Tag Archives: hackers

Clinton Campaign Sent Fake Phishing Emails to Its Own Staff

Mother Jones

Hillary Clinton’s run for the White House will be remembered for many things, but information security isn’t likely to be one of them. Her campaign was buffeted by two major hacking episodes. First, the contents of Democratic National Committee servers were stolen and disseminated through WikiLeaks and other news organizations. Then campaign chairman John Podesta had his personal email account hacked and its contents passed to WikiLeaks, which subsequently released the 50,000-email set in chunks over a period of weeks as the presidential election reached fever pitch. The US government’s intelligence community went on to assert that the hacks had been orchestrated at the behest of the Russian government as a deliberate attempt to hurt Clinton’s chances and boost Donald Trump.

But Robby Mook, the Clinton campaign manager, said this week that the hacks didn’t hit the campaign itself, and that’s because the campaign conducted regular security training for staffers, including sending them fake phishing emails to see how they’d be handled.

“We sent out phishing emails of our own to test people and communicate back to team to see how far they were clicking, to educate people, and show their vulnerability and how much their choices matter,” Mook told Dark Reading, a cybersecurity news website, while attending an information security conference in San Francisco.

Mook said there were at least three phishing tests sent out to staffers, and there were also regular emails sent to staff preaching good IT practices. There were signs in the bathrooms “about not sharing passwords and ‘Don’t clink that link, stop and think,'” Mook said.

The Dark Reading piece doesn’t address when the training took place or whether Podesta and his aides were involved. Podesta and Mook did not respond to requests for comment about the IT training during the campaign.

A phishing attack is an attempt to trick a victim into giving up personal information, including logins for email accounts, bank accounts, and other sensitive information. In Podesta’s case, hackers sent a phony warning from Google alerting him that his Gmail password needed to be reset. According to the New York Times, a campaign IT staffer inadvertently advised Podesta and his aides that the warning was legitimate. By using the fake password reset page, Podesta gave the hackers access to his Gmail account and years’ worth of political communications that eventually found their way to WikiLeaks via the Russian operation, according to the US government.

Excerpt from:  

Clinton Campaign Sent Fake Phishing Emails to Its Own Staff

Posted in Cyber, FF, GE, LAI, LG, ONA, Radius, Uncategorized, Venta | Tagged , , , , , , , , , , , | Comments Off on Clinton Campaign Sent Fake Phishing Emails to Its Own Staff

Read the US Intelligence Report on Russian Hacking

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

The Office of the Director of National Intelligence on Friday released its declassified report on Russia’s efforts to influence the outcome of the 2016 election by hacking Democratic outfits during the campaign.

The report comes a day after top intelligence officials, including Director of National Intelligence James Clapper and National Security Agency Director Michael Rogers, testified before the Senate Armed Services Committee on the issue. During the hearing, Clapper said the intelligence community has grown more “resolute” in its assessment that Russian intelligence was involved in the hacks aimed at the Democratic National Committee and Hillary Clinton campaign chairman John Podesta. On Friday, Clapper, Rogers, FBI Director Jim Comey, and CIA Director John Brennan briefed President-elect Donald Trump on the classified evidence linking Russia to the hacks and the leaking of the swiped emails. After the briefing, Trump released a statement noting that Russia is one of many actors that try to hack US targets, but the statement did not acknowledge the US intelligence community conclusion that Moscow had mounted the cyberattack against the United States as part of an operation to help elect Trump president.

DV.load(“https://www.documentcloud.org/documents/3254229-ICA-2017-01.js”,
width: 630,
height: 550,
sidebar: false,
text: false,
container: “#DV-viewer-3254229-ICA-2017-01”
);

ICA 2017 01 (PDF)

ICA 2017 01 (Text)

Jump to original:  

Read the US Intelligence Report on Russian Hacking

Posted in Cyber, FF, GE, LG, ONA, Radius, Uncategorized, Venta | Tagged , , , , , , , | Comments Off on Read the US Intelligence Report on Russian Hacking

President Obama to Putin: "We Can Do Stuff to You"

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

In response to alleged Russian hacking of US political targets, President Barack Obama said during a press conference on Friday that the US government will “continue to send a message to Russia to not do this to us because we can do stuff to you.”

Obama, in his last press conference of 2016, defended his administration’s response to the hacks, saying that in the “hyperpartisan atmosphere” of the US presidential election “my primary concern was making sure that the integrity of the election process wasn’t damaged.” He told reporters that he wanted to ensure that the election proceeded without the impression that his administration was trying to tip the scales in favor of either candidate. “The truth of the matter is that everybody had the information,” he said. “It was out there, and we handled it the way we should have.”

Now that the election is over, Obama said his administration will fashion a response to the hacking that will send a message to the Russian government. He said some of this response would be public, but that part would play out “in a way they know but not everybody will.”

“At a point in time where we’ve taken certain actions that we can divulge properly, we will do so,” Obama said.

Obama also downplayed the value of an overt response: “The idea that somehow public shaming is going to be effective I think doesn’t read the thought process in Russia very well,” Obama said.

The press conference comes on the heels of numerous media reports, citing unnamed intelligence officials, detailing Russia’s alleged role in hacking US political targets, including the Democratic National Committee and Clinton campaign chairman John Podesta. Last week, the Washington Post reported that the CIA had concluded that the Russian government had mounted the hacks in an effort to sway the election in favor of Donald Trump. The New York Times has laid out how the US government thinks the hacks played out. NBC has reported that intelligence officials believe that Vladimir Putin himself oversaw the hacking operation. Just before Obama spoke, the Post reported that the FBI now agrees with the CIA’s assessment that the Russian hacks were designed to help Trump.

Obama said the intelligence community will produce a final assessment on the hacks before he leaves office, and that he doesn’t want to get ahead of the report’s conclusions. But, when pressed, he alluded to Putin’s direct involvement.

“Not much happens in Russia without Vladimir Putin,” he said. “This is a pretty hierarchical operation. Last I checked, there’s not a lot of debate and democratic deliberation, particularly when it comes to policies directed at the United States.”

Trump has consistently downplayed the accusations against Putin and Russia, calling the CIA assessment “ridiculous,” and he has claimed the allegations of Russian political interference in the presidential election are politically driven.

At a dinner with donors on Thursday, Hillary Clinton said Putin directed the hacks “because he had a personal beef against me,” one that originated after she questioned the fairness of parliamentary elections held in Russia in 2011. “Putin publicly blamed me for the outpouring of outrage by his own people,” she said, “and that is a direct line between what he said back then and what he did in this election.” On Thursday night, Podesta published an op-ed in the Washington Post arguing that something is “deeply wrong with the FBI” and calling for an airing of as much evidence as can safely be made public about the hacks, along with a full, independent investigation into the matter.

In an interview with NPR’s Steve Inskeep on Thursday, Obama vowed to retaliate against Russia.

“I think there is no doubt that when any foreign government tries to impact the integrity of our elections, that we need to take action,” he said in the interview. “And we will at a time and place of our own choosing. Some of it may well be explicit and publicized, some of it may not be.” Obama said his administration has “been working hard to make sure that what we do is proportional, that what we do is meaningful.”

It’s unclear what form US retribution could take. Michael Daniel, a special assistant to the president and the White House cybersecurity coordinator, told Cyber Scoop on Friday that “the US government is still pulling together” a response to the hacks.

Discussing the impact of the hacks during his press conference on Friday, Obama said Russia can only weaken the United States if Americans let it happen. “The Russians can’t change us or significantly weaken us,” Obama said. “They are a smaller country, they are a weaker county, their economy doesn’t produce anything that anyone wants to buy except oil, gas, and arms, they don’t innovate. But they can impact us if we lose track of who we are, if we abandon our values.”

This is a developing story.

See the original article here – 

President Obama to Putin: "We Can Do Stuff to You"

Posted in alo, Cyber, FF, GE, LAI, LG, ONA, Radius, Uncategorized, Venta | Tagged , , , , , , , , | Comments Off on President Obama to Putin: "We Can Do Stuff to You"

This Is How We Know Congress Isn’t Really Serious About Election Fraud

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

The debate over possible Russian meddling in US elections was a major theme in a US House hearing Tuesday on protecting the 2016 elections from cyberattacks and machine-voting attacks. Even though election preparations have been underway for months around the country and early voting in many states begins soon, committee chairman Lamar Smith (R-Texas) said the hearing was to review the security of the election system.

“This discussion is timely as many concerns have been raised in recent months about the vulnerabilities of electronic voting machines, voting over the internet, and online voter registration,” Smith said.

Concerns about the security of the US voting system have been heightened after the recent hacking of the Democratic National Committee, the Democratic Congressional Campaign Committee, and some high-profile Democratic politicians. The DNC, along with several US government officials and security research firms, have fingered Russian intelligence as responsible for the hacks of Democratic targets. Add to that the recent revelation that state election databases in Arizona and Illinois had been hacked, although the degree of success in each attack, and the ultimate purpose, remains unclear. Even though the Russian government has denied being involved, Democrats within Congress have called on the Obama administration to publicly accuse Russia of trying to interfere with US elections.

None of the witnesses—Dr. Charles Romine of the National Institute of Standards and Technology, Louisiana Secretary of State Tom Schedler, David Becker of the Center for Election Innovation and Research, and Dr. Dan Wallach of the Baker Institute for Public Policy at Rice University—suggested Russians were attempting to hack election infrastructure, only that they, too, had received this information specific to the DNC and the DCCC from press accounts.

“The nature of the threat is that they don’t want you to see them there,” said Wallach. “So we can’t assume that if we haven’t seen them that they’re absent. What we do know is that we’ve established motive. The attack on the DNC’s email server is motive—it shows that they did it for explicit partisan purposes.”

Rep. Zoe Lofgren (D-Calif.) said the Russians’ goal might not necessarily be to manipulate vote counts or tamper with voter registration databases, but to create chaos in the system and undermine confidence. “The focus of this hearing is on the voting systems, but really the question is about the election,” she said. “It’s pretty clear that the Russians have attacked, have engaged, in a cyberattack on the DNC and the DCCC.”

For Rep. Dana Rohrbacher (R-Calif.), Russian involvement in trying to hack or access actual election systems around the country lacked any evidence. “We have seen article after article after article about how Russia is compromising the integrity of our election system, and Mr. Chairman, the panelists are just saying that is false,” Rohrbacher said. “We want our country to be safe, but we also don’t want to just continually vilify Russia and turning them into the bad guys. If we’re going to have integrity of our system, I think we have to look at home for real threats to the integrity of our voting system.”

Lofgren disagreed. “To downplay the role that the Russians have had in this is a huge mistake, when you take a look at what they did to the DNC and the DCCC,” Lofgren said, urging members to avoid making the discussion about hacking partisan. “If you attack one of the major parties, somehow that’s okay if it could be to your advantage,” she said. “I like to think if the Russians had attacked the Republican National Committee, Democrats would be as outraged as Republicans. It’s an attack on America. It’s not an attack on a party.”

The hearing came the same day that Guccifer 2.0, the hacker or hackers who have publicly taken credit for the hack of the DNC, issued a rambling statement about information security at a London cybersecurity conference where he was supposed to appear (he didn’t), according to Motherboard. Guccifer did release roughly 600 megabytes of documents containing information about DNC fundraising efforts and other Democratic planning documents at the conference, according to Politico.*

Correction: An earlier version of this article incorrectly stated that the documents released today by the hacker Guccifer 2.0 came from a Democratic contracting firm. We regret the error.

Source: 

This Is How We Know Congress Isn’t Really Serious About Election Fraud

Posted in alo, Cyber, FF, G & F, GE, LAI, LG, ONA, Prepara, PUR, Radius, Ultima, Uncategorized, Venta | Tagged , , , , , , , , , , | Comments Off on This Is How We Know Congress Isn’t Really Serious About Election Fraud

Hackers Stole Voter Registration Data in at Least Two States

Mother Jones

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” “http://www.w3.org/TR/REC-html40/loose.dtd”>

The FBI believes hackers tried to get data from the State Board of Elections in at least two states in July and August, according to a notice sent to elections officials around the country and published by Yahoo News Monday morning. It’s unclear what data the hackers were able to get, but the information suggests they scanned the state elections boards’ websites looking for vulnerabilities. They found several and attempted to enter the systems, and some “exfiltration”—which refers to theft of data—occurred.

On August 18, state elections officials received a “Flash,” a notice sent by the FBI to various relevant parties, titled “Targeting Activity Against State Board of Election Systems.” The FBI reported that it had received reports of an additional IP address—a unique series of numbers that identifies every device that connects to the internet—within the logs of one state’s board of election’s system in July, and then another attempt at breaking into a separate state’s system in August. The IP address numbers can be easily masked to hide an attacker’s true origin, but the flash included detailed information about the methods used by the hackers. The FBI asked state election officials to scan their own network logs for similar activities.

The FBI didn’t identify the states involved, but Yahoo News, citing “sources familiar with” the FBI flash, reports that the attacks likely targeted voter registration databases in Arizona and Illinois. In Illinois, state election officials shut down the state’s voter registration system for 10 days in late July, Yahoo News reports, while the attack in Arizona was more limited.

The FBI flash does not attribute the attacks to anyone specifically, but the revelation comes following recent hacks of the Democratic National Committee and other major Democratic Party organizations and officials that, the US government says, implicated hackers working with or on behalf of Russia. The hacker who has claimed responsibility for the DNC hacks, Guccifer 2.0, has told Mother Jones and others that he was born in Eastern Europe and is not at all connected to Russia, a claim doubted by outside security officials. Russian officials have repeatedly denied that the Russian government had anything to do with the hacks.

The IP addresses provided by the FBI in the flash point to computer systems in the Netherlands and Delaware, according to online IP tracking tools, but Wired says further analysis shows at least one of the IP addresses appears to be linked to a website linked with the Turkish AKP political party. The Yahoo News report cites a cybersecurity expert saying one of the IP addresses has “surfaced before in Russian criminal underground hacker forums,” and the attack methods resemble a hack of the World Anti-Doping Agency earlier this month. Others have blamed that hack on Russia as well. But the types of attacks, methods, and tools detailed by the FBI flash are quite common in the hacking world. That means blaming Russia or anybody else at this point is only speculative.

The hack, combined with other vulnerabilities in the American election infrastructure, including voting machines that produce no verifiable paper audit trail, reinforces the notion that the US election system is vulnerable to disruption.

“This is a big deal,” Rich Barger, the head of cybersecurity firm ThreatConnect, told Yahoo News. “Two state election boards have been popped and data has been taken. This certainly should be concerning to the common American voter.”

Link to article: 

Hackers Stole Voter Registration Data in at Least Two States

Posted in bigo, Cyber, FF, G & F, GE, LAI, LG, ONA, Oster, Radius, Uncategorized, Venta | Tagged , , , , , , , , , , , | Comments Off on Hackers Stole Voter Registration Data in at Least Two States