Posts Tagged ‘NSA’

The 2016 Election—Part Three

July 22, 2018

This post is based on David E Sanger’s, “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age.” Once the GRU via Gucci 2.0, DCLeaks, and WikiLeaks, began distributing the hacked emails, each revelation of the DNC’s infighting or Hillary Clinton’s talks at fund raisers became big news. The content of the leaks overwhelmed the bigger, more important questions of whether everyone—staring with the news organizations reporting the contents of the emails—was doing Putin’s bidding. When in early August John Brennan, the CIA Director, began sending intelligence reports over to the White House in sealed envelopes, the administration was preoccupied with the possibility that a far larger plot was under way. The officials feared that the DNC was only an opening shot, or a distraction. Reports were trickling in about constant “probes” of election systems in Arizona and Illinois were traced back to Russian hackers. Two questions were: Was Putin’s bigger plan to hack the votes on November 8? and how easy would that be to pull off?

Brennan’s intelligence reports of Putin’s intentions and orders made the CIA declare with “high confidence” that the DNC hack was the work of he Russian government at a time when the NSA and other intelligence agencies still harbored doubts. The sources described a coordinated campaign ordered by Putin himself, the ultimate modern-day cyber assault—subtle, deniable, launched on many fronts-incongruously directed from behind the six-hundred walls of the Kremlin. The CIA concluded that Putin didn’t think Trump could win the election. Putin, like everyone else, was betting that his nemesis Clinton would prevail. He was hoping to weaken her by fueling a post-election-day narrative, that she had stolen the election by vote tampering.

Brennan argued that Putin and his aides had two goals: “Their first objective was to undermine the credibility and integrity of the US electoral process. They were trying to damage Hillary Clinton. They thought she would be elected and they wanted her bloodied by the time she was going to be inaugurated;” but Putin was hedging his bets by also trying to promote the prospects of Mr. Trump.

[Excuse the interruption of this discussion to consider where we stand today. Both Putin and Trump want to undermine the credibility and integrity of the US electoral process. Trump has been added because he is doing nothing to keep the Russians from interfering again. Much is written about the possibility of a “Blue Wave” being swept into power in the mid-term elections. Hacking into the electoral process again with no preventive measures would impede any such Blue Wave. Trump fears a Blue Wave as it might lead to his impeachment. This is one of his “Remain President and Keep Out of Jail Cards. Others will be discussed in later posts. ]

Returning to the blog, at this time Trump began warning about election machine tampering. He appeared with Sean Hannity on Fox News promoting his claim of fraudulent voting. He also complained about needing to scrub the voting rolls and make it as difficult as possible for non-Trump voters to vote. Moreover, he used this as his excuse for losing the popular election.

At this time Russian propaganda was in full force via the Russian TV network and Breitbart News, Steve Bannion’s mouthpiece.

A member of Obama’s team, Haines said he didn’t realized that two-thirds of American adults get their news through social media. He said, “So while we knew somethig about Russian efforts to manipulate social media, I think it is fair to say that we did not recognize the extent of the vulnerability.

Brennan was alarmed at the election risk from the Russians. He assembled a task force of CIA, NSA, and FBI experts to sort through the evidnce. And as his sense of alarm increased, he decided that he needed to personally brief the Senate and House leadership about the Russian infiltrations. One by one he got to these leaders and they had security clearances so he could paint a clear picture of Russia’s efforts.

As soon as the session with twelve congressional leaders led by Mitch McConnell began it went bad. It devolved into a partisan debate. McConnell did not believe what he was being told. He chastised the intelligence officials for buying into what he claimed was Obama administration spin. Comey tried to make the point that Russian had engaged in this kind of activity before, but this time it was on a far broader scale. The argument made no difference, It became clear that McConnell would not sign on to any statement blaming the Russians.

It should be remembered that when Obama was elected, McConnell swore he would do everything in his power to keep Obama from being reelected. McConnell is a blatant racist and 100% politician. The country is much worse for it. For McConnell professionals interested in determining the truth do not exist. All that exists is what is politically expedient for him.

There was much discussion regarding what to do about Russia. DNI Clapper warned that if the Russians truly wanted to escalate, the had an easy path. Their implants were already deep inside the American electric grid. The most efficient for turning Election Day into a chaotic finger-pointing mess would be to plunge key cities into darkness, even for just a few hours.

Another issue was that NSA’s tools had been compromised. Their implants in foreign systems exposed, the NSA temporarily went dark. At a time when the White House and Pentagon were demanding more options on Russia and a stepped-up campaign against ISIS, the NSA was building new tools because their old ones had been blown.

WannaCry & NotPetya

July 19, 2018

This post is based on “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age,” by David E. Sanger. The North Koreans got software stolen from the NSA by the Shadow Brokers group. So, the NSA lost its weapons and the North Koreans shot them back.

The North Korean hackers married NSA’s tool to a new form of ransomware, which locks computers and makes their data inaccessible—unless the user pays for an electronic key. The attack was spread via a phishing email similar to the one used by Russian hackers in the attacks on the Democratic National Committee and other targets in 2016. It contained an encrypted, compressed file that evaded most virus-detection software. Once it burst alive inside a computer or network, users received a demand for $300 to unlock their data. It is not known how many paid, but those who did never got the key, if there ever was one—to unlock their documents and databases.

WannaCry, like the Russian attackers on the Ukraine power grid, was among a new generation of attacks that put civilians in the crosshairs. Jared Cohen, a former State Department official said, “If you’re wondering why you’re getting hacked—or attempted hacked—with greater frequency, it is because you are getting hit with the digital equivalent of shrapnel in an escalating state-against-state war, way out there in cyberspace.”

WannaCry shut down the computer systems of several major British hospital systems, diverting ambulances and delaying non-emergency surgeries. Banks and transportation systems across dozens of counties were affected. WannaCry hit seventy-four countries. After Britain, the hardest hit was Russia (Russia’s Interior Ministry was among the most prominent victims). The Ukraine and Taiwan were also hit.

It was not until December 2017, three years to the day after Obama accused North Korea of the Sony attacks, for the United States and Britain to formally declare that Kim Jong-un’s government was responsible for WannaCry. President Trump’s homeland security adviser Thomas Bossert said he was “comfortable” asserting that the hackers were “directed by the government of North Korea,” but said that conclusion came from looking at “not only the operational infrastructure, but also the tradecraft and the routine and the behaviors that we’ve seen demonstrated in past attacks. And so you have to apply some gumshoe work here, and not just some code analysis.”

“The gumshoe work stopped short of reporting about how Shadow Brokers allowed the North Koreans to get their hands on tools developed for the American cyber arsenal. Describing how the NSA enabled North Korean hackers was either too sensitive, too embarrassing or both. Bossert was honest about the fact that having identified the North Koreans, he couldn’t do much else to them. “President Trump has used just about every level you can use, short of starving the people of North Korea to death, to change their behavior,” Bossert acknowledged. “And so we don’t have a lot of room left here.”
The Ukraine was victim to multiple cyberattacks. One of the worst was NotPetya. NotPetya was nicknamed by the Kaspersky Lab, which is itself suspected by the US government of providing back doors to the Russian government via its profitable security products. This cyberattack on the Ukrainians seemed targeted at virtually every business in the country, both large and small—from the television stations to the software houses to any mom-and-pop shops that used credit cards. Throughout the country computer users saw the same broken-English message pop onto their screens. It announced that everything on the hard drives of their computers had been encrypted: “Oops, your important files have been encrypted…Perhaps you are busy looking to recover your files, but don’t waste your time.” Then the false claim was made that if $300 was paid in bitcoin the files would be restored.

NotPetya was similar to WannaCry. In early 2017 the Trump administration said that NotPetya was the work of the Russians. It was clear that the Russians had learned from the North Koreans. They made sure that no patch of Microsoft software would slow the spread of their code, and no “kill switch’ could be activated. NotPetya struck two thousand targets around the world, in more than 65 countries. Maersk, the Danish shipping company, was among the worst hit. They reported losing $300 million in revenues and had to replace four thousand servers and thousands of computers.

The Shadow Brokers

July 18, 2018

This is the fourth post based on David E Sanger’s, “THE PERFECT WEAPON: War, Sabotage, & Fear in the Cyber Age.” Within the NSA a group developed special tools for Tailored Access Operations (TAO). These tools were used to break into the computer networks of Russia, China, and Iran, among others. These tools were posted by a group that called itself the Shadow Brokers. NSA’s cyber warriors knew that the code being posted was malware they had written. It was the code that allowed the NSA to place implants in foreign systems, where they could lurk unseen for years—unless the target knew what the malware looked like. The Shadow Brokers were offering a product catalog.

Inside the NSA, this breach was regarded as being much more damaging than what Snowdon had done. The Shadow Brokers had their hands on the actual code, the cyberweapons themselves. These had cost tens of millions of dollars to create, implant, and exploit. Now they were posted for all to see—and for every other cyber player, from North Korea to Iran, to turn to their own uses.

“The initial dump was followed by many more, wrapped in taunts, broken English, a good deal of profanity, and a lot of references to the chaos of American politics.” The Shadow Brokers promised a ‘monthly dump service’ of stolen tools and left hints, perhaps misdirection, that Russian hackers were behind it all. One missive read, “Russian security peoples is becoming Russian hackers at nights, but only full moons.”

This post raised the following questions. Was this the work of the Russians, and if so was it the GRU trolling the NSA the way it was trolling the Democrats”? Did the GRU’s hackers break into the TAO’s digital safe, or did they turn an insider maybe several. And was this hack related to another loss of cyber trolls from the CIA’s Center for Cyber Intelligence which had been appearing for several months on the WikiLeaks site under the name “Vault 7?” Most importantly, was there an Implicit message in the publication of these tools, the threat that if Obama came after the Russians too hard for the election hack, more of the NSA’s code would become public?

The FBI and Brennan reported a continued decrease in Russian “probes” of the state election system. No one knew how to interpret the fact. It was possible that the Russians already had their implants in the systems they had targeted. One senior aide said, “It wouldn’t have made sense to begin sanctions” just when the Russians were backing away.

Michael Hayden, formerly of the CIA and NSA said that this was “the most successful covert operation in history.