Printable Page Headline News   Return to Menu - Page 1 2 3 5 6 7 8 13
 
 
Russian Hackers Target US     10/23 06:12

   

   WASHINGTON (AP) -- U.S. officials said that Russian hackers have targeted 
the networks of dozens of state and local governments in the United States in 
recent days, stealing data from at least two servers. The warning, less than 
two weeks before the election, amplified fears of the potential for tampering 
with the vote and undermining confidence in the results.

   The advisory from the FBI and the Department of Homeland Security's 
cybersecurity agency describes an onslaught of recent activity by a Russian 
state-sponsored hacking group against a broad range of networks, some of which 
were successfully compromised. The alert released Thursday functions as a 
reminder of Russia's potent capabilities and ongoing interference in the 
election even as U.S. officials publicly called out Iran on Wednesday night.

   The advisory does not identify by name or location those who were targeted, 
but officials say they have no information that any election or government 
operations have been affected or that the integrity of elections data has been 
compromised.

   "However, the actor may be seeking access to obtain future disruption 
options, to influence U.S. policies and actions, or to delegitimize (state and 
local) government entities," the advisory said.

   U.S. officials have repeatedly said it would be extremely difficult for 
hackers to alter vote tallies in a meaningful way, but they have warned about 
other methods of interference that could disrupt the election, including 
cyberattacks on networks meant to impede the voting process. The interference 
could continue during or after the tallying of ballots if Russians produce 
spoofed websites or fake content meant to confuse voters about election results 
and lead them to doubt the legitimacy of the outcome.

   A broad concern, particularly at the local government level, has been that 
hackers could infiltrate a county network and then work their way over to 
election-related systems unless certain defenses, such as firewalls, are in 
place. This is especially true for smaller counties that don't have as much 
money and IT support as their bigger counterparts to fund security upgrades.

   Officials have nonetheless sought to stress the integrity of the vote, with 
FBI Director Christopher Wray saying Wednesday, "You should be confident that 
your vote counts. Early, unverified claims to the contrary should be viewed 
with a healthy dose of skepticism."

   On Thursday, Chris Krebs, the head of Homeland Security's Cybersecurity and 
Infrastructure Security Agency, said officials don't have reason to believe 
that hackers were looking for election infrastructure or election-related 
information, and aren't aware of any activity "that would allow them to come 
anywhere near a vote." He said the alert was issued in regard to the scanning 
of county networks for vulnerabilities, not specifically to the targeting of 
elections.

   "The election-related risk is the fact that they were in or touching an 
election system," he said.

   The threat from the Kremlin was mentioned but not especially emphasized 
during a hastily called news conference on Wednesday night, when officials said 
Russia and Iran had obtained voting registration information --- though such 
data is sometimes easily accessible. But most of the focus was on Iran, which 
officials linked to a series of menacing but fake emails that purported to be 
from a far-right group and were aimed at intimidating voters in multiple 
battleground states.

   John Ratcliffe, the director of national intelligence, said the operation 
was aimed at harming President Donald Trump, though he didn't elaborate on how.

   On Thursday, the Treasury Department announced sanctions against five 
Iranian entities, including the Islamic Revolutionary Guard Corps, for 
attempting to influence U.S. elections.

   Despite Iran's activities, Russia is widely regarded in the cybersecurity 
community as the bigger threat to the election. The U.S. has said that Russia, 
which interfered in the 2016 election by hacking Democratic email accounts and 
through a covert social media effort, is interfering again this year in part 
through a concerted effort to denigrate Trump's Democratic opponent, Joe Biden.

   U.S. officials attribute the recent activity to a state-sponsored hacking 
group variously known as DragonFly and Energetic Bear in the cybersecurity 
community. The group appears to have been in operation since at least 2011 and 
is known to have engaged in cyberespionage on energy companies and power grid 
operators in the U.S. and Europe, as well as on defense and aviation companies. 
Aviation networks are among the entities that officials say were recently 
targeted, according to Thursday's advisory.

   According to the advisory, the hackers have obtained user and administrator 
credentials to enter the networks and moved laterally inside to locate what 
they felt would be "high-value" information to steal. In at least one breach, 
officials say, the hackers accessed documents related to network configurations 
and passwords, IT instructions and vendors and purchasing information.

   As of Oct. 1, the advisory said, the hackers have exfiltrated data from at 
least two servers.

   John Hultquist, the director of threat intelligence at FireEye, said 
Energetic Bear moved to the top of his worry list when the cybersecurity firm 
observed it breaking into state and local governments in the U.S. that 
administer elections, due to it having targeted election systems in 2019.

   Hultquist said he does not think Energetic Bear has the ability to directly 
affect the U.S. vote but fears it could disrupt local and state government 
networks proximate to the systems that process votes.

   "The disruption may have little effect on the outcome. It may be entirely 
insignificant to the outcome -- but it could be perceived as proof that the 
election outcome is in question," he said. "Just by getting access to these 
systems they may be preying on fears of the insecurity of the election."

 
 
Copyright DTN. All rights reserved. Disclaimer.
Powered By DTN