Thursday, August 18, 2016

DNC Hack

Given the horrible choices available in this election*, FLG has found the DNC hack the most interesting thing that's happened during this campaign season.  And it keeps getting interestinger and interestinger....

Here's the quick run down:

Summer 2015 - Cozy Bear, a cyber threat actor group who is almost certainly Russian intelligence, gained access to the DNC network.   They're pretty good at what they do (previous victims include the White House, State Department, and Joint Chiefs of Staff) and nobody noticed.   Seems like they did normal intel gathering stuff, minding their own business, until...

Fancy Bear, a separate cyber threat actor - most likely Russian Military intelligence, hacked the DNC in April 2016.

Neither of these is particularly surprising.   The political campaigns of the most powerful nation on Earth are a huge intelligence target.   FLG shrugs and says, "well, that's the game."   No big deal.

But then things get interesting....

Crowdstrike, a commercial cyber intelligence firm, publishes a blog post that accuses the Russians of executing the hack.  

Shortly thereafter, FLG thinks the very next day, a supposedly Romanian hacker nobody has ever heard of, Guccifer 2.0, stands up a blog and says he didn't it all by himself.  This is almost certainly a Russian intelligence PsyOps operation.   They release a few documents, but they don't really get any traction with the media.  So, they dump a bunch to Wikileaks and it starts to take off.

In addition to Wikileaks, there's also data leaking out via DCLeaks.  That site was likely stood up by the Russians.  But what FLG finds most shocking about that is the domain name was registered on 4/19/16 -- the same timeframe when Fancy Bear was hacking the DNC, which implies the Russian Military intelligence was planning to do this PsyOp campaign from the get go, not just them calling an audible because Crowdstrike outted them.

Fancy Bear also hacked the Democratic Congressional Campaign Committee.  They're leaking that stuff too, but whatever...FLG will move on to another topic that is also fascinating.

So, in the midst of all this, in addition to leaking documents, the Russians deny everything and publicly claim they've been hacked themselves.  Extensively.   Multiple departments, agencies, and offices.   They don't mention any suspects, but let's consider this a "Hey, Yankees, stop calling us out.  You do this shit too." message.

And a couple of days ago, some group nobody has ever heard of before - Shadow Brokers - aka another Russian PsyOp --- put tools and exploits from the Equation Group (the cyber actor name for the NSA) up for auction and released some, which look to FLG like NSA-level stuff.

BTW, FLG doubts the Fort Meade was hacked.  After the Snowden stuff, the Russians probably knew where to look and found a bunch of NSA hacks in their systems and worked their way back to other staging servers.   The operational security of the NSA should have been better, but given the Snowden leaks it was probably tough to keep out of sight.

Anyway, it's a new geopolitical world...

No comments:

Creative Commons License
This work is licensed under a Creative Commons Attribution-No Derivative Works 3.0 United States License.