn’t necessarily a reassuring sign. Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA’s Tailored Access Operations hacking team, said stolen logins can be even more dangerous than an infected computer. “I’ll take credentials most days over malware,” he said, since an employee’s*login information can be used to penetrate “corporate VPNs, email, or cloud services,” allowing access to internal corporate data. The risk is particularly heightened given how common it is to use the same password for multiple services. Phishing, as the name implies, doesn’t require everyone to take the bait in order to be a success — though Williams stressed that hackers “never want just one” set of stolen credentials.
A detail from a top-secret NSA report on a Russian military intelligence operation targeting the U.S. election infrastructure. Image: NSA
In any event, the hackers apparently got what they needed. Two months later, on October 27, they set up an “operational” Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents*obtained from the previous operation to launch a second spear-phishing operation “targeting U.S. local government organizations.” These emails contained a Microsoft Word document that had been “trojanized” so that when it was opened it would send out a beacon to the “malicious infrastructure” set up by the hackers.
The NSA assessed that this phase of the spear-fishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses “associated with named local government organizations,” probably to*officials “involved in the management of voter registration systems.” The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems’ EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document. These particular weaponized files used PowerShell, a Microsoft scripting language designed for system administrators and installed by default on Windows computers, allowing vast control over a system’s settings and functions. If opened, the files “very likely” would have instructed
 
em português
Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.
The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is*the most detailed U.S. government account of Russian interference in the election that has yet come to light.
While the document provides*a rare window*into the NSA’s*understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based.*A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document*because a single analysis is not necessarily definitive.


NSA Report on Russia Spearphishing
5 pages
The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It*states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted*the cyber attacks described in the document:
Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.
This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU.
The NSA analysis does not draw conclusions about whether the interference had any effect on the election’s outcome and concedes that much remains unknown about the extent of the hackers’ accomplishments. However, the report raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.
The NSA and the Office of the Director of National Intelligence were both contacted for this article. Officials*requested that we not publish or report on the top secret document and declined to comment on it. When informed that we intended to go ahead with this story, the NSA*requested a number of redactions. The Intercept agreed to*some of the redaction requests after determining that the disclosure of that material was*not clearly in the public interest.
The report adds significant new detail to*the picture that emerged from the unclassified intelligence assessment about Russian election meddling released by the Obama administration in January.*The January assessment presented*the U.S. intelligence community’s conclusions but omitted many specifics, citing concerns about disclosing sensitive sources and methods. The assessment concluded with high confidence that the Kremlin ordered an extensive, multi-pronged propaganda effort “to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”
That review*did not attempt to assess what effect the Russian efforts had on the election, despite the fact that “Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards.” According to the Department of Homeland Security, the assessment reported*reassuringly, “the types of systems we observed Russian actors targeting or compromising are not involved in vote tallying.”
The NSA has now learned, however, that Russian government hackers, part of a team with a “cyber espionage mandate specifically directed at U.S. and foreign elections,” focused on parts of the system directly connected to the voter registration process, including a private sector manufacturer of devices that maintain and verify the voter rolls. Some of the company’s devices are advertised as having wireless internet and Bluetooth connectivity, which could have provided an ideal staging point for further malicious actions.
Attached to the secret NSA report is an overview chart detailing the Russian government’s spear-phishing operation, apparently missing a second page that was not provided to The Intercept. Graphic: NSA
The Spear-Phishing Attack
As described by the classified NSA report, the Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.
But in order to dupe*the local officials, the hackers needed access to an election software vendor’s internal systems to put together a convincing disguise. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.
The spear-phishing email contained a link directing the employees to a malicious, faux-Google website that would request their login credentials and then hand them over to the hackers. The NSA identified seven “potential victims” at the company. While malicious emails targeting three of the potential victims were rejected by an email server, at least one of the employee accounts was likely compromised, the agency concluded. The NSA notes in its report that it is “unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data from the victim could have been exfiltrated.”
VR Systems declined to respond to a request for comment on the specific hacking operation outlined in the NSA document. Chief Operating Officer Ben Martin replied by email to The Intercept’s request for comment with the following statement:
Phishing and spear-phishing are not uncommon in our industry. We regularly participate in cyber alliances with state officials and members of the law enforcement community in an effort to address these types of threats. We have policies and procedures in effect to protect our customers and our company.
Although the NSA report indicates*that VR Systems was targeted only with login-stealing trickery, rather than computer-controlling malware, this isn’t necessarily a reassuring sign. Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA’s Tailored Access Operations hacking team, said stolen logins can be even more dangerous than an infected computer. “I’ll take credentials most days over malware,” he said, since an employee’s*login information can be used to penetrate “corporate VPNs, email, or cloud services,” allowing access to internal corporate data. The risk is particularly heightened given how common it is to use the same password for multiple services. Phishing, as the name implies, doesn’t require everyone to take the bait in order to be a success — though Williams stressed that hackers “never want just one” set of stolen credentials.
A detail from a top-secret NSA report on a Russian military intelligence operation targeting the U.S. election infrastructure. Image: NSA
In any event, the hackers apparently got what they needed. Two months later, on October 27, they set up an “operational” Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents*obtained from the previous operation to launch a second spear-phishing operation “targeting U.S. local government organizations.” These emails contained a Microsoft Word document that had been “trojanized” so that when it was opened it would send out a beacon to the “malicious infrastructure” set up by the hackers.
The NSA assessed that this phase of the spear-fishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses “associated with named local government organizations,” probably to*officials “involved in the management of voter registration systems.” The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems’ EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document. These particular weaponized files used PowerShell, a Microsoft scripting language designed for system administrators and installed by default on Windows computers, allowing vast control over a system’s settings and functions. If opened, the files “very likely” would have instructed
 
on October 27, they set up an “operational” Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents*obtained from the previous operation to launch a second spear-phishing operation “targeting U.S. local government organizations.” These emails contained a Microsoft Word document that had been “trojanized” so that when it was opened it would send out a beacon to the “malicious infrastructure” set up by the hackers.
The NSA assessed that this phase of the spear-fishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses “associated with named local government organizations,” probably to*officials “involved in the management of voter registration systems.” The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems’ EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document. These particular weaponized files used PowerShell, a Microsoft scripting language designed for system administrators and installed by default on Windows computers, allowing vast control over a system’s settings and functions.
 
evince said:
shouldn't you care about our elections
Click to expand...

Sure, and all of this happened under Obama's watch but thanks for pointing that out.
but Obama is gone now and he took that bat-sh!t crazy Hillary with him.
New sheriff in town, the Russians will be dealt with accordingly, relax you're going to burst a blood vessel.
 
evince said:
em português
Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.
The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is*the most detailed U.S. government account of Russian interference in the election that has yet come to light.
While the document provides*a rare window*into the NSA’s*understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based.*A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document*because a single analysis is not necessarily definitive.


NSA Report on Russia Spearphishing
5 pages
The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It*states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted*the cyber attacks described in the document:
Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.
This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU.
The NSA analysis does not draw conclusions about whether the interference had any effect on the election’s outcome and concedes that much remains unknown about the extent of the hackers’ accomplishments. However, the report raises the possibility that Russian hacking may have breached at least some elements of the voting system, with disconcertingly uncertain results.
The NSA and the Office of the Director of National Intelligence were both contacted for this article. Officials*requested that we not publish or report on the top secret document and declined to comment on it. When informed that we intended to go ahead with this story, the NSA*requested a number of redactions. The Intercept agreed to*some of the redaction requests after determining that the disclosure of that material was*not clearly in the public interest.
The report adds significant new detail to*the picture that emerged from the unclassified intelligence assessment about Russian election meddling released by the Obama administration in January.*The January assessment presented*the U.S. intelligence community’s conclusions but omitted many specifics, citing concerns about disclosing sensitive sources and methods. The assessment concluded with high confidence that the Kremlin ordered an extensive, multi-pronged propaganda effort “to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”
That review*did not attempt to assess what effect the Russian efforts had on the election, despite the fact that “Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards.” According to the Department of Homeland Security, the assessment reported*reassuringly, “the types of systems we observed Russian actors targeting or compromising are not involved in vote tallying.”
The NSA has now learned, however, that Russian government hackers, part of a team with a “cyber espionage mandate specifically directed at U.S. and foreign elections,” focused on parts of the system directly connected to the voter registration process, including a private sector manufacturer of devices that maintain and verify the voter rolls. Some of the company’s devices are advertised as having wireless internet and Bluetooth connectivity, which could have provided an ideal staging point for further malicious actions.
Attached to the secret NSA report is an overview chart detailing the Russian government’s spear-phishing operation, apparently missing a second page that was not provided to The Intercept. Graphic: NSA
The Spear-Phishing Attack
As described by the classified NSA report, the Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.
But in order to dupe*the local officials, the hackers needed access to an election software vendor’s internal systems to put together a convincing disguise. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.
The spear-phishing email contained a link directing the employees to a malicious, faux-Google website that would request their login credentials and then hand them over to the hackers. The NSA identified seven “potential victims” at the company. While malicious emails targeting three of the potential victims were rejected by an email server, at least one of the employee accounts was likely compromised, the agency concluded. The NSA notes in its report that it is “unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data from the victim could have been exfiltrated.”
VR Systems declined to respond to a request for comment on the specific hacking operation outlined in the NSA document. Chief Operating Officer Ben Martin replied by email to The Intercept’s request for comment with the following statement:
Phishing and spear-phishing are not uncommon in our industry. We regularly participate in cyber alliances with state officials and members of the law enforcement community in an effort to address these types of threats. We have policies and procedures in effect to protect our customers and our company.
Although the NSA report indicates*that VR Systems was targeted only with login-stealing trickery, rather than computer-controlling malware, this isn’t necessarily a reassuring sign. Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA’s Tailored Access Operations hacking team, said stolen logins can be even more dangerous than an infected computer. “I’ll take credentials most days over malware,” he said, since an employee’s*login information can be used to penetrate “corporate VPNs, email, or cloud services,” allowing access to internal corporate data. The risk is particularly heightened given how common it is to use the same password for multiple services. Phishing, as the name implies, doesn’t require everyone to take the bait in order to be a success — though Williams stressed that hackers “never want just one” set of stolen credentials.
A detail from a top-secret NSA report on a Russian military intelligence operation targeting the U.S. election infrastructure. Image: NSA
In any event, the hackers apparently got what they needed. Two months later, on October 27, they set up an “operational” Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents*obtained from the previous operation to launch a second spear-phishing operation “targeting U.S. local government organizations.” These emails contained a Microsoft Word document that had been “trojanized” so that when it was opened it would send out a beacon to the “malicious infrastructure” set up by the hackers.
The NSA assessed that this phase of the spear-fishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses “associated with named local government organizations,” probably to*officials “involved in the management of voter registration systems.” The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems’ EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document. These particular weaponized files used PowerShell, a Microsoft scripting language designed for system administrators and installed by default on Windows computers, allowing vast control over a system’s settings and functions. If opened, the files “very likely” would have instructed
Click to expand...

boom
 
You must log in or register to reply here.
Back
Top