Read the full report from the US National Intelligence Agency on Russian hacking and Why Corporations should take heed

The Director of the US National Intelligence Agency released its declassified version report on
Russia’s involvement in the 2016 US presidential election.
It’s a good read and you can see how social engineering coupled with a little hacking can have a big impact.

If you’re a corporation, be aware that anybody could do this to you, you’re corporate brand and possible
have a huge negative impact on your revenue.

Don’t think Russia’s MO on the 2016 election can’t be emulated by your corporate enemies !!!

Background to “Assessing Russian Activities and Intentions in Recent US Elections”: The Analytic Process and Cyber Incident Attribution

Background to “Assessing Russian Activities and Intentions in Recent US Elections”: The Analytic Process and Cyber Incident Attribution                                                        

“Assessing Russian Activities and Intentions in Recent US Elections” is a declassified version of a highly classified assessment that has been provided to the President and to recipients approved by the President.

  • The Intelligence Community rarely can publicly reveal the full extent of its knowledge or the precise bases for its assessments, as the release of such information would reveal sensitive sources or methods and imperil the ability to collect critical foreign intelligence in the
  • Thus, while the conclusions in the report are all reflected in the classified assessment, the declassified report does not and cannot include the full supporting information, including specific intelligence and sources and

The Analytic Process

The mission of the Intelligence Community is to seek to reduce the uncertainty surrounding foreign activities, capabilities, or leaders’ intentions. This objective is difficult to achieve when seeking to understand complex issues on which foreign actors go to extraordinary lengths to hide or obfuscate their activities.

  • On these issues of great importance to US national security, the goal of intelligence analysis is to provide assessments to decisionmakers that are intellectually rigorous, objective, timely, and useful, and that adhere to tradecraft
  • The tradecraft standards for analytic products have been refined over the past ten years. These standards include describing sources (including their reliability and access to the information they provide), clearly expressing uncertainty, distinguishing between underlying information and analysts’ judgments and assumptions, exploring alternatives, demonstrating relevance to the customer, using strong and transparent logic, and explaining change or consistency in judgments over
  • Applying these standards helps ensure that the Intelligence Community provides US policymakers, warfighters, and operators with the best and most accurate insight, warning, and context, as well as potential opportunities to advance US national

Intelligence Community analysts integrate information from a wide range of sources, including human sources, technical collection, and open source information, and apply specialized skills and structured analytic tools to draw inferences informed by the data available, relevant past activity, and logic and reasoning to provide insight into what is happening and the prospects for the future.

  • A critical part of the analyst’s task is to explain uncertainties associated with major judgments based on the quantity and quality of the source material, information gaps, and the complexity of the
  • When Intelligence Community analysts use words such as “we assess” or “we judge,” they are conveying an analytic assessment or
  • Some analytic judgments are based directly on collected information; others rest on previous judgments, which serve as building blocks in rigorous analysis. In either type of judgment, the tradecraft standards outlined above ensure that analysts have an appropriate basis for the
  • Intelligence Community judgments often include two important elements: judgments of how likely it is that something has happened or will happen (using terms such as “likely” or “unlikely”) and confidence levels in those judgments (low, moderate, and high) that refer to the evidentiary basis, logic and reasoning, and precedents that underpin the

Determining Attribution in Cyber Incidents

The nature of cyberspace makes attribution of cyber operations difficult but not impossible. Every kind of cyber operation—malicious or not—leaves a trail.  US Intelligence Community analysts use this information, their constantly growing knowledge base of previous events and known malicious actors, and their knowledge of how these malicious actors work and the tools that they use, to attempt to trace these operations back to their source. In every case, they apply the same tradecraft standards described in the Analytic Process above.

  • Analysts consider a series of questions to assess how the information compares with existing knowledge and adjust their confidence in their judgments as appropriate to account for any alternative hypotheses and
  • An assessment of attribution usually is not a simple statement of who conducted an operation, but rather a series of judgments that describe whether it was an isolated incident, who was the likely perpetrator, that perpetrator’s possible motivations, and whether a foreign government had a role in ordering or leading the

Assessing Russian Activities and Intentions in Recent US Elections

Scope and Sourcing

Information available as of 29 December 2016 was used in the preparation of this product.

Scope

This report includes an analytic assessment drafted and coordinated among The Central Intelligence Agency (CIA), The Federal Bureau of Investigation (FBI), and The National Security Agency (NSA), which draws on intelligence information collected and disseminated by those three agencies. It covers the motivation and scope of Moscow’s intentions regarding US elections and Moscow’s use of cyber tools and media campaigns to influence US public opinion. The assessment focuses on activities aimed at the 2016 US presidential election and draws on our understanding of previous Russian influence operations. When we use the term “we” it refers to an assessment by all three agencies.

  • This report is a declassified version of a highly classified assessment. This document’s conclusions are identical to the highly classified assessment, but this document does not include the full supporting information, including specific intelligence on key elements of the influence campaign. Given the redactions, we made minor edits purely for readability and

We did not make an assessment of the impact that Russian activities had on the outcome of the 2016 election. The US Intelligence Community is charged with monitoring and assessing the intentions, capabilities, and actions of foreign actors; it does not analyze US political processes or US public opinion.

  • New information continues to emerge, providing increased insight into Russian

Sourcing

Many of the key judgments in this assessment rely on a body of reporting from multiple sources that are consistent with our understanding of Russian behavior. Insights into Russian efforts—including specific cyber operations—and Russian views of key US players derive from multiple corroborating sources.

Some of our judgments about Kremlin preferences and intent are drawn from the behavior of Kremlin- loyal political figures, state media, and pro-Kremlin social media actors, all of whom the Kremlin either directly uses to convey messages or who are answerable to the Kremlin. The Russian leadership invests significant resources in both foreign and domestic propaganda and places a premium on transmitting what it views as consistent, self-reinforcing narratives regarding its desires and redlines, whether on Ukraine, Syria, or relations with the United States.

Assessing Russian Activities and Intentions in Recent US Elections

Key Judgments

ICA 2017-01D

6 January 2017

Russian efforts to influence the 2016 US presidential election represent the most recent expression of Moscow’s longstanding desire to undermine the US-led liberal democratic order, but these activities demonstrated a significant escalation in directness, level of activity, and scope of effort compared to previous operations.

We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump.  We have high confidence in these judgments.

  • We also assess Putin and the Russian Government aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him. All three agencies agree with this judgment. CIA and FBI have high confidence in this judgment; NSA has moderate
  • Moscow’s approach evolved over the course of the campaign based on Russia’s understanding of the electoral prospects of the two main candidates. When it appeared to Moscow that Secretary Clinton was likely to win the election, the Russian influence campaign began to focus more on undermining her future
  • Further information has come to light since Election Day that, when combined with Russian behavior since early November 2016, increases our confidence in our assessments of Russian motivations and

Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or “trolls.” Russia, like its Soviet predecessor, has a history of conducting covert influence campaigns focused on US presidential elections that have used intelligence officers and agents and press placements to disparage candidates perceived as hostile to the Kremlin.

  • Russia’s intelligence services conducted cyber operations against targets associated with the 2016 US presidential election, including targets associated with both major US political
  • We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks. 
    • Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards. DHS assesses that the types of systems Russian actors targeted or compromised were not involved in vote
    • Russia’s state-run propaganda machine contributed to the influence campaign by serving as a platform for Kremlin messaging to Russian and international

     

    We assess Moscow will apply lessons learned from its Putin-ordered campaign aimed at the US presidential election to future influence efforts worldwide, including against US allies and their election processes.

Contents

 

Scope and Sourcing                                                                                                               i

Key Judgments                                                                                                                      ii

Contents                                                                                                                                 iv

CIA/FBI/NSA Assessment: Russia’s Influence Campaign Targeting the

2016 US Presidential Election

Putin Ordered Campaign To Influence US Election                                                     1

Russian Campaign Was Multifaceted                                                                              2

Influence Effort Was Boldest Yet in the US                                                                    5

Election Operation Signals “New Normal” in Russian Influence Efforts                 5

Annexes

A:  Russia—Kremlin’s TV Seeks To Influence Politics, Fuel Discontent in US        6

B: Estimative Language                                                                                                      13

Russia’s Influence Campaign Targeting the 2016 US Presidential Election

Russia’s Influence Campaign Targeting the 2016 US Presidential Election

Putin Ordered Campaign To Influence US Election

We assess with high confidence that Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election, the consistent goals of which were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump. When it appeared to Moscow that Secretary Clinton was likely to win the election, the Russian influence campaign then focused on undermining her expected presidency.

  • We also assess Putin and the Russian Government aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him. All three agencies agree with this judgment. CIA and FBI have high confidence in this judgment; NSA has moderate
  • In trying to influence the US election, we assess the Kremlin sought to advance its longstanding desire to undermine the US-led liberal democratic order, the promotion of which Putin and other senior Russian leaders view as a threat to Russia and Putin’s
  • Putin publicly pointed to the Panama Papers disclosure and the Olympic doping scandal as US-directed efforts to defame Russia, suggesting he sought to use disclosures to discredit the image of the United States and cast it as
  • Putin most likely wanted to discredit Secretary Clinton because he has publicly blamed her since 2011 for inciting mass protests against his regime in late 2011 and early 2012, and because he holds a grudge for comments he almost certainly saw as disparaging

We assess Putin, his advisers, and the Russian Government developed a clear preference for President-elect Trump over Secretary Clinton.

  • Beginning in June, Putin’s public comments about the US presidential race avoided directly praising President-elect Trump, probably because Kremlin officials thought that any praise from Putin personally would backfire in the United States. Nonetheless, Putin publicly indicated a preference for President-elect Trump’s stated policy to work with Russia, and pro-Kremlin figures spoke highly about what they saw as his Russia-friendly positions on Syria and Ukraine. Putin publicly contrasted the President-elect’s approach to Russia with Secretary Clinton’s “aggressive ”
  • Moscow also saw the election of President- elect Trump as a way to achieve an international counterterrorism coalition against the Islamic State in Iraq and the Levant (ISIL).
  • Putin has had many positive experiences working with Western political leaders whose business interests made them more disposed to deal with Russia, such as former Italian Prime Minister Silvio Berlusconi and former German Chancellor Gerhard
  • Putin, Russian officials, and other pro-Kremlin pundits stopped publicly criticizing the US election process as unfair almost immediately after the election because Moscow probably assessed it would be counterproductive to building positive relations.

We assess the influence campaign aspired to help President-elect Trump’s chances of victory when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to the President-elect. When it appeared to Moscow that Secretary Clinton was likely to win the presidency the Russian influence campaign focused more on undercutting Secretary Clinton’s legitimacy and crippling her presidency from its start, including by impugning the fairness of the election.

  • Before the election, Russian diplomats had publicly denounced the US electoral process and were prepared to publicly call into question the validity of the results. Pro- Kremlin bloggers had prepared a Twitter campaign, #DemocracyRIP, on election night in anticipation of Secretary Clinton’s victory, judging from their social media

Russian Campaign Was Multifaceted

Moscow’s use of disclosures during the US election was unprecedented, but its influence campaign otherwise followed a longstanding Russian messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state- funded media, third-party intermediaries, and paid social media users or “trolls.”

  • We assess that influence campaigns are approved at the highest levels of the Russian Government—particularly those that would be politically
  • Moscow’s campaign aimed at the US election reflected years of investment in its capabilities, which Moscow has honed in the former Soviet states.
  • By their nature, Russian influence campaigns are multifaceted and designed to be deniable because they use a mix of agents of influence, cutouts, front organizations, and false-flag operations. Moscow demonstrated this during the Ukraine crisis in 2014, when Russia deployed forces and advisers to eastern Ukraine and denied it

The Kremlin’s campaign aimed at the US election featured disclosures of data obtained through Russian cyber operations; intrusions into US state and local electoral boards; and overt propaganda. Russian intelligence collection both informed and enabled the influence campaign.

Cyber Espionage Against US Political Organizations. Russia’s intelligence services conducted cyber operations against targets associated with the 2016 US presidential election, including targets associated with both major US political parties.

We assess Russian intelligence services collected against the US primary campaigns, think tanks, and lobbying groups they viewed as likely to shape future US policies.  In July 2015, Russian intelligence gained access to Democratic National Committee (DNC) networks and maintained that access until at least June 2016.

  • The General Staff Main Intelligence Directorate (GRU) probably began cyber operations aimed at the US election by March 2016. We assess that the GRU operations resulted in the compromise of the personal e-mail accounts of Democratic Party officials and political figures. By May, the GRU had exfiltrated large volumes of data from the

Public Disclosures of Russian-Collected Data. We assess with high confidence that the GRU used the Guccifer 2.0 persona, DCLeaks.com, and WikiLeaks to release US victim data obtained in

cyber operations publicly and in exclusives to media outlets.

  • Guccifer 2.0, who claimed to be an independent Romanian hacker, made multiple contradictory statements and false claims about his likely Russian identity throughout the election. Press reporting suggests more than one person claiming to be Guccifer 2.0 interacted with
  • Content that we assess was taken from e-mail accounts targeted by the GRU in March 2016 appeared on DCLeaks.com starting in

We assess with high confidence that the GRU relayed material it acquired from the DNC and senior Democratic officials to WikiLeaks. Moscow most likely chose WikiLeaks because of its self- proclaimed reputation for authenticity. Disclosures through WikiLeaks did not contain any evident forgeries.

  • In early September, Putin said publicly it was important the DNC data was exposed to WikiLeaks, calling the search for the source of the leaks a distraction and denying Russian “state-level”
  • The Kremlin’s principal international propaganda outlet RT (formerly Russia Today) has actively collaborated with WikiLeaks. RT’s editor-in-chief visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London in August 2013, where they discussed renewing his broadcast contract with RT, according to Russian and Western media. Russian media subsequently announced that RT had become “the only Russian media company” to partner with WikiLeaks and had received access to “new leaks of secret information.” RT routinely gives Assange sympathetic coverage and provides him a platform to denounce the United

These election-related disclosures reflect a pattern of Russian intelligence using hacked information in targeted influence efforts against targets such as Olympic athletes and other foreign governments. Such efforts have included releasing or altering personal data, defacing websites, or releasing e- mails.

  • A prominent target since the 2016 Summer Olympics has been the World Anti-Doping Agency (WADA), with leaks that we assess to have originated with the GRU and that have involved data on US

Russia collected on some Republican-affiliated targets but did not conduct a comparable disclosure campaign.

Russian Cyber Intrusions Into State and Local Electoral Boards. Russian intelligence accessed elements of multiple state or local electoral boards. Since early 2014, Russian intelligence has researched US electoral processes and related technology and equipment.

  • DHS assesses that the types of systems we observed Russian actors targeting or compromising are not involved in vote

Russian Propaganda Efforts. Russia’s state-run propaganda machine—comprised of its domestic media apparatus, outlets targeting global audiences such as RT and Sputnik, and a network of quasi-government trolls—contributed to the influence campaign by serving as a platform for Kremlin messaging to Russian and international audiences. State-owned Russian media made increasingly favorable comments about President- elect Trump as the 2016 US general and primary election campaigns progressed while consistently offering negative coverage of Secretary Clinton.

  • Starting in March 2016, Russian Government– linked actors began openly supporting President-elect Trump’s candidacy in media

aimed at English-speaking audiences. RT and Sputnik—another government-funded outlet producing pro-Kremlin radio and online content in a variety of languages for international audiences—consistently cast President-elect Trump as the target of unfair coverage from traditional US media outlets that they claimed were subservient to a corrupt political establishment.

  • Russian media hailed President-elect Trump’s victory as a vindication of Putin’s advocacy of global populist movements—the theme of Putin’s annual conference for Western academics in October 2016—and the latest example of Western liberalism’s
  • Putin’s chief propagandist Dmitriy Kiselev used his flagship weekly newsmagazine program this fall to cast President-elect Trump as an outsider victimized by a corrupt political establishment and faulty democratic election process that aimed to prevent his election because of his desire to work with
  • Pro-Kremlin proxy Vladimir Zhirinovskiy, leader of the nationalist Liberal Democratic Party of Russia, proclaimed just before the election that if President-elect Trump won, Russia would “drink champagne” in anticipation of being able to advance its positions on Syria and Ukraine.

RT’s coverage of Secretary Clinton throughout the US presidential campaign was consistently negative and focused on her leaked e-mails and accused her of corruption, poor physical and mental health, and ties to Islamic extremism. Some Russian officials echoed Russian lines for the influence campaign that Secretary Clinton’s election could lead to a war between the United States and Russia.

  • In August, Kremlin-linked political analysts suggested avenging negative Western reports

on Putin by airing segments devoted to Secretary Clinton’s alleged health problems.

  • On 6 August, RT published an English- language video called “Julian Assange Special: Do WikiLeaks Have the E-mail That’ll Put Clinton in Prison?” and an exclusive interview with Assange entitled “Clinton and ISIS Funded by the Same Money.” RT’s most popular video on Secretary Clinton, “How 100% of the Clintons’ ‘Charity’ Went to…Themselves,” had more than 9 million views on social media platforms. RT’s most popular English language video about the President-elect, called “Trump Will Not Be Permitted To Win,” featured Assange and had 2.2 million
  • For more on Russia’s past media efforts— including portraying the 2012 US electoral process as undemocratic—please see Annex A: Russia—Kremlin’s TV Seeks To Influence Politics, Fuel Discontent in

Russia used trolls as well as RT as part of its influence efforts to denigrate Secretary Clinton. This effort amplified stories on scandals about Secretary Clinton and the role of WikiLeaks in the election campaign.

  • The likely financier of the so-called Internet Research Agency of professional trolls located in Saint Petersburg is a close Putin ally with ties to Russian
  • A journalist who is a leading expert on the Internet Research Agency claimed that some social media accounts that appear to be tied to Russia’s professional trolls—because they previously were devoted to supporting Russian actions in Ukraine—started to advocate for President-elect Trump as early as December 2015.

Influence Effort Was Boldest Yet in the US

Russia’s effort to influence the 2016 US presidential election represented a significant escalation in directness, level of activity, and scope of effort compared to previous operations aimed at US elections. We assess the 2016 influence campaign reflected the Kremlin’s recognition of the worldwide effects that mass disclosures of US Government and other private data—such as those conducted by WikiLeaks and others—have achieved in recent years, and their understanding of the value of orchestrating such disclosures to maximize the impact of compromising information.

  • During the Cold War, the Soviet Union used intelligence officers, influence agents, forgeries, and press placements to disparage candidates perceived as hostile to the Kremlin, according to a former KGB

Since the Cold War, Russian intelligence efforts related to US elections have primarily focused on foreign intelligence collection. For decades, Russian and Soviet intelligence services have sought to collect insider information from US political parties that could help Russian leaders understand a new US administration’s plans and priorities.

  • The Russian Foreign Intelligence Service (SVR) Directorate S (Illegals) officers arrested in the United States in 2010 reported to Moscow about the 2008
  • In the 1970s, the KGB recruited a Democratic Party activist who reported information about then-presidential hopeful Jimmy Carter’s campaign and foreign policy plans, according to a former KGB

Election Operation Signals “New Normal” in Russian Influence Efforts

We assess Moscow will apply lessons learned from its campaign aimed at the US presidential election to future influence efforts in the United States and worldwide, including against US allies and their election processes. We assess the Russian intelligence services would have seen their election influence campaign as at least a qualified success because of their perceived ability to impact public discussion.

  • Putin’s public views of the disclosures suggest the Kremlin and the intelligence services will continue to consider using cyber-enabled disclosure operations because of their belief that these can accomplish Russian goals relatively easily without significant damage to Russian
  • Russia has sought to influence elections across Europe.

We assess Russian intelligence services will continue to develop capabilities to provide Putin with options to use against the United States, judging from past practice and current efforts.

Immediately after Election Day, we assess Russian intelligence began a spearphishing campaign targeting US Government employees and individuals associated with US think tanks and NGOs in national security, defense, and foreign policy fields. This campaign could provide material for future influence efforts as well as foreign intelligence collection on the incoming administration’s goals and plans.

Annex A

 

Russia – Kremlin’s TV Seeks To Influence Politics, Fuel Discontent in US*

 

RT America TV, a Kremlin-financed channel operated from within the United States, has substantially expanded its repertoire of programming that highlights criticism of alleged US shortcomings in democracy and civil liberties. The rapid expansion of RT’s operations and budget and recent candid statements by RT’s leadership point to the channel’s importance to the Kremlin as a messaging tool and indicate a Kremlin- directed campaign to undermine faith in the US Government and fuel political protest. The Kremlin has committed significant resources to expanding the channel’s reach, particularly its social media footprint. A reliable UK report states that RT recently was the most-watched foreign news channel in the UK.  RT America has positioned itself as a domestic US channel and has deliberately sought to obscure any legal ties to the Russian Government.

In the runup to the 2012 US presidential election in November, English-language channel RT America — created and financed by the Russian Government and part of Russian Government-sponsored RT TV (see textbox 1) — intensified its usually critical coverage of the United States. The channel portrayed the US electoral process as undemocratic and featured calls by US protesters for the public to rise up and “take this government back.”

  • RT introduced two new shows — “Breaking the Set” on 4 September and “Truthseeker” on 2 November — both overwhelmingly focused on criticism of US and Western governments as well as the promotion of radical
  • From August to November 2012, RT ran numerous reports on alleged US election fraud and voting machine vulnerabilities, contending that US election results cannot be trusted and do not reflect the popular will.
  • In an effort to highlight the alleged “lack of democracy” in the United States, RT broadcast, hosted, and advertised third-

Messaging on RT prior to the US presidential election (RT, 3 November)

 

party candidate debates and ran reporting supportive of the political agenda of these candidates.

The RT hosts asserted that the US two-party system does not represent the views of at least one-third of the population and is a “sham.”

* This annex was originally published on 11 December 2012 by the Open Source Center, now the Open Source Enterprise.

6

  • RT aired a documentary about the Occupy Wall Street movement on 1, 2, and

4 November. RT framed the movement as a fight against “the ruling class” and described the current US political system as corrupt and dominated by corporations.  RT advertising for the documentary featured Occupy movement calls to “take back” the government. The documentary claimed that the US system cannot be changed democratically, but only through “revolution.” After the 6 November US presidential election, RT aired a documentary called “Cultures of Protest,” about active and often violent political resistance (RT, 1-10 November).

RT new show “Truthseeker” (RT, 11 November)

RT Conducts Strategic Messaging for Russian Government

RT’s criticism of the US election was the latest facet of its broader and longer-standing anti-US messaging likely aimed at undermining viewers’ trust in US democratic procedures and undercutting US criticism of Russia’s political system. RT Editor in Chief Margarita Simonyan recently declared that the United States itself lacks democracy and that it has “no moral right to teach the rest of the world” (Kommersant,

6 November).

  • Simonyan has characterized RT’s coverage of the Occupy Wall Street movement as “information warfare” that is aimed at promoting popular dissatisfaction with the US Government. RT created a Facebook app to connect Occupy Wall Street protesters via social media. In addition, RT featured its own hosts in Occupy rallies (“Minaev Live,” 10 April; RT, 2, 12 June).
  • RT’s reports often characterize the United States as a “surveillance state” and allege widespread infringements of civil liberties, police brutality, and drone use (RT, 24, 28 October, 1-10 November).
  • RT has also focused on criticism of the US economic system, US currency policy, alleged

Simonyan steps over the White House in the introduction from her short-lived domestic show on REN TV (REN TV, 26 December 2011)

Wall Street greed, and the US national debt. Some of RT’s hosts have compared the United States to Imperial Rome and have predicted that government corruption and “corporate greed” will lead to US financial collapse (RT, 31 October, 4 November).

RT broadcasts support for other Russian interests in areas such as foreign and energy policy.

  • RT runs anti-fracking programming, highlighting environmental issues and the impacts on public health. This is likely reflective of the Russian Government’s concern about the impact of fracking and US natural gas production on the global energy market and the potential challenges to Gazprom’s profitability (5 October).
  • RT is a leading media voice opposing Western intervention in the Syrian conflict and blaming the West for waging “information wars” against the Syria

Government (RT, 10 October-9 November).

  • In an earlier example of RT’s messaging in

RT anti-fracking reporting (RT, 5 October)

support of the Russian Government, during the Georgia-Russia military conflict the channel accused Georgians of killing civilians and organizing a genocide of the Ossetian people. According to Simonyan, when “the Ministry of Defense was at war with Georgia,” RT was “waging an information war against the entire Western world” (Kommersant, 11 July).

In recent interviews, RT’s leadership has candidly acknowledged its mission to expand its US audience and to expose it to Kremlin messaging. However, the leadership rejected claims that RT interferes in US domestic affairs.

  • Simonyan claimed in popular arts magazine Afisha on 3 October: “It is important to have a channel that people get used to, and then, when needed, you show them what you need to show. In some sense, not having our own foreign broadcasting is the same as not having a ministry of defense. When there is no war, it looks like we don’t need it. However, when there is a war, it is “
  • According to Simonyan, “the word ‘propaganda’ has a very negative connotation, but indeed, there is not a single international foreign TV channel that is doing something other than promotion of the values of the country that it is broadcasting from.” She added that “when Russia is at war, we are, of course, on Russia’s side” (Afisha, 3 October; Kommersant, 4 July).
  • TV-Novosti director Nikolov said on 4 October to the Association of Cable Television that RT builds on worldwide demand for “an alternative view of the entire world.” Simonyan asserted on 3 October in Afisha that RT’s goal is “to make an alternative channel that shares information unavailable elsewhere” in order to “conquer the audience” and expose it to Russian state messaging (Afisha, 3 October; Kommersant, 4 July).
  • On 26 May, Simonyan tweeted with irony: “Ambassador McFaul hints that our channel is interference with US domestic affairs. And we, sinful souls, were thinking that it is freedom of “

RT Leadership Closely Tied to, Controlled by Kremlin

RT Editor in Chief Margarita Simonyan has close ties to top Russian Government officials, especially Presidential Administration Deputy Chief of Staff Aleksey Gromov, who reportedly manages political TV coverage in Russia and is one of the founders of RT.

  • Simonyan has claimed that Gromov shielded her from other officials and their requests to air certain reports. Russian media consider Simonyan to be Gromov’s protege (Kommersant, 4 July; Dozhd TV, 11 July).
  • Simonyan replaced Gromov on state- owned Channel One’s Board of Government officials, including Gromov and Putin’s Press Secretary Peskov were involved in creating RT and appointing Simonyan (Afisha, 3 October).
  • According to Simonyan, Gromov oversees political coverage on TV, and he has periodic meetings with media managers where he shares classified information and discusses their coverage plans. Some opposition journalists, including Andrey Loshak, claim that he also ordered media attacks on opposition figures (Kommersant, 11 July).

The Kremlin staffs RT and closely supervises RT’s coverage, recruiting people who can

Simonyan shows RT facilities to then Prime Minister

Putin. Simonyan was on Putin’s 2012 presidential election campaign staff in Moscow (Rospress, 22 September 2010, Ria Novosti, 25 October 2012).

convey Russian strategic messaging because of their ideological beliefs.

  • The head of RT’s Arabic-language service, Aydar Aganin, was rotated from the diplomatic service to manage RT’s Arabic-language expansion, suggesting a close relationship between RT and Russia’s foreign policy apparatus. RT’s London Bureau is managed by Darya Pushkova, the daughter of Aleksey Pushkov, the current chair of the Duma Russian Foreign Affairs Committee and a former Gorbachev speechwriter (DXB, 26 March 2009; ru, 13 March 2006).
  • According to Simonyan, the Russian Government sets rating and viewership requirements for RT and, “since RT receives budget from the state, it must complete tasks given by the state.” According to Nikolov, RT news stories are written and edited “to become news” exclusively in RT’s Moscow office (Dozhd TV, 11 July; AKT, 4 October).
  • In her interview with pro-Kremlin journalist Sergey Minaev, Simonyan complimented RT staff in the United States for passionately defending Russian positions on the air and in social media. Simonyan said: “I wish you could see…how these guys, not just on air, but on their own social networks, Twitter, and when giving interviews, how they defend the positions that we stand on!” (“Minaev Live,”10 April).

RT Focuses on Social Media, Building Audience

RT aggressively advertises its social media accounts and has a significant and fast-growing social media footprint. In line with its efforts to present itself as anti-mainstream and to provide viewers alternative news content, RT is making its social media operations a top priority, both to avoid broadcast TV regulations and to expand its overall audience.

  • According to RT management, RT’s website receives at least 500,000 unique viewers every day. Since its inception in 2005, RT videos received more than 800 million views on YouTube (1 million views per day), which is the highest among news outlets (see graphics for comparison with other news channels) (AKT, 4 October).
  • According to Simonyan, the TV audience worldwide is losing trust in traditional TV broadcasts and stations, while the popularity of “alternative channels” like RT or Al Jazeera grows. RT markets itself as an “alternative channel” that is available via the Internet everywhere in the world, and it encourages interaction and social networking (Kommersant, 29 September).
  • According to Simonyan, RT uses social media to expand the reach of its political reporting and uses well-trained people to monitor public opinion in social media commentaries (Kommersant, 29 September).
  • According to Nikolov, RT requires its hosts to have social media accounts, in part because social media allows the distribution of content that would not be allowed on television (org, 11 October).
  • Simonyan claimed in her 3 October interview to independent TV channel Dozhd that Occupy Wall Street coverage gave RT a significant audience

 

The Kremlin spends $190 million a year on the distribution and dissemination of RT programming, focusing on hotels and satellite, terrestrial, and cable broadcasting. The Kremlin is rapidly expanding RT’s availability around the world and giving it a reach comparable to channels such as Al Jazeera English.

According to Simonyan, the United Kingdom and the United States are RT’s most successful markets. RT does not, however, publish audience information.

  • According to market research company Nielsen, RT had the most rapid growth (40 percent) among all international news channels in the United States over the past year (2012). Its audience in New York tripled and in Washington DC grew by 60% (Kommersant, 4 July).
  • RT claims that it is surpassing Al Jazeera in viewership in New York and Washington DC (BARB, 20 November; RT, 21 November).
  • RT states on its website that it can reach more than 550 million people worldwide and 85 million people in the United States; however, it does not publicize its actual US audience numbers (RT, 10 December).

ddosattack-image

Formal Disassociation From Kremlin Facilitates RT US Messaging

RT America formally disassociates itself from the Russian Government by using a Moscow-based autonomous nonprofit organization to finance its US operations. According to RT’s leadership, this structure was set up to avoid the Foreign Agents Registration Act and to facilitate licensing abroad. In addition, RT rebranded itself in 2008 to deemphasize its Russian origin.

  • According to Simonyan, RT America differs from other Russian state institutions in terms of ownership, but not in terms of financing. To disassociate RT from the Russian Government, the federal news agency RIA Novosti established a subsidiary autonomous nonprofit organization, TV- Novosti, using the formal independence of this company to establish and finance RT worldwide (Dozhd TV, 11 July).
  • Nikolov claimed that RT is an “autonomous noncommercial entity,” which is “well received by foreign regulators” and “simplifies getting a license.” Simonyan said that RT America is not a “foreign agent” according to US law because it uses a US commercial organization for its broadcasts (AKT, 4 October; Dozhd TV, 11 July).
  • Simonyan observed that RT’s original Russia-centric news reporting did not generate sufficient audience, so RT switched to covering international and US domestic affairs and removed the words “Russia Today” from the logo “to stop scaring away the audience” (Afisha, 18 October; Kommersant, 4 July).
  • RT hires or makes contractual agreements with Westerners with views that fit its agenda and airs them on RT. Simonyan said on the pro-Kremlin show “Minaev Live” on 10 April that RT has enough audience and money to be able to choose its hosts, and it chooses the hosts that “think like us,” “are interested in working in the anti-mainstream,” and defend RT’s beliefs on social media. Some hosts and journalists do not present themselves as associated with RT when interviewing people, and many of them have affiliations to other media and activist organizations in the United States (“Minaev Live,” 10 April).

Annex Bddosattack-image ddosattack1

 

DDoS attack and measures to Fight DDoS attack

White hats are in an ongoing battle with black hats for protecting the Internet from DDoS attacks. According to Abhor Network, more than 2000 daily DDoS attacks are observed worldwide.

In 2016, we saw the largest DDoS attack till date on Dyn (a DNS provider). During the attack, Dyn’s servers were loaded with more than  1.2 Tbps of data which crashed the company’s servers. This attack caused major websites like Twitter, Amazon, Reddit, and Netflix to go down. The attack was carried out using IoT devices infected by Mirai malware; which means the attacker might have used your routers, Smart TVs, mobiles, computers and IP cameras to do the DDoS attack.

Since the attackers have started using your Internet-connected devices to launch dangerous attacks (without your knowledge) against  Banks, Telecom, and Media (that speak against some political agendas), it is about time we(users) become aware of DDoS.

What is DDoS Attack?

DDoS is Distributed Denial of Service attack. In this attack, hackers use compromised systems (called botnets) to make online services unavailable to clients. During the attack, the attacker simply overfloods the service provider’s servers with fake traffics from multiple sources (botnets). This causes the servers to crash. Thus, the intended audience are deprived of the services.

In simple words, DDoS attack is like window shoppers swarming your business denying genuine customers from getting your service.

DDoS Attack Nepal
DDoS Attack

Symptoms of DDoS Attack:

According to Wikipedia, the United States Computer Emergency Readiness Team (US-CERT) has identified symptoms of a denial-of-service attack to include:

  • unusually slow network performance (opening files or accessing web sites)
  • unavailability of a particular website
  • inability to access any website
  • a dramatic increase in the number of spam emails received (this type of DoS attack is considered an e-mail bomb).

Additional symptoms may include:

  • disconnection of a wireless or wired internet connection
  • long-term denial of access to the web or any internet services.

Why is DDoS attack so dangerous?

  1. A large-scale attack can affect Internet connectivity of entire geographical regions.
  2. Anyone can buy a week of  DDoS attack at just $150 in the black market. Source: Trendmicro Research
  3. There can be millions of Botnets since many devices these days are connected to the Internet. This makes the attack more dangerous.
  4. There are more than 2000 attacks per day.
  5. Small businesses are an easy target because it is cheap and easy to attack services that don’t have DDoS countermeasures.

How to Fight DDoS attack:

  1. Be prepared by recognizing the symptoms of a DDoS attack.
  2. Get extra bandwidth for your website. This will give you time to fight the DDoS without your service going down.
  3. Monitor your website traffic regularly. Use Web Analytics tools.
  4. If you think you are under attack, contact your ISP or Host Provider.
  5. Use DDoS mitigation specialist companies if you can afford.

In conclusion, spread the words about DDoS attack to everyone you know who owns or wish to own a website. Also, prevent your devices from being compromised– I will write about it on next post. For now, let’s fight DDoS attacks together.

Source: https://www.gadgetbytenepal.com/fight-ddos-attack/

Mirai Source Code Boosts Popularity of DDoS-as-a-Service Criminal Activity

As one would come to expect from the recent Mirai botnet attacks, DDoS-as-a-service is becoming quite the booming industry. Seemingly everyone in the world holds a grudge against online companies and would like nothing more than to take them down. Now that the Mirai source code was put online several months ago, the number of DDoS attacks will only increase.

DDoS-as-a-business Turns Into A Profitable Business Model

In the world of cybercrime, there are always people willing to do the dirty work for you. Even those who have no idea where to begin when it comes to compiling the Mirai botnet source code, there are those who will offer DDoS attacks as a service in exchange for payment. Even though there are plenty of people who can turn this source code into a valuable tool for their own needs, there are always people willing to pay for such a service.

Just because the Mirai source code is freely available does not mean that aspiring criminals will have an easy time setting up their first botnet. The code is nothing more than a brief guide as to how things will unfold, assuming people put in enough effort to make it work. That doesn’t mean, however, that there is no steep learning curve attached to this process.

Setting up the Mirai source code requires a minimum of four different servers and a certain level of expertise. Now that the solution has been open sourced, criminals have started developing new tools and features for the community. Unfortunately for aspiring internet criminals, this makes setting up the source code even more difficult.

But there is a silver lining for those who are not willing to invest a lot of time into researching the source code and its intricate working. Botnet-as-a-service is a booming business, even though hackers are charging steep prices for this service. Some will even go as far as offering technical support to set up the source code.

To put this into perspective, HackForums contained one particular listing which charged over US$700 for setting up Mirai on behalf of someone else. This included six hours of work to set up servers and conduct quality checks. This is not the biggest investment for a potentially successful criminal operation, although it may put off a lot of people.

DDoS service providers are posing a very significant threat to online companies and users alike. Everyone and everything in the world can be knocked offline if the attack is powerful enough. By offering this business as a service, it is not unlikely that DDoS attacks will become far more widespread than ever before. Mirai’s source code is a significant threat, and it looks like things are only getting worse over time.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Source: http://themerkle.com/mirai-source-code-boosts-popularity-of-ddos-as-a-service-criminal-activity/

Ransomware demands are working, fueling an increase in attacks

Infoblox DNS Threat Index finds criminals are creating more ransomware-domains than ever, and predicts a continuing increase in attacks as more criminals rush to cash in. 

 

Emboldened by the wave of successful ransomware attacks in early 2016, more cybercriminals are rushing to take advantage of this lucrative crime spree.

Networking company Infoblox’s quarterly threat index shows cybercriminals have been busy in the first quarter of 2016 creating new domains and subdomains and hijacking legitimate ones to build up their ransomware operations.

The number of domains serving up ransomware increased 35-fold in the first three months of 2016 compared to the end of 2015, according to the latest Infoblox DNS Threat Index. The index doesn’t measure actual attack volumes but observes malicious infrastructure — the domains used in individual campaigns. Criminals are constantly creating new domains and subdomains to stay ahead of blacklists and other security filters. The fact that the attack infrastructure for ransomware is growing is a good indicator that more cybercriminals are shifting their energies to these operations.

“There is an old adage that success begets success, and it seems to apply to malware as in any other corner of life,” Infoblox researchers wrote in the report.

The threat index hit an all-time high of 137 in the first quarter of 2016, compared to 128 in fourth quarter 2015. While there was a lot of activity creating infrastructure for all types of attacks, including malware, exploit kits, phishing, distributed denial-of-service, and data exfiltration, the explosion of ransomware-specific domains helped propel the overall threat index higher, Infoblox said in its report. Ransomware-related domains, which include those hosting the actual download and those that act as command-and-control servers for infected machines, accounted for 60 percent of the entire malware category.

“Again in simple terms: Ransomware is working,” the report said.

Instead of targeting consumers and small businesses in “small-dollar heists,” cybercriminals are shifting toward “industrial-scale, big-money” attacks on commercial entities, said Rod Rasmussen, vice president of cybersecurity at Infoblox. Cybercriminals don’t need to infect several victims for $500 each if a single hospital can net them $17,000 in bitcoin, for example.

The latest estimates from the FBI show ransomware cost victims $209 million in the first quarter of 2016, compared to $24 million for all of 2015. That doesn’t cover only the ransoms paid out — it also includes costs of downtime, the time required to clean off the infection, and resources spent recovering systems from backup.

Toward the end of 2015, Infoblox researchers observed that cybercriminals appeared to have abandoned the “plant/harvest cycle,” where they spent a few months building up the attack infrastructure, then a few months reaping the rewards before starting all over again. That seems to be the case in 2016, as there was no meaningful lull in newly created threats and new threats — such as ransomware — jumped to new highs. The harvest period seems to be less and less necessary, as criminals get more efficient shifting from task to task, from creating domains, hijacking legitimate domains, creating and distributing malware, stealing data, and generally causing harm to their victims.

 

“Unfortunately, these elevated threat levels are probably with us for the foreseeable future — it’s only the nature of the threat that will change from quarter to quarter,” Infoblox wrote.

Ransomware may be the fastest-growing segment of attacks, but it still accounts for a small piece of the overall attack infrastructure. Exploit kits remain the biggest threat, accounting for more than 50 percent of the overall index, with Angler leading the way. Angler is the toolkit commonly used in malvertising attacks, where malicious advertisements are injected into third-party advertising networks and victims are compromised by navigating to websites displaying those ads. Neutrino is also gaining popularity among cybercriminals. However, the lines are blurring as Neutrino is jumping into ransomware, as recent campaigns delivered ransomware, such as Locky, Teslacrypt, Cryptolocker2, and Kovter, to victims.

Recently, multiple reports have touted ransomware’s rapid growth, but what gets lost is that ransomware isn’t the most prevalent threat facing enterprises today. Organizations are more likely to see phishing attacks, exploit kits, and other types of malware, such as backdoors, Trojans, and keyloggers. Note Microsoft’s recent research, which noted that in 2015, ransomware accounted for less than 1 percent of malware. The encounter rate for ransomware jumped 50 percent over the second half of 2015, but that is going from 0.26 percent of attacks to 0.4 percent. Even if there are 35 times more attacks in 2016, that’s still a relatively small number compared to all other attacks.

The good news is that staying ahead of ransomware requires the same steps as basic malware prevention: tightening security measures, keeping software up-to-date, and maintaining clean backups.

“Unless and until companies figure out how to guard against ransomware — and certainly not reward the attack — we expect it to continue its successful run,” warned the report.

 

Source:  http://www.infoworld.com/article/3077859/security/ransomware-demands-are-working-fueling-an-increase-in-attacks.html

Attackers Clobbering Victims with One-Two Punch of Ransomware and DDoS.

Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice.

As if ransomware weren’t bad enough, attackers are now making the most of their attacks by adding victimized machines to distributed denial of service (DDoS) botnets at the same time that they’re encrypted and held hostage, according to warnings from several security research organizations in the last week.

This one-two punch is a natural “Gimme” for profit-minded attackers and one which security pundits expect will be standard issue for most ransomware kits in the near future.

Adding DDoS capabilities to ransomware is one of those ‘evil genius’ ideas,” says Stu Sjouwerman, CEO of KnowBe4, which today issued an alert that a new variant of Cerber ransomware has added DDoS capabilities to its payloads. “Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years. You can expect [bundling] it to become a fast-growing trend.”

 

The new trend was first detailed by researchers with Invincea last week, which found attackers using weaponized Office documents to deliver the threat via a Visual Basic exploit that allows them to conduct a file-less attack. That delivers malware with the underlying binary, giving the bad guys “two attacks for the price of one,” says Ikenna Dike of Invincea.

“First, it is a typical ransomware binary that encrypts the user’s file system and files while displaying a ransom note. Second, the binary could also be used to carry out a DDoS attack,” Dike said in a post. “The observed network traffic looks to be flooding the subnet with UDP packets over port 6892. By spoofing the source address, the host could direct all response traffic from the subnet to a targeted host, causing the host to be unresponsive.”

Seen by many as a perfect example of the mercenary nature of cybercrime, ransomware’s evolution has been driven entirely by black market ROI. According to the FBI, by the end of the year the ransomware market is expected to net the crooks at least $1 billion.

“Relatively high profit margins coupled with the relatively low overhead required to operate a ransomware campaign have bolstered the appeal of this particular attack type, fueling market demand for tools and services corresponding to its propagation,” explained FireEye researchers in an update last week on ransomware activity.

FireEye’s data shows that there was a noticeable spike in ransomware in March this year and that overall figures are on track for ransomware to exceed 2015 levels. This latest trend of DDoS bundling once again shows the lengths to which the criminals will squeeze every last bit of profitability and efficiency from ransomware attacks. It also offers fair warning to enterprises that even with backups, ransomware can pose threats to their endpoints and networks at large.

Even if data is restored on systems plagued by ransomware, there’s no guarantee that a system wouldn’t be used to continue to remain a part of the botnet or be used as a foothold for further attacks if the threat isn’t properly contained.

Source:  http://www.darkreading.com/endpoint/attackers-clobbering-victims-with-one-two-punch-of-ransomware-and-ddos/d/d-id/1325659

‘Anonymous’ Declares War On Corrupt Mainstream Media

As of June 1st, Ghost Squad Hackers – the same group leading #OpIcarus – have launched a series of coordinated attacks against leading members of the corporate mainstream media. Giving credit where credit is due, Tec.mic and Softpedia were the first to report the operation. But their reports only tell a portion of the whole story, we will explain why in a moment.

 

Broadly speaking, the goal of the #OpSilence is to attack all the corrupt major news networks that mislead and censor information from the general public. More specifically, the news agencies who conceal the crimes of Israel, while misleading the population about the mistreatment of the Palestinian people. The operation is off to a quick start, Ghost Squad has successfully” carried out DDoS attacks on CNN and FOX News” already just this month. More attacks are promised, NBC and MSM appears to be their next target.

 

https://t.co/T7LxqJjzQN “FOXNEWS” Email server has been crashed for 8+ hours by #GhostSquadHackers #OpSIlencepic.twitter.com/uS5zWm75SQ

— s1ege (@s1ege_) June 1, 2016

 

 

When Tech.mic and Softpedia presented their coverage of the hacks, they included images and references directly to Anonymous. But upon reading these articles, Ghost Squad had a message of their own that they want everyone to hear:

 

ALL OF THE MEDIA WHO REPORTS ON OUR ATTACKS #OPSILENCE IS GSH OP NOT ANONOP WE ARE NOT AND I REPEAT NOT ANONYMOUS

— s1ege (@s1ege_) June 1, 2016

 

 

It is no secret Ghost Squad has a close affiliation with Anonymous; I am sure this is how the group got started in the first place. The group insists they speak for themselves, they are essentially trying to get their own reputation – credibility.

 

But there is a second layer to this discussion highlighting the recent divide within Anonymous. There has been a “Civil War” of sorts in recent months, and the reputation of the Anonymous collective as a whole has been damaged. Last winter, prominent hacktivist group Ghostsec also cut their ties with Anonymous. In a statement they said “Anonymous has a habit of shooting in every direction and asking questions later.” In other interviews they imply that Anonymous has developed a reputation for behaving immature – more concerned with silly DDoS’ing attacks than changing the world.

 

Since the quarreling of #OpWhiteRose many people have splintered off, or left Anonymous entirely – just another in the long list of strange effects Donald Trump has had on the entire world. Ghost Squad is one of the groups effected by this ‘Civil War.’ In the time since this happened last March, the group has exploded onto the scene, quickly becoming one of the most influential and talked about hacking groups in the entire world in 2016.

 

I have no doubt about the origins of this operation though, this goes back to#OpMediaControl which began last June. The operation called for the hacking of every major news network in the United States, testing their email systems, DDoS’ing web sites, attempting to hack in teleprompters or live feeds – anything you could think of. Last I heard back in December, they were still trying to recruit people to join them for an event this summer. Sound familiar to what Ghost Squad is doing right now?

 

For the purposes of accuracy, AnonHQ News reached out to our contacts in #OpMediaControl. We gave them a preview of the article and asked them what they thought. They showed us a press release dating May 28, 2016, a video proclaiming that#OpMediaControl has been re-engaged. Of course, #OpSilence proceeded to begin June 1st. In another interesting note, earlier last month Anonymous Resistance Movement, one of the groups behind #OpMediaControl, conducted an interview with GhostSquad. So as you can see, the two groups are well acquainted with one another – these operations are no coincidence.

Ghost Squad may be stepping up from the pack here, but make no mistake, this operation has been in the making for over a year and Anonymous led the way.

 

Source:  http://macedoniaonline.eu/content/view/29562/61/

HACKERS TARGET CZECH REPUBLIC GOV’T SITES OVER PLANS TO BLOCK GAMBLING DOMAINS

Hackers have attacked Czech Republic government websites to protest the country’s decision to block the domains of unauthorized online gambling operators.

Last week, the Czech senate overwhelmingly approved the country’s new gambling legislation, which would open up the market to international online operators for the first time, while imposing blocks on the domains of sites not holding a Czech license.

On Tuesday, Novinky.cz reported that the Senate’s official website Senat.cz had been knocked offline Monday night following a distributed denial of service (DDoS) attack by someone claiming to be associated with the Anonymous hackers collective.

An English-language statement accompanying the attack claimed that the Senate’s website had been targeted “because you passed a law to prevent free access to the Internet.” The statement warned that this wasn’t the last time the government would hear from the hackers on this issue.

The Czech News Agency reported that the attack also affected websites belonging to the Interior Ministry and its affiliated police and firefighters’ organizations, as well as the Social Democratic Party (CSSD), which holds a majority in the Czech parliament.

A CSSD spokesman dismissed the disruption as “no massive, dangerous or successful attack,” while claiming that the average visitor to the party’s website wouldn’t have noticed anything was amiss.

The Interior Ministry brushed off the “unsuccessful attempts” at public disruption, saying they’d managed to restore their website’s functionality within a few hours. The ministry said its information systems weren’t affected and steps were being taken to ensure defenses were in place against future attacks.

The Canadian province of Quebec may wish to take similar precautions. Last month, the province approved the Ministry of Finance’s proposal to block unauthorized gambling sites in a bid to bolster the bottom line of EspaceJeux, the online gambling site of provincial gaming monopoly Loto-Quebec.

Loto-Quebec’s plans, which have no precedent in Canada, have been condemned by free-speech advocates, who wonder what other types of websites might be next on the province’s blacklist.

 

Source:  http://calvinayre.com/2016/06/01/business/hackers-target-czech-republic-plans-gambling-domains/

Anonymous DDoS and shutdown London Stock Exchange for two hours

Anonymous hacktivists take down the London Stock Exchange website for more than two hours as part of protest against world’s banks

The online hacktivist group, Anonymous reportedly shut down the London Stock Exchange (LSE) website last week for more than two hours as part of a protest against world’s banks and financial institutions.

According to the Mail on Sunday, the attack was carried out by Philippines unit of Anonymous on June 2 at 9am. Previous targets have included the Bank of Greece, the Central Bank of the Dominican Republic and the Dutch Central Bank.

The newspaper says: “Anonymous claims the incident was one of 67 successful attacks it has launched in the past month on the websites of major institutions, with targets including the Swiss National Bank, the Central Bank of Venezuela and the Federal Reserve Bank of San Francisco.”

A spokesperson for the LSE declined to comment on the incident, however, the attack most likely took the form of a distributed denial of service (DDoS) attack, meaning trading would not have been affected and no sensitive data would have been compromised.

In the 24 hours before the LSE site went down, the group also claims that the attack on the LSE was the latest in a series that has also seen it target the websites of NYSE Euronext, the parent company of the New York Stock Exchange and the Turkey Stock Exchange, as part of a campaign called Operation Icarus.

According to the newspaper, City of London Police said it was not informed that the LSE website had gone down and had no knowledge of the attack.

However, the latest attack may not be a complete surprise.

In a video posted to YouTube on May 4, a member of the amorphous group announced in that “central bank sites across the world” would be attacked as part of a month-long Operation Icarus campaign.

The video statement said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous.”

By using a distributed-denial-of-service (DDoS) cyberattack, the group also successfully disrupted the Greek central bank’s website.

In light of that event, a separate video was posted to YouTube on May 2.

The masked individual representing Anonymous group said: “Olympus will fall. How fitting that Icarus found his way back to Greece. Today, we have continuously taken down the website of the Bank of Greece. Today, Operation Icarus has moved into the next phase.”

The Anonymous spokesperson added: “Like Icarus, the powers that be have flown too close to the sun, and the time has come to set the wings of their empire ablaze, and watch the system their power relies on come to a grinding halt and come crashing down around them. We must strike at the heart of their empire by once again throwing a wrench into the machine, but this time we face a much bigger target – the global financial system.”

Source:

http://www.techworm.net/2016/06/anonymous-ddos-shutdown-london-stock-exchange-two-hours.html

Hayden: Russian cyber sophistication derives from criminal groups

Russia is one of the most sophisticated nation-states in cyberspace in part because of its ability to enlist cyber-criminal groups to do its bidding, said retired Gen. Michael Hayden, former head of the CIA and National Security Agency.

“The Chinese have scale, the Russians have skill,” Hayden said May 24 at a conference in Washington hosted by Gigamon. That assessment echoes what Adm. Michael Rogers, the current NSA director, has told Congress.

Hayden likened Russian President Vladimir Putin’s alleged sponsorship of criminal hackers to the patronage Don Vito Corleone provides associates in the popular film The Godfather.

“Don Vladimir has allowed the criminal gangs to survive and flourish without legal interference as long as they go outward,” Hayden said. “And from time to time the Don then has need of their services.”

Analysts and U.S. lawmakers have pointed to close ties between the Russian government and cybercriminal groups to the point of blurring the lines of attribution. Some have blamed Russia for a December hack of the Ukrainian power grid, which affected 225,000 customers.

The different bilateral relationships Washington has with Moscow and Beijing have dictated different U.S. policy responses to alleged state-sponsored cyber operations.

The U.S. and China last September agreed to not “knowingly support cyber-enabled theft of intellectual property,” something U.S. lawmakers have long accused China of doing. But with the U.S. government already heavily sanctioning Russia, such a bilateral agreement with Moscow seems unlikely.

“The relationship with Russia is such [that] I don’t know how you do that,” Hayden said.

In an April Senate hearing, Rogers, the current NSA director, told lawmakers that of nation-states, Russia “probably has the most active criminal element with … the greatest capability.” Asked if the Russia government was doing anything to combat cyber criminals on its turf, Rogers replied with a smile, “I would only say it doesn’t appear to be getting much better.”

Analysts such as NSS Labs CEO Vikram Phatak have argued that in a relatively lawless field, the U.S. government should embrace hackers who otherwise wouldn’t pass a background check. Although U.S. military and intelligence agencies have talented personnel, they don’t have “the kind of operational experience that the Russian mob has or the Chinese mob has,” Phatak told FCW earlier this year.

When asked if the U.S. government should give its computer operatives freer rein to go after Russian targets, Hayden was circumspect. “You cannot create symmetric effects in the Russian economy compared to what they can do in our economy,” he told FCW after his remarks.

Stuxnet a ‘poster child’ for certain hacks

Hayden’s remarks underscored the legal and normative ambiguity in cyberspace.

The United States is “incredibly aggressive in the cyber domain. We steal other nations’ data,” but not for commercial gain, he said.

U.S. officials suspect Chinese hackers were behind the breach of at least 22 million U.S. government records at the Office of Personnel Management. Hayden indicated he was jealous of that data heist.

“If I could have done this against a comparable Chinese database when I was director of NSA, I would have done it in a heartbeat,” the former Air Force general said.

During his remarks, Hayden described Stuxnet, the computer worm reportedly developed by the U.S. and Israel to destroy Iran’s nuclear centrifuges, as the “poster child” for hacks with physical-world implications. He told FCW afterward that the distributed-denial-of-serviceattacks that hit the U.S. financial sector from 2011 to 2013, which were allegedly carried out by Iranian hackers, were retribution for Stuxnet.

Hayden declined to confirm or deny U.S. involvement in Stuxnet, but said the net trade off — hampered Iranian centrifuges versus financial loss inflicted by the DDOS attacks — was in U.S. interests. Banks spent tens of millions of dollars in response to those attacks, according to the FBI.

Source:  https://fcw.com/articles/2016/05/24/hayden-russia-cyber.aspx

Anonymous Announces #OpSilence, Month-Long Attacks on Mainstream Media

Members of the Ghost Squad Hackers team, one of most active Anonymous sub-divisions, have carried out DDoS attacks on CNN and FOX News as part of a new hacktivism campaign.

Called OpSilence, the campaign’s goal is to attack all mainstream media that fails to report on the Palestine war or the true crimes happening in Syria, one of the hackers told Mic.

#OpSilence will take place during the entire month of June 2016

The operation will be run similarly to #OpIcarus, a month-long series of attacks that took place in the month of May against various banks around the world.

Any hacktivism group is welcomed to join, and the campaign comes on the heels of OpIcarus, which just ended yesterday.

Ghost Squad Hackers didn’t wait for June to start to begin their attacks, and they’ve already hit the email servers of FOX News and CNN. The group has been changing tactics lately, switching from DDoSing public websites to attacking mail servers, as they did most recently against the Bank of England.

Other hackers have taken a pro-Palestine stance before

Taking a pro-Palestine stance isn’t something strange for hackers, many others supporting this cause as well. The previous group that did so was CWA (Crackas With Attitude), whose hacked targets include CIA Director John Brennan’s personal AOL email account, FBI Deputy Director Mark Giuliano, US National Intelligence Director James Clapper, and President Barack Obama’s Senior Advisor on science and technology John Holdren.

The group is also responsible for hacking the JABS US national arrests database. They also leaked details for 2,400 US government officials, 80 Miami police officers, 9,000 DHS employees, and 20,000 FBI staffers.

Back in February, the group’s leader, a sixteen-year-old boy, was arrested in East Midlands, England.

External Source: http://www.ddosattacks.net/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media/

 

Internal source:  http://news.softpedia.com/news/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media-504760.shtml