Russian cyber sec chat
Combined with tech practices that ignored even the most basic rules of cyber safety, this allowed hackers to rummage through the DNC’s server, downloading tens of thousands of private emails which were ultimately published on Wikileaks.
(The FBI agent tasked with warning the DNC was also strangely lackadaisical about it, doing little more than leaving a series of voicemails after speaking to an IT temp, though the DNC’s headquarters are just a half mile from the FBI’s own.) It is impossible to tell whether the hack, and a related one that breached the email account of Hillary Clinton campaign chairman John Podesta, played a significant part in Clinton’s election defeat.
But the situation certainly hobbled Democrats, sidelining some “at the height of the campaign,” as the Times notes, while also potentially affecting “congressional races in a dozen states.” Russian hackers are suspected of having targeted everyone from NGOs to consumer tech companies like Linked In and Dropbox in recent months.
But even if you or your company think you aren’t important enough to be in their sights, many of the techniques they use are common to hackers everywhere. The hackers first gained access to the DNC computer network using the commonest weapon in a hacker’s arsenal: a phishing attack.
According to a NBC News report, the United States has penetrated Russia’s electric grid, telecommunications networks, and command and control systems in order to be able to launch retaliatory cyberattacks if the Kremlin attacks critical infrastructure during the election.
An unidentified senior official reportedly said that if Russia attacked critical infrastructure then Washington could shut down some Russian systems. Cyber Command and director of the National Security Agency, told the Senate Armed Services Committee in 2015, “We believe potential adversaries might be leaving cyber fingerprints on our critical infrastructure partly to convey a message that our homeland is at risk if tensions ever escalate toward military conflict.” The NBC report is confirmation (by leak) that the United States is, not surprisingly, doing the same. President Obama also reportedly warned President Putin about interference in the election at their last meeting two months ago.
A Clinton campaign official received an email that looked like it was from Google with the subject line “Someone has your password.” It claimed someone had tried to log into his account from an IP address in Ukraine.
At the centre of the report (page 4) is a table that unhelpfully lumps together, without explanation, several different names attributed to Russian-associated cyber espionage campaigns alongside names of malicious software and exploits that have little or no direct link to Russia.
The company likens its signature Helix portal product to a Bloomberg terminal for cyber security that can process data and alerts from Fire Eye's systems.
Helix can also incorporate alerts and data from other security companies's applications that a client has in the same way that software by Oracle (ORCL) might be able to draw on data in applications by another developer.
Unfortunately, many of these are out of date or irrelevant, or are used by multiple cyber espionage campaigns and not ones exclusively associated with Russia.
To give just one example, journalist Micah Lee analyzed the IP addresses contained in the appendix, and found over 40 percent of them are exit nodes of the anonymizer Tor (meaning anyone in the world using Tor could be associated with these IP addresses).
Shares of cyber security company Fire Eye (FEYE) jumped on Thursday as Goldman Sachs (GS) upgraded the stock from sell to buy, citing a faster-than-expected shift to recurring revenue and citing new details on the company's key Helix product.