Do You Care?


Do you care about the cyberattack against the Democratic National Committee’s (DNC) computer system? And do you think the attack was a deliberate attempt to ensure Donald Trump’s victory in the coming election?   Or have we become desensitized to these data breaches, and this was simply another story, in last week’s news, which you chose to not be bothered with?

I am truly fascinated by the attack, because of the implication that Russia is trying control the outcome of our elections, in the United States; and because this attack literally changed the course of America.

This latest breech with the DNC had an immediate impact not only on individuals but on a major American political party. We literally saw Mr. Sander’s supporters feel empowered by the leaked emails, which verified their suspicions and supported their accusations; and almost in real time Ms.Wasserman – Shultz, the DNC chairwoman, lost her position, because of the information contained in the emails.

How did this breach happen? Last summer, hackers gained access to the DNC’s computer network.  While the FBI notified the DNC that they had suspected a breach, it was not until April of 2016, that the DNC called in the firm, Crowdstrike, for incident response.  It should be noted that the original breach of the DNC occurred in tandem with the United States government breach, last year, in which the Russians were accused.  While the Russians continue to deny any cyber assaults the evidence is almost irrefutable.

Crowdstrike found two different bad actors called Cozy Bear and Fancy Bear. Both bad actors are well known in the cyber security community.  They also use other names and are known with a certain level of confidence to be associated with Russia, and the Russian government.

Coincidentally, both Cozy Bear and Fancy Bear attacks happened during the normal work day hours for the Russian time zone and the groups also vacationed during Russian Holidays, which has been viewed as further evidence that both groups belong to the Russian government.

Cozy Bear was first to enter the DNC’s network in the summer of last year, 2015. It started by being able to monitor employee chat communication as well as email.  Fancy Bear only entered the DNC network in April, 2016.  While the DNC knows for certain that two files have been stolen, the hackers had access to the computers for the entire research staff.

How did Cozy Bear and Fancy Bear gain access to the DNC network? Both hacks are extremely sophisticated and persistent, meaning the malware is stealthy and can move laterally to other digital devices. Cozy Bear basically used Windows Management Instrumentation WMI, to execute malicious code via a scheduler.  The malicious code was likely executed through a spearphishing campaign and delivered a Remote Access Terminal (RAT).  The RAT could then propagate throughout the DNC network, collecting information, and then encrypted the information and sent via HTTPS, which goes undetected, unless you have a security control that inspects encrypted traffic.

Fancy Bear used a phishing campaign, which deployed an X-Agent malware. X-Agent malware can do remote command execution, which means remotely, you can control someone else’s computer, without them even knowing, that you are in control.  X-Agent can also handle file transmission, key logging, and do network tunneling for other connections.

The explanation of the hacks have been simplified, but it is important to understand that attacks and breaches will occur, the faster you respond, the less damage that will be done.

Why would Russia be interested in the outcome of the election in the United States? Perhaps for the same reason, that we, in the United States are concerned about who is in power in England, or France, or Russia; as our world becomes smaller our lives are more interconnected than ever, for both good and bad.

Did the Russian government intentionally set out to negatively impact the DNC brand? It does appear, as if the party of the workingman has been proven to be about money, power, and influence; does that sound familiar?

Julian Assange, of WikiLeaks, has stated that he is in possession of the hacked data, and plans to use it to do as much damage, as possible, to Hilary Clinton, whom he claims at Yahoo.Com news “has a long history of being a liberal war hawk and we presume she is going to precede.”   He also comments that he does not believe Hilary Clinton favors the free press.

This attack is not over, nor do I believe that its target will not expand, as the malicious agents see fit. More than ever, we need to stay safely Connected.

Leave a Reply

Your email address will not be published. Required fields are marked *