PolitiHack, Or How I Learned to Stop Worrying About Russians Influencing the US Election and Learned to Love CybersecurityDecember 23, 2016 at 4:12 pm | Posted in cybersecurity, Knowledge | 2 Comments
Tags: attacker, casp, ceh, cfr, CISSP, cozy bear, cybersecurity, DNC, fancy bear, fbi, GSEC, guccifer 2.0, Hackers, Russia, Security+
Hackitivism and cyberespionage are certainly nothing new, especially emanating from Russia. But the 2016 US presidential election was a swift education for Americans and the watching world regarding the widespread consequences of a successful APT (advanced persistent threat). A joint statement issued by the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security stated that the “U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations” (emphasis ours).
Thanks to the detailed reporting from the New York Times, the fog of war is beginning to clear and the full extent of the cyberattack has become clear. And what is increasingly apparent is that at every stage, cybersecurity training could have significantly mitigated or (perhaps) even prevented portions of the attack altogether.
Enter the low-rung MIS contractor hired by the DNC — Yared Tamene. He claims no cybersecurity expertise, much less any cybersecurity-related certification like GSEC, CASP, CISSP, CEH or CFR. So it’s hardly appropriate to assign him the brunt of the blame. Instead, we should use his example to learn how cybersecurity knowledge and skills could have better informed the fateful decisions that he, and many others, made along the way.
In the fall of 2015, the FBI noticed some unusual outgoing network traffic from the DNC network, suggesting that at least one computer was compromised. The early forensics linked the compromise to a known Russian cyberespionage group going by the moniker “the Dukes” (AKA “Cozy Bear” and “APT29”) , who had in just the last few years, penetrated the White House, State Department and Joint Chiefs of Staff email systems. A special agent picked up the phone, called Tamene, and told him what they knew.
Before we even get to Tamene’s response, any trained cybersecurity first responder knows why the FBI called via phone rather than emailing their dire message. Communication protocol during a security incident should be out-of-band, meaning outside of the primary communication channels (primarily network where the attacker could be listening). Ironically, Tamene was convinced that the FBI call was a hoax, and after repeated calls over the new few months, he ignored the urgency. In November, the FBI even confirmed with Tamene that known malware was routing data to servers located in Moscow.
Tags: Angler, aol, bbc, bitcoins, ceh, certified ethical hacker, cnn, cryptolocker, EC-Council, hacking, hospital, new york times, nfl, ransomware
It was predicted late last year that 2016 would the year for ransomware. Thus far, the prediction is proving right; only four months in to 2016, the Locky ransomware has managed to spread itself over 114 countries (displaying its demands in dazzling array of 24 languages). The Hollywood Presbyterian Medical Center paid $17,000 in bitcoins after having their computer systems seized in February 2016, while hospitals in Kentucky and Maryland report similar attacks.
In case you’ve been in that doomsday bunker a bit too long, ransomware is malicious software that blocks access to your own data, usually by encryption that targets a local computer. Data stays locked away until you pay a tidy sum of money to the hacker (or, more commonly, to the hacking organization). The malware usually contains a ticking bomb that will format the entire hard drive if you don’t pay by a deadline (or post the data for everyone to see, just as extra motivation). The data kidnappers may call themselves hackers or vigilantes, or even pretend to be a federal agency, but their demand is always the same: pay us for your data — or else!
Worse, with automated viruses like Crytpolocker, Crytowall and TeslaCrypt, hackers don’t have to go through the extra effort of targeting big fish like CEOs of Fortune 500 companies. Any end user could be bilked for hundreds of dollars. And, through the economies of scale, hackers rake in millions per campaign. While current year damages won’t be tallied for a while, the FBI estimates the CrytoWall variant pulled in over $18 million from 2014 to 2015 alone.
End users are not the only targets; nor are Windows users. Major sites like the New York Times, BBC, AOL and NFL had their advertising networks compromised by malvertising, where a malicious ad hijacked user’s browsers and redirected them to install a crypto-virus via the Angler toolkit (another argument for using adblockers?). And the once near-invincible Mac OS has been revealed as the target of the KeRangers malware – the first ransomware Mac users have ever had to contend with.
In this climate, is it any surprise then that a prominent security certification vendor like EC-Council was a recent target? Read more for the details.