from the did-they-get-the-size-on-Hillary's-pant-suits? dept.
Two separate groups of Russian hackers have reportedly had their way with the Democratic National Committee's network for months... up until last weekend:
Russian hackers have been accessing the Democratic National Committee's computer network for the past year, and have stolen information including opposition research files on presumptive Republican presidential nominee Donald Trump.
According to CrowdStrike, the security firm the DNC called in to deal with the massive data breach, one group of hackers tied to the Russian government has been stealing information from the national party for about a year. "They infiltrated the DNC's network last summer and were monitoring their communications, their email servers, and the like," company co-founder Dmitri Alperovitch told NPR.
A second group, also tied to Russia, accessed the DNC's network in April. "They went straight for the research department of the DNC and exfiltrated opposition materials on Mr. Trump," Alperovitch said.
The Washington Post first reported the DNC break-in.
CrowdStrike doesn't believe the two distinct groups of Russian hackers — which the company has internally nicknamed COZY BEAR and FANCY BEAR — collaborated with each other. "Instead," company co-founder Dmitri Alperovitch wrote in a lengthy blog post, "we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials."
Related Stories
Somebody is claiming to have accessed Democratic National Committee servers by themselves, and has mocked an analysis by CrowdStrike, which said that two groups of Russian hackers broke into the DNC's servers:
A lone hacker claims to have been the person who broke into the Democratic National Committee (DNC) servers, and has posted several files online as "proof." The hacker, going by the name Guccifer 2, created a new Wordpress blog Wednesday and posted several confidential files as well as a taunting rebuke to the security company, CrowdStrike, that the DNC called in to investigate the breach. He also claims to have sent "thousands of files and mails" to Wikileaks which he says will "publish them soon."
CrowdStrike had previously said the hack was carried out by two professional hacking teams with close ties to the Russian government.
In an update to its analysis, CrowdStrike says "Whether or not this posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents' authenticity and origin. Regardless, these claims do nothing to lessen our findings relating to the Russian government's involvement, portions of which we have documented for the public and the greater security community."
Previously:
Russian Hackers Reportedly Compromised the Democratic National Committee's Network
(Score: 2, Funny) by Anonymous Coward on Wednesday June 15 2016, @11:54AM
Put Hillary in charge. I hear she's really good at securing servers.
(Score: 2) by Thexalon on Wednesday June 15 2016, @12:59PM
Also, it's not like the DNC has been compromised before [wikipedia.org].
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by Runaway1956 on Wednesday June 15 2016, @01:41PM
The Democrats give us all a warm, fuzzy feeling of security, right? A baby resting in his mother's arms isn't any safer than classified documents in a Democrat's possession. /sarcasm
Abortion is the number one killed of children in the United States.
(Score: 2) by Thexalon on Wednesday June 15 2016, @04:45PM
Republicans aren't good at it either, of course. Nobody, in any organization, really cares about security until getting it wrong starts to adversely affect them.
Although I'll mention that in the example, the security system had some success, seeing as how they caught those guys on their second attempt.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @03:00PM
(Score: 3, Funny) by Geezer on Wednesday June 15 2016, @12:52PM
There are two separate (and not always cooperative) foreign intelligence services in the Russian Federation: the SVR, which is the old KGB 1st Directorate and mostly political, and the military espionage agency, the GRU.
Both are first-rate. Just wait till you see Hillary's emails. :)
(Score: 4, Informative) by jcross on Wednesday June 15 2016, @02:05PM
Even more disturbing to me is the possibility that one or both of these groups is either not Russian, or is Russian but working for someone other than the Russian government. I mean, how can they really know? I'm not sure why that bothers me more, but it seems like a foreign government has every right to try and spy on our political process, but an internal enemy might make more effective use of the resulting data. For instance, let's say some US TLA wants to exert more influence. Wouldn't it be nice to have some dirt in reserve once the presumptive nominee gets elected? Also who's to say they're only exfiltrating data and not infiltrating it? I'm sure you could do a fair bit to hurt a campaign by subtly changing their intel on the opposition so they waste time chasing windmills or even make gaffes in public.
Or, and this gets really twisted, why not a false flag by the DNC itself (or just a report of something that never happened) to cast doubt on damaging information shortly to be released about Hillary? "Yes, those emails are on our servers, but they were planted by those meddling Russians I tell you!" I'm not sure why they'd bother though, since anything big enough to get the public to take interest would drown out a defense requiring that much subtlety. It would be like convincing a jury that the kiddie porn on someone's computer might have been planted there by malware. Ain't gonna happen.
Well, I guess both technology and the government are increasingly becoming black boxes, which forces us to infer what's going on inside from whatever ambiguous data we can collect from the outside. Voting machines, political machines, email server machines, we're in the dark on all of them.
(Score: 3, Insightful) by HiThere on Wednesday June 15 2016, @06:33PM
Every powerful security apparatus is mainly working for itself. One of the first things the secure is their own autonomy. Then over time the management become more interested in projecting it's own goals than those of it's official external management.
I wish I were being too cynical.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2, Insightful) by Anonymous Coward on Wednesday June 15 2016, @03:35PM
It boggles my email that this still works. I had a user click on one of those "Your computer has encountered a serious error. Please click here to contact Microsoft support immediately" popups. I got a call about it after they had already taken control of the computer. After we kicked the phisher and re-imaged, I asked the user why they clicked on that popup and let somebody they never met remotely control their computer.
"Why did you click on that message?"
"Because it looked like a serious problem."
"Why didn't you contact the IT Department first?"
"The warning said Microsoft needed to fix it immediately"
"Why would you think that Microsoft would send a message to you in your internet browser"
"Well, it said there was a serious error!"
I see this issue a lot; a nominally intelligent adult turns into a special needs case as soon as it involves "the computer." Their ability to apply basic, rational adult reasoning just goes out the window.
(Score: 2) by takyon on Wednesday June 15 2016, @03:53PM
I barely remember the time when a pop-up blocker was cutting-edge browser technology. Grandma on the other hand...
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @06:29PM
Yeah, exactly. I helped a friend who uses Internet Explorer exclusively. The internet without adblock, flashblock and noscript is an unusable morass of auto-playing videos, ads that you cannot differentiate from legitimate content and surveys hovering over articles asking for enough data to pilfer your identity.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @04:37PM
It is just learned helplessness. People bail them out of their problems when it hits the fan or they don't want to look dumb so they never ask to get the info to learn. Then it gets to the point that when you talk computer, thy already believe they can't understand it or that they already understand it, so either way the message is ignored and the cycle just reinforces. One of the best things I've done over the years is given such people various thin clients or using VMs. Screw it up and roll it back, plus many pieces of malware refuse to run in VMs. Yeah, that also reinforces the cycle because they are going to learn that way, but they already have show they won't; so it is my job to minimize the damage.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @06:19PM
I agree part of the problem is learned the helplessness. The point of these scams, generally, are to either hold data for ransom or to pilfer sensitive information. I really do not care if the computer gets destroyed; it's is a couple hundred dollars these days to replace it. However, if they get control of the computer, they can use my clueless user's credentials to pilfer files and data from anything the user has access to. Re-imaging or replacing the computer is nothing compared to the damage of leaking accounting numbers for ACH debits, address histories for properties, confidential sales information, or various infomatic bric-a-brac generated on a daily basis by your average business.
Technical measures to prevent that will always be behind the curve; it requires users who exercise a modicum of sound judgement. These are common sense judgements that we use every day day when we do not give the disheveled looking gentlemen with meth-mouth in the drug store parking lot "a ride home" or when, at 2AM, we do not walk down the poorly-lit cardboard house filled back-alley shortcut. However, when the website you do not recognize asks you to do something, it's "The website said it was a serious error" or, when the stranger calls you on the phone claiming to be from Microsoft and asking you to let them control your computer, it's "But he was from Microsoft."
I see way too much, "Sit in front of computer, remove brain." I do not think it is a generational issue. I have seen users in their 20s fall for the same scams.
Though, if I really knew why, I would be a billionare flying around on my jet, summering in the Turks and Cacos and wintering at Whistler, instead of prognosticating on this site...
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @05:26PM
> It boggles my email that this still works.
It should. But the problem is not users. The problem is that a single click can compromise the system. Its like blaming the driver for wrecking a company car when you gave them a car with no brakes and a windshield with 99% tint.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @06:19PM
If the car has no brakes only a professional driver who knows exactly what he's doing should drive it. The blame falls on the shoulders of the manager who thought Joe from accounting could drive that death trap without hitting a dozen bystanders.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @06:25PM
It does not have to be compromised in the a technical sense; the user is voluntarily giving them access to all of this data. If users could not give others access to data, they would not be able to do their jobs. It is up to the user to "autenticate" the recipient of this data. If the user cannot differentiate between a legitimate recipient and an attacker, it is a social problem not a technical problem; a technical solution would be a bandaid at best. In IT, we do our best to harden systems where we can. But, ultimately, we are forced to trust the user. If the user chooses poorly, there is very little IT can do.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @07:58PM
Nice blame avoidance there. Very professional.
Good security makes it easy for the user to do the right thing and difficult for the user to the wrong thing.
If a single click is enough to do the wrong thing, then your security implementation is de facto bad security.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @08:40PM
In a general sense, you are right. But real-world IT is mostly about doing the best one can under sub-optimal conditions. Really sub-optimal most of the time. There is never enough time to validate every vendor patch for every bit of software and never enough money to harden every attack surface. We do what we can given the time and budget constraints imposed on us.
A good example is AppLocker; I wish I had time to configure AppLocker policies for all my clients. But, my fees would go up and they would go with another provider. For most clients, I could come up with a dozen security technologies and policies that, given the budget and time, I would surely implement. But the business model does not support those fees. So, we rely on users to use adult reasoning and a bit of common sense. That's just life and, I believe, not an unreasonable postion.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @10:51PM
On one hand you maximize the effort when describing doing your job: "really sub-optimal most of the time."
And on the other hand you trivialize the effort of the user doing your job: "a bit of common sense."
And the "my fees would go up" argument says you are happy doing a poor job as long as you get paid.
I recognize that a guy's gotta eat. But when you make that argument it is dishonest to then shift the responsibility away from your role as the person hired for their expertise.
(Score: 1, Funny) by Anonymous Coward on Wednesday June 15 2016, @05:57PM
"because they were the assholes who put windows on the computer!"
(Score: 0) by Anonymous Coward on Thursday June 16 2016, @05:43AM
"...turns into a special needs case..."
You asshole.