Russian government-affiliated hackers breach DNC, take research on Donald Trump
Russian Hackers Targeted U.S. Election Systems, FBI Warns Officials
Warrant to be sought for Russian ATM Hacker
During the summer of 2016, it was hard to browse a major news site without coming across dire warnings about hacking activity originating in Russia and targeted at major U.S. government and infrastructure systems. Many of these articles had an election theme, implying that there may be a Russian government interest in undermining the legitimacy of the upcoming U.S. presidential election, or influencing its outcome.
Is this Russian threat real? Do other countries pose a serious cybersecurity threat to the United States? Do American hackers engage in similar activities against foreign nations?
How real is the Russian threat?
In June 2016, Washington Post reporters broke a story asserting that Russian hackers had infiltrated systems belonging to the Democratic National Committee (DNC) and stolen the DNC's entire opposition research file on Donald Trump. Government officials also stated that the same hackers infiltrated systems belonging to other political organizations on both sides of the aisle in an effort to gain information about the Presidential race.
The DNC retained CrowdStrike, a respected security research firm, to investigate the incident. Through their research, Crowdstrike traced the attacks to two hacking groups with known Russian government affiliations. Particularly troubling is the fact that researchers were unable to determine how the hackers gained access to DNC systems, and merely speculated that it was the result of a phishing attack, according to the Post.
The security community received another jolt in August when Washington Post reporters broke a second story that Russian hackers were targeting the voter registration systems of U.S. states. Illinois election officials has actually sent a message stating that, "The State Board of Elections (SBE) fell victim to a cyberattack that was detected on July 12, 2016."
The message further explained that attackers targeted web-based systems using SQL injection attacks to access back-end databases after running automated vulnerability scans on those applications. Arizona shut its registration system down later that month for similar reasons. FBI officials issued a detailed advisory to all U.S. election officials warning that:
The FBI received information of an additional IP address, 184.108.40.206, which was detected in the July 2016 compromise of a state's Board of Election Web site. Additionally, in August 2016 attempted intrusion activities into another state's Board of Election system identified the IP address, 220.127.116.11 used in the aforementioned compromise.
These attacks point to a well-organized and credible threat posed by Russian hackers and a clear interest in systems and information related to the upcoming presidential election.
Don't forget the Chinese!
While the eyes of the media are currently focused on Russian hacking threats, cybersecurity professionals should keep in mind that the daily barrage of attacks they encounter come from many different sources. It was only a few years ago that there was a similar media uproar about hacking activity originating in China, which also targeted U.S. government agencies, contractors and major Internet companies, including Google.
Security research firm FireEye released a report in June entitled "Red Line Drawn: China Recalculates its Use of Cyber Espionage." FireEye's researches documented a significant decline in hacking activity attributed to Chinese sources. Three years ago, Chinese hackers were consistently infiltrating 60 or more networks each month.
During the first half of 2016, researchers detected less than 10 successful attacks attributed to Chinese sources each month. The report concluded that "since mid-2014, we have observed an overall decrease in successful network compromises by China-based groups against organizations in the United States and 25 other countries."
Why would the Chinese suddenly ratchet down the level of cyberattacks against U.S. targets? FireEye points out that "these shifts have coincided with ongoing political and military reforms in China, widespread exposure of Chinese cyber activity, and unprecedented action by the U.S. Government." This government action included President Obama authorizing sanctions against countries that sponsor cyber-intrusions that jeopardize national security.
While this drop in hacking activity indicates that organizations are less likely to experience attacks of Chinese origin, it certainly doesn't mean that the Chinese are scaling back their cyberwarfare capabilities. It is quite possible that they continue to develop new cyberweapons that will be ready for use if and when the political winds shift.
American hands aren't clean either
Domestic media reports tend to focus on attacks targeted against American entities from foreign sources, including Russia and China. It's important to keep in mind, however, that U.S. adversaries aren't the only ones engaging in cyberwarfare activities. There is clear evidence that the United States and its allies also have sophisticated technical programs designed to infiltrate adversary computer systems for military and intelligence purposes.
The Stuxnet worm, allegedly developed as a joint operation between U.S. and Israeli intelligence agencies, infiltrated computer systems at Iranian nuclear facilities in 2007, causing significant damage to Iran's uranium enrichment program. Materials leaked by Edward Snowden and other sources in the years since seem to confirm significant investments in cyberwarfare by the National Security Agency's Tailored Access Operations group and other government agencies.
Cyberwarfare is now a real part of activity on the global stage. Political and military groups see these weapons as a relatively low-risk way to conduct intelligence operations against their adversaries. Evidence points to extremely active cyberwarfare programs in Russia, China and the United States that not only develop electronic weapons but also actively use them to advance each nation's security objectives.