Cybersecurity

Five reasons intel community believes Russia interfered in election

Donald Trump met with intelligence officials Friday for a private briefing on election hacking.

Long a skeptic of Russia’s role in the attacks, he finally heard the unfiltered case that Moscow orchestrated breaches at the Democratic National Committee, Democratic National Campaign Committee and two states voter roles, as well as Hillary Clinton’s campaign chief John Podesta.

A declassified version of the intelligence report soon followed. It shows the outline of the U.S. stance, including who did what and why, but does not show much in the way of evidence.

{mosads}Crowdstrike, the company brought in by the DNC to boot the hackers and investigate the report, has publicly released details about its investigation connecting Russian attackers known as Fancy Bear and Cozy Bear to the attacks.

In addition, other firms including FireEye, SecureWorks and ThreatConnect have either confirmed Crowdstrike’s work or found new evidence that they have also released.

Between the report and the private sector work, the public knows some of what might fuel the intelligence community’s unanimous view that Russia was behind the attacks.

Here are five key points.

The attacks used the same infrastructure as other attacks attributed to Russia

Attributing hacks to specific hackers is difficult work, in part because it is possible to modify digital evidence after the fact.

Before making its own attribution, CrowdStrike monitored the hackers in action as they scoured the system – limiting the amount of cover-up work that could be done.   

Crowdstrike found a lot of overlap from the DNC hack and other hacks attributed to Russian intelligence, including one of the German Parliament.

The DNC attack routed through servers at internet addresses only seen in Russian linked attacks and used the same encryption keys as other attacks. The hackers relied on a cross platform suite of hacking tools called X-Agent; most of its components have exclusively been used in attacks linked to Russia. 

Researchers at the firm ThreatConnect linked the email address used to set up a fake website to one used in previous attacks.

At a minimum, there is good evidence that the DNC attack was conducted by the same group that performed a variety of other attacks.

This was not a small, cheap or easy operation

Wikileaks head Julian Assange told Sean Hannity during a recent interview, that John Podesta could have been hacked by “a 14-year-old.”

It is true that the phishing attack Podesta fell for was not particularly complex.

But the reason we know Podesta coughed up his password in a phishing scam was that researchers discovered his email account as a victim in a much larger hacking campaign – larger in scope than most single people would attempt.

The firm SecureWorks discovered Podesta’s email address as it monitored a bit.ly account used to launch 1,800 hacks in 2015 alone. 

Bit.ly, shortens web addresses to make them easier to share, but can be used by hackers to circumvent email programs that check if messages contain malicious links.

The attacks that ensnared Podesta targeted Russian adversaries worldwide in multiple languages, focusing on countries like the Ukraine, the United States and other NATO nations. They victimized Russian dissidents and media critics, politicians and military targets, each in their native language. Attacks of such size take resources.

The DNC and DCCC attacks also came from resourced attackers. Designing multifaceted malware is not cheap.

The number of nations and criminal hacking organizations that could pull off these campaigns is not large. That suggests a state-backed operation.

It’s also much harder to erase evidence in a thousand attacks than a single attack, which suggests a big operation behind the Podesta hack.

Who ever the attackers are, they appear to come from Russia

There is good reason to believe the attacks came from someone in Russia.

Artifacts in the malware used in the DNC attack show it was programmed during Moscow work hours using a Cyrillic keyboard. Also, the leaker or leakers known as Guccifer 2.0 emailed reporters using an internet address registered to a Russian anonymity service that does not appear to be available to the public.

That attacks originate in Russia is a far cry from their being sponsored by the Russian government.

Some have suggested that the attackers might be Russian nationalists looking at the same array of targets. But it is unclear what nationalists are doing with the haul of stolen data if not giving it to the government.

The attacks dovetailed with other Russian disinformation campaigns

The report covers more than just the hacking effort. It also contains a detailed list account of information warfare against the United States from Russia through other means.

The United States is not the first country subject to Russian disinformation. The Internet Research Agency, the so-called “troll army,” used social media to spread pro-Russian-interest messages to exert control in other venues.

Adrian Chen, a reporter for the New Yorker mentioned in the report as “a journalist who is a leading expert on the Internet Research Agency,” claimed that accounts that used to support Russian efforts in Ukraine switched to pro-Trump messaging.

State-run media, including the television channel RT and web news service Sputnik also got in on the act.

The report notes RT produced English Language video like  “Julian Assange Special:

Do WikiLeaks Have the E-mail That’ll Put Clinton in Prison?” (it did not), “How 100% of the Clintons’ ‘Charity’ Went to…Themselves,” and fact-stretching coverage of Clinton’s heath and ties to ISIS.

Dmitry Kiselyov, who heads the Russian state news agency in charge of Sputnik and other efforts, railed against the corrupt American political establishment trying to prevent Trump from working with Putin.

In Russia, Kremlin surrogates echoed the same sentiments. Until the election officials, including Putin, publicly disparaged the United States system of elections as corrupt. Once Trump won, they stopped.

Political party leader Vladimir Zhirinovsky, who the report lists as a “pro-Kremlin proxy,” said before the election that, if Trump won, Russia would ‘drink champagne’ to celebrate their new ability to advance in Syria and Ukraine.

Putin blamed Clinton and President Obama for a decline in international standing

The intelligence report also points at a motive by noting that Putin’s dislike of both the Clintons and the United States blossomed throughout the Obama administration.

The report says Putin blames Clinton for mass protests in late 2011 and early 2012 and for antagonistic comments she made since.  

The report further states that Putin believes the “Panama Papers,” documents that tied Putin and politicians and celebrities worldwide to offshore banking, were an American plot against him, as was the Olympic doping scandal that barred a number of Russian athletes from the Rio games.

Attacking the United States election system could ding both Clinton and the country’s international stature.