Top-secret NSA report details Russian spear-fishing attack on US election infrastructure in October 2016

By: (plus.google.com) +David Herron; Date: June 5, 2017

Tags: Russia » Social Media Warfare » Election Hacks

While it's widely reported that Russians built a social-media-warfare system which they're using to undermine elections in the USA and elsewhere, The Intercept has been yelling loudly "not so fast" because the allegations of Russian interference aren't verified. If we want to accuse another government of hacking our elections, or those of Moldova or Bulgaria or Montenegro or France or other countries, there'd better be solid proof, if only because the consequence of such an accusation is a possible war.

Today, The Intercept (the news site that's been calling for caution) released an explosive report detailing an effort by Russian Intelligence services to directly hack into USA election systems. They were anonymously handed a top-secret NSA report, that they've analyzed and verified, detailing NSA's documentation of a "Spear-Fishing" attack launched by Russian operatives against election agencies around the country. The goal appeared to be interfering with voter registration confirmation systems.

It's not known whether the attack was successful, just that it occurred.

(www.documentcloud.org) The NSA report was posted by The Intercept to Document Cloud, and is titled "Russia/Cybersecurity: Main Intelligence Directorate Cyber Actors ######BLOCKED####### Target US Companies and Local US Government Officials Using Voter Registration-Themed Emails, Spoof Election-Related Products and Services, Research Absentee Ballot Email Addresses; August to November 2016"

That title says quite a bit about the plan. Basically, Russian agents set up systems that spoofed legitimate Google services in order to harvest email addresses. Later actions included sending virus-laden MS-Word documents that purported to contain a user manual for voter registration software. The virus caused download of other malware that then gave hackers access to download pretty much any available data file.

The idea was simple - pose as a vendor of e-voting software and contact government employees. With the malware installed on government employee computers, they'd have access to data files related to the electronic voting system.

According to security experts quoted by The Intercept, if the attack had been successful the attackers would have had access to pretty much any data on the victims computer or the local network storage systems it's attached to. The only limit would be on how the network administrator configured the systems.

But: “It is unknown,” the NSA notes, “whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor.”

The target, voter registration systems, was apparently picked because they're less conspicuous than the actual voting systems. Having access to a state's voter registration system would give the ability to change voter registration status, and perhaps prevent voters from voting.

Source: (theintercept.com) https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/

UPDATE: The NY Times says that the leaker of this report has been arrested. The Intercept had approached the NSA with questions to validate the document, and showed it to the NSA, who determined it had been printed, then folded, and hand-carried out of a secure facility. This clue narrowed down the leaker to one of six people, one of whom had been in email contact with The Intercept. That's the person who has been arrested and charged under the Espionage Act.

Source: (www.nytimes.com) https://www.nytimes.com/2017/06/05/us/politics/reality-winner-contractor-leaking-russia-nsa.html?emc=edit_na_20170605&nl=breaking-news&nlid=54129517&ref=headline

« Google's search algorithm enables fake news from Russia or elsewhere to manipulate reality Apple updates entire product like with Kady Lake processors and more »
2016 Election Acer C720 Ad block AkashaCMS Amazon Amazon Kindle Amiga Android Anti-Fascism Apple Apple Hardware History Apple iPhone Apple iPhone Hardware April 1st Arduino ARM Compilation Astronomy Asynchronous Programming Authoritarianism Automated Social Posting Ayo.JS Bells Law Big Brother Big Finish Black Holes Blade Runner Blogger Blogging Books Botnet Botnets Cassette Tapes Cellphones Christopher Eccleston Chrome Chrome Apps Chromebook Chromebooks Chromebox ChromeOS CIA CitiCards Citizen Journalism Civil Liberties Clinton Cluster Computing Command Line Tools Computer Hardware Computer Repair Computers Cross Compilation Crouton Cryptocurrency Curiosity Rover Cyber Security Cybermen Daleks Darth Vader Data backup Data Storage Database Database Backup Databases David Tenant DDoS Botnet Detect Adblocker Developers Editors Digital Photography DIY DIY Repair DNP3 Docker Doctor Who Doctor Who Paradox Drobo Drupal Drupal Themes DVD E-Books E-Readers Early Computers Election Hacks Electric Bicycles Electric Vehicles Electron Emdebian Energy Efficiency Enterprise Node EPUB ESP8266 Ethical Curation Eurovision Event Driven Asynchronous Express Facebook Fake News Fedora VirtualBox File transfer without iTunes FireFly Fraud Freedom of Speech Gallifrey git Gitlab GMAIL Google Google Chrome Google Gnome Google+ Government Spying Great Britain Heat Loss Hibernate Home Automation HTTPS I2C Protocol Image Analysis Image Conversion Image Processing ImageMagick InfluxDB Infrared Thermometers Insulation Internet Internet Advertising Internet Law Internet of Things Internet Policy Internet Privacy iOS Devices iPad iPhone iPhone hacking Iron Man Iternet of Things iTunes Java JavaScript JavaScript Injection JDBC John Simms Journalism Joyent Kindle Marketplace Lets Encrypt LibreOffice Linux Linux Hints Linux Single Board Computers Logging Mac OS Mac OS X MacOS X setup Make Money Online MariaDB Mars Matt Lucas MEADS Anti-Missile Mercurial Michele Gomez Micro Apartments Military Hardware Minification Minimized CSS Minimized HTML Minimized JavaScript Missy Mobile Applications MODBUS Mondas MongoDB Mongoose Monty Python MQTT Music Player Music Streaming MySQL NanoPi Nardole NASA Net Neutrality Node Web Development Node.js Node.js Database Node.js Testing Node.JS Web Development Node.x North Korea Online advertising Online Fraud Online Journalism Online Video Open Media Vault Open Source Governance Open Source Licenses Open Source Software OpenAPI OpenVPN Personal Flight Peter Capaldi Photography PHP Plex Plex Media Server Political Protest Postal Service Power Control Privacy Production use Public Violence Raspberry Pi Raspberry Pi 3 Raspberry Pi Zero Recycling Remote Desktop Republicans Retro-Technology Reviews Right to Repair River Song Robotics Rocket Ships RSS News Readers rsync Russia Russia Troll Factory SCADA Scheme Science Fiction Search Engine Ranking Season 1 Season 10 Season 11 Security Security Cameras Server-side JavaScript Shell Scripts Silence Simsimi Skype Social Media Warfare Social Networks Software Development Space Flight Space Ship Reuse Space Ships SpaceX Spear Phishing Spring Spring Boot SQLite3 SSD Drives SSD upgrade SSH SSH Key SSL Swagger Synchronizing Files Telescopes Terrorism The Cybermen The Daleks The Master Time-Series Database Torchwood Total Information Awareness Trump Trump Administration Ubuntu UDOO Virtual Private Networks VirtualBox VLC VNC VOIP Web Applications Web Developer Resources Web Development Web Development Tools Web Marketing Website Advertising Weeping Angels WhatsApp Window Insulation Wordpress YouTube YouTube Monetization