Posts Tagged ‘whalephising’

Putin’s Plan

December 17, 2019

The title of this book is identical to the title of a chapter in Messing with the Enemy an excellent book by Clint Watts. In the fall of 2015 Russia’s dedicated hacking campaign proved to be unique in history. Unlike the hacking of criminals, Russia didn’t pursue indiscriminate breaches for financial gain. It sought information from politicians, government officials, journalists, media personalities, and foreign policy experts numbering in the thousands, according to government and media estimates.

The Russians had perpetrated cyberattacks as part of its military campaigns prior to invading Georgia in 2008, when it defaced and disabled Georgian government websites as part of a psychological warfare campaign. In 2014, a pro-Russian group called CyberBerkut surfaced alongside Kremlin hackers and penetrated Ukraine’s Central Election Commission, altering the nation-wide presidential vote in favor of Russia’s preferred candidate, Dmytro Yarosh. Fortnately, the Ukrainian caught the manipulation before the results were aired. Throughout 2015 and 2016, Ukrainian businesses and government agencies suffered endless cyber assaults. The Blackenergy attack struck power grids of the Ivano-Frankivsk region of Ukraine, disabling electricity during one of the country’s coldest periods. Watts writes, “These attacks, though, sought to damage infrastructure and undermine Eastern European countries through humiliation and confusion. The Russian-connected breaches surfacing in America, though, sought something different.

Beginning in the late summer of 2015 and extending through the fall, Russia undertook the largest, most sophisticated, most targeted hacking campaign in world history, breaking into the email accounts of thousands of American citizens and institutions. Analysts believe that the cyber offensive was perpetrated by two of Russia’s intelligence agencies: The Main Intelligence Directorate, known as GRU, and the Federal Security Service, known as FSB, which is primarily an internal intelligence arm, but is particularly sophisticated in cyber operations.

The GRU and FSB operatives act as Advanced Persistent Threats (APTs), a reference to their dedicated targeting and a wide array of cyber-hacking techniques. APTs have sufficient resourcing to stay on their targets until they penetrate the systems they want to access. They use a range of techniques, from the simple to the complex, employing all forms of social engineering and specifically tailored malware known as “zero days.”

These Russian APTs were known as APT28 (Fancy Bear) and APT29 (Cozy Bear). They represented competing Russian hacker groups seeking access and compromising information from democratically elected officials adversarial to Russia, media personalities (particularly reporters who interfaced with anonymous sources), military leaders, academic researches, and policy think tanks studying Russia. In other words, anyone and everyone opposing Russia was targeted in hopes that their private communications, if revealed, would undermine the credibility of a Russian adversary and/or sow divisions and mistrust between the targeted individuala and those they maligned in private.

“Spearphishing” is the most useful and common technique for gaining access to users’ accounts. Messages made to appear legitimate would tell them they needed to sign in to change their username, and users often complied.

In the fall of 2015 the Kremlin election hacking wave began. In September 2015, the Democratic National Committee (DNC) was breached. Both Fancy Bear and Cozy Bear breached the DNC in separate attacks. Separately, hackers penetrated the Democratic Congressional Campaign sometime around March or April 2016.

By 2016, Russia had advanced from spearphising of political parties to “whalephishing” of key political operatives and government officials. Whalephishing targets prominent individuals within organizations or governments whose private communications likely provide a wealth of insight and troves of secrets to propel conspiracies. The campaign manager of Hillary Clinton, John Podesta, proved to be the biggest whale hacked in 2016.

The troll army’s interest in the U.S. presidential collection gained steam toward the end of 2015. The following article in Sputnik caught Watt’s eye, “Is Donald Trump a Man to Mend US Relations with Russia?” At the time Trump’s campaign seemed more a celebrity stunt than a deliberate effort to lead the nation, but the post was curious, given that Russian disdain for both parties and their leaders had historically been a constant.

Watts writes, “From then on, the social media war in America surrounding the election prove unprecedented, and the Russians were there laying the groundwork for their information nuclear strike. Russian state-sponsored media, the English-speaking type, was quite clear: Putin did not want Hillary Clinton to become president. Aggressive anti-Clinton rhetoric from state-sponsored outlets, amplified by their social media trolls, framed Clinton as a globalist, pushing democratic agendas against Russia—an aggressor who could possibly bring about war between the two countries. The trolls anti-Clinton drumbeat increased each month toward the end of 2015 and going into 2016.”

Continuing, “Trump’s brash barbs against his opponents were working unexpectedly well. Kicking off 2016, the troll army began promoting candidate Donald Trump with increasing intensity, so much so that their computational propaganda began to distort organic support for Trump, making his social media appeal appear larger than it truly was.”

Wikileaks released Clinton’s emails. Five days after the WikiLeaks’ dump of DNC emails, Trump announced, “Russia, if you’re listening, I hope you’re able to find the thirty thousand emails that are missing…I think you will probably be rewarded mightily by our press.” Watts writes, “I watched the clip several times, and a sick feeling settled in my stomach. I’d watched the Russian system push for Trump and tear down Clinton, but up to that point, I hadn’t believed the Trump campaign might be working with the Russians to win the presidency. I’d given briefs on the Russian active measure system in many government briefings, academic conferences and think tank sessions for more than a year. But nothing seemed to register. Americans just weren’t interested; all national security discussions focused narrowly on the Islamic State’s recent wave of terrorism in Europe. I did what most Americans do when frustrated by politics. I suffered a Facebook meltdown, noting my disbelief that a U.S. presidential candidate would call on a foreign country one already pushing for his victory, to target and discredit a former first lady, U.S. senator, and secretary of state.”

Watts writes, “By Election Day, allegations of voter fraud and the election being rigged created such anxiety that I worried that some antigovernment and domestic extremists might undertake violence.” But there was no need to worry. Putin’s candidate had won.