Category Archives: Russia

Yahoo hack: Email accounts of Australian politicians, public figures,police and judges compromised in massive breach, dataset has revealed

Yahoo suffers world’s biggest hack with data stolen from ONE BILLION users – including over 150,000 US government and military employees

  • Hackers stole data from more than one billion user accounts in August 2013
  • A different breach from one disclosed in September of 500 million accounts
  • Stolen info includes names, emails, phone numbers and dates of birth
  • The company still doesn’t know how the data from the accounts was stolen

yahoo-ceo-on-stage image www.intelagencies.com

The stolen database contains email addresses,

Key points:

  • Private email addresses, passwords belonging to politicians were obtained by hackers
  • AFP officers, judges and magistrates were also affected
  • Security experts warns the hack has the potential to cause serious embarrassment for officials

Data provided by US security company InfoArmor, which alerted the Department of Defence of the massive data breach last October, reveal more than 3,000 log-in credentials for private Yahoo services were linked to Australian Government email accounts.

InfoArmor, an Arizona-based cybersecurity firm which investigates data theft for law enforcement agencies, said the data was stolen from Yahoo in 2013 by a hacker organisation from Eastern Europe.

It said the hacker group then sold the Yahoo accounts to cyber criminals and a suspected foreign intelligence agency for $US300,000 each.

Yahoo revealed late last year that it believed hackers had stolen data from more than 1 billion user accounts in August 2013, in what is thought to be the largest data breach at an email provider.

A Department of Defence spokesperson confirmed key events to the ABC, including:

  • Defence was notified of the breach last October via an intermediary from NSW Police, two months before Yahoo announced the data breach to the public
  • It then notified its own affected employees of the breach

It remains unclear whether affected staff from other Commonwealth agencies have also been notified by their departments.

The stolen database contains email addresses, passwords, recovery accounts, and other personal identifying data belonging to a startling array of senior Australian officials.

Among those affected were Social Services Minister Christian Porter, Shadow Treasurer Chris Bowen, Victorian Premier Daniel Andrews, Liberal MP Andrew Hastie, opposition health spokesperson Catherine King and Liberal senator Cory Bernardi.

It is unclear how many of the accounts are still active.

The ABC was able to identify officials in the dataset because they had used their government emails as backups if they forgot their passwords.

Last week, the ABC approached each of these affected politicians’ offices, as well as some public servants, seeking confirmation of the authenticity of these log-in credentials. Most declined to do so.

The compromised accounts do not exclusively relate to clients of Yahoo’s email service, but also Yahoo-affiliated web services such as the microblogging site Tumblr and the photo sharing site Flickr.

A spokeswoman for Mr Porter said “as far as the Minister is aware he has never used a Flickr account”.

A spokesperson for Senator Bernardi said “to the best of his knowledge, [Senator Bernardi] doesn’t have a Yahoo account.”

One advisor told the ABC it was possible some accounts linked to politicians were set up by former staffers.

Others who did respond confirmed the log-in credentials are accurate.

Do you know more about this story? Email investigations@abc.net.au

Accounts linked to police, judges also compromised

Other government officials compromised include those carrying out sensitive roles such as high-ranking AFP officers, AusTrac money laundering analysts, judges and magistrates, political advisors, and even an employee of the Australian Privacy Commissioner.

“Perhaps records of transactions of purchases, or discussions or things they’ve done. Private conversations that they didn’t want to do on a government server. Perhaps they’ve engaged in some sort of shady activity. Or just expenses for politicians, for example, that they might have tried to keep out of official channels.

“Blackmail information is very valuable to other governments for nudging or persuading people to do things.”

Another challenge facing the Government is how to deal with compromised private accounts belonging to some Australian diplomats and special defence personnel posted overseas. Many of the officials featured in the dataset are employed in roles with security clearances that are intended to be low-profile.

“If I was in a position where my relationship with the government wasn’t to be known by others, then absolutely you shouldn’t be linking a government account to your personal accounts,” Mr MacGibbon said.

Hackers have had years to exploit data

A further problem is the protracted period between the Yahoo data breach itself, which dates back to March 2013, to the eventual public confirmation of Yahoo, over three years later.

Andrew Komarov, InfoArmor’s chief intelligence officer, said malicious hackers would have had literally years to exploit the users’ data.

“The bad actors had enough time to compromise any records they wanted as it’s a pretty significant time frame,” Mr Komarov said.

“That’s why today is pretty hard to figure out what exactly happened and how many employees in government could be compromised.”

According to InfoArmor, the hacker group responsible are an Eastern European cyber-criminal organisation motivated by profit, rather than a state-sponsored entity.

“This group has no presence on any forums or marketplaces. In the past they used two proxies: one for the Russian-speaking underground and another one for the English-speaking,” Mr Komarov said.

“They sell their data indirectly using some trusted channels, contacts and proxies. Not through any marketplaces or forums because of their security measures. They don’t need it.

“They have pretty serious contacts in the underground and some trusted rounds of various cybercriminals with whom they work.”

CLUB LIBIDO BANNER blonde on floor

Henry Sapiecha

Trump Receives Russia Hacking Report. Contents, true or false??

trump-side-image-www-intelagencies-com

Hours after concluding his meeting with the U.S.’s top intelligence officials, President-elect Donald Trump didn’t immediately continue his previous denial that the Russian government was behind the election season hacking of the Democratic National Committee.

Trump did, however, promptly issue a statement contradicting the report’s scope.

His statement, which was emailed to the media around 2:30 P.M., claimed that regardless of who was behind the hacks, they caused “absolutely no effect on the outcome of the election.”

However, the Office of the Director of National Intelligence (ODNI), which prepared the report, explicitly said they never attempted to judge how many votes Russia might have swayed — just that it was Russian President Vladimir Putin’s intent to favor Trump over his opponent, Hillary Clinton.

“We did not make an assessment of the impact that Russian activities had on the outcome of the 2016 election,” the report read. “The US Intelligence Community is charged with monitoring and assessing the intentions, capabilities, and actions of foreign actors; it does not analyze U.S. political processes or U.S. public opinion.”

It would likely be impossible to determine how many voters stayed home or chose Trump over Clinton because of the hacks, as well as their subsequent news coverage, especially in Russian outlets like RT, which the report called “a platform for Kremlin messaging.” Clinton lost by 74 electoral votes — a minimum of at least two states — though she received more total votes than any American presidential candidate in history save President Obama in 2008. She received 2.8 million more votes than Trump.

ODNI, which presented the report to President Obama on Thursday, made a declassified version available to the public late Friday afternoon. It contains few genuine revelations not previously reported in the news, though it’s noteworthy for breaking down the independent major intelligence agencies’ conclusions. The CIA and FBI both have “high confidence” that Putin ordered a hacking campaign to injure Clinton’s campaign. The NSA, which intercepted messages of senior Russian officials celebrating Trump’s win, expressed “moderate confidence” in that conclusion.

The report maintains, also with high confidence, that the online character Guccifer 2.0, who had claimed to be a Romanian hacktivist while slowly dispensing various documents stolen from Democrats’ servers, was a tool of Russian intelligence to disseminate those files. Vocativ reported in July that Guccifer 2.0 was lying about his identity and likely Russian, and in September that he seemed to leaking information about Democrats specifically in states vital for a Trump victory.

Trump added in his statement “that there was no tampering whatsoever with voting machines.” That, however, wasn’t even up for debate. It wasn’t mentioned in ONDI’s report, and prominent voting experts, as well as FBI Director James Comey, proclaimed before the election that a major attack on the U.S.’s physical voting machines was unlikely. Subsequent audits found no evidence of foreign tampering.

club-libido-banner-masked-woman-on-black

Henry Sapiecha

www.ispysite.com

Russian internet giant Rambler.ru hacked, leaking a massive 98 million accounts

The internet giant stored passwords in unencrypted plaintext.

glowing-keyboard-hacker-security-620x465 image www.intelagencies.com

Russian internet portal and email provider Rambler.ru has become the latest victim in a growing list of historical hacks.

Breach notification site LeakedSource.com, which obtained a copy of an internal customer database, said the attack dates back to February 17, 2012.

More than 98.1 million accounts were in the database, including usernames, email addresses, social account data, and passwords, the group said in a blog post. Unlike other major breaches, those passwords were stored in unencrypted plaintext, meaning anyone at the company could easily see passwords.

The last time a breach on this scale was found using plaintext password storage was Russian social networking site VK.com, which saw 171 million accounts taken in the breach.

Rambler.ru now joins the hacked ranks of LinkedIn and Last.fm in 2012, and MySpace and Tumblr in 2013.

LeakedSource said it had verified the breach, and has added the cache into its searchable database.

Rambler.ru is one of the largest websites in the world, and one of the most visited in Russia. Founded in 1996, the company provides search, news, email, and advertising, making it a powerhouse of the Russian internet. The company competes with Yandex, and Mail.ru (which also owns VK.com) which made headlines for a second time this year for suffering at the hands of hackers again.

We reached out to Rambler.ru prior to publication, but did not hear back. If that changes, we’ll update the piece.

Beautiful_Russian_1_300_250

Henry Sapiecha

www.scamsfakes.com

www.crimefiles.net

RUSSIAN HACKERS BUSY WITH ATTACKS ON THE NEW YORK TIMES & OTHER USA TARGETS

The sun peaks over the New York Times Building in New York August 14, 2013.  REUTERS/Brendan McDermid

The sun peaks over the New York Times Building in New York August 14, 2013. REUTERS/Brendan McDermid

The New York Times said on Tuesday its Moscow bureau was targeted by a cyber attack this month but that there was no evidence the hackers, believed to be Russian, were successful.

“We are constantly monitoring our systems with the latest available intelligence and tools,” Times spokeswoman Eileen Murphy told the newspaper. “We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised.”

Earlier on Tuesday, CNN, citing unnamed U.S. officials, reported that the Federal Bureau of Investigation and other U.S. security agencies were investigating cyber breaches targeting reporters at the Times and other U.S. news organizations that were thought to have been carried out by hackers working for Russian intelligence.

“Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said,” CNN reported.

The FBI declined a Reuters’ request for comment. Representatives for the U.S. Secret Service, which has a role in protecting the country from cyber crime, did not reply to a request for comment.

A government official briefed on the inquiry told the Times the FBI was looking into the attempted cyber attack but was not carrying out similar investigations at other news organizations.

The Times had not hired outside firms to investigate the attempted intrusion, contrary to the CNN report, Murphy said.

News of the cyber attack comes amid a wave of similar attacks targeting major U.S. political parties that have surfaced in recent weeks ahead of the Nov. 8 presidential election.

The Democratic National Committee, Democratic presidential nominee Hillary Clinton’s campaign and the party’s congressional fundraising committee have all been affected.

Hackers have also targeted the computer systems of Republican presidential nominee Donald Trump and Republican Party organizations, sources have told Reuters.

A breach at the Times would not be the first time foreign hackers infiltrated a news organization. Media are frequently targeted in order to glean insights into U.S. policies or to spy on journalists.

In 2013, a group of hackers known as the Syrian Electronic Army attacked the Times and other media outlets. Chinese attackers also infiltrated the Times that year.

(Reporting by Dustin Volz, John Walcott, Mohammad Zargham and Eric Walsh in Washington, and Jessica Toonkel in New York; Writing by Susan Heavey and Eric Walsh; Editing by Frances Kerry and Peter Cooney

 

Confirmed_Profile_1_300_250

Henry Sapiecha

 

FBI investigate US political party hacks, Russian ties

Is Russia at the heart of the alleged intrusion into Democratic Congressional Campaign Committee systems?

cyber-war-button-finger image www.intelagencies.com

The FBI is reportedly investigating a cyber attack levied against computer systems at the Democratic Congressional Campaign Committee (DCCC) which may have ties to Russian hackers.

According to Reuters, the cyber attack against the DCCC may also be linked to a recent attack against the Democratic National Committee (DNC).

The attack against the DNC led to tens of thousands of internal party emails being leaked to the public, as well as the resignation of DNC chair Debbie Wasserman Schultz.

The threat actors responsible have been linked to Russia due to hints in the code, however, nothing has been confirmed. Reports suggest that US intelligence agencies hold Vladmir Putin’s government responsible for the leak, of which Russian cyber criminals claimed to be the source.

Accusations have been made that the attack was launched in order to meddle with the upcoming presidential election. Russia has dismissed these claims as “absurd” bordering on “stupid.”

The DCCC attack may have taken place to steal information about donors, according to Reuters sources. As the DCCC raises money for Democrats running for Representative seats, knowing who is funding these campaigns — and grabbing information including email addresses and credit card data — could prove politically valuable.

The DCCC attack, which may have begun as early as June, included the use of a fraudulent website which mimicked the true DCCC donation website. Cash intended for campaigns then ended up to the malicious domain instead.

According to people familiar with the matter, the IP address of the fake website was similar to the one used by the alleged Russian hackers responsible for the DNC data breach.

FBI Director of National Intelligence James Clapper said on Thursday the agency was not ready to “make the call on attribution” as to who was responsible for the DNC hack, and there is no word on an investigation into the attack on the DCCC.

Confirmed_Profile_2_300_250

Henry Sapiecha

Vladimir Putin ‘probably’ ordered KGB defector Alexander Litvinenko’s death by radioactive poisoning: inquiry. Story in videos & pics.

ooo

ooo

President Putin ‘probably’ approved Litvinenko murder

A British inquiry has concluded the murder of ex-Russian spy Alexander Litvinenko in 2006 was “probably” approved by President Vladimir Putin. Courtesy ABC News 24.

London: Russian President Vladimir Putin “probably” ordered the murder of defected KGB spy Alexander Litvinenko in London, an official inquiry in Britain has found.

The finding will put pressure on the British government to take fresh measures against Russia, possibly including targeted sanctions and travel bans. It may also harm potential co-operation in military action against ISIS, and upcoming peace talks on the Syrian conflict.

Litvinenko died in November 2006 after a radioactive poison was slipped into his tea at a London hotel.

Alexander Litvinenko lies in a London hospital in November 2006 image www.intelagencies.com

Alexander Litvinenko lies in a London hospital in November 2006, dying of radiation poisoning. In 2014, the British government opened an inquiry into Moscow’s alleged involvement in the death of the former KGB agent.

There was a “strong probability” that the two killers were under the direction of the FSB, Russia’s security service.

“The FSB operation to kill Mr Litvinenko was probably approved by [then FSB head Nikolai] Patrushev and also by President Putin,” Sir Robert Owen, who led the year-long inquiry, said.

The inquiry examined expert evidence and heard testimony from forensic scientists and family members, as well as secret evidence that was not disclosed in the public report – but believed to be from Western intelligence agencies.

Russian Andrey Lugovoy, a former KGB agent, allegedly spiked the tea of Alexander Litvinenko with highly radioactive polonium 210 in Mayfair, London, on November 1, 2006 image www.intelagencies.com

Russian Andrey Lugovoy, a former KGB agent, allegedly spiked the tea of Alexander Litvinenko with highly radioactive polonium 210 at the Pine Bar of the Millennium Hotel in Mayfair, London, on November 1, 2006. Photo: aklugovoy.ru

Sir Robert said he was “sure” that Litvinenko was deliberately poisoned with the radioactive element polonium 210, which he ingested on November 1, 2006.

That afternoon Litvinenko had met two men for tea at the Pine Bar of the Millennium Hotel in Mayfair, London.

The men were Andrey Lugovoy and his associate Dmitri Kovtun – former Russian army officers. Lugovoy was a former KGB agent.

Marina Litvinenko, the widow of former Russian intelligence officer Alexander Litvinenko, outside a pre-inquest review in London in 2012 image www.intelagencies.com

Marina Litvinenko, the widow of former Russian intelligence officer Alexander Litvinenko, outside a pre-inquest review in London in 2012. Photo: AP

Forensic evidence showed the Pine Bar was “heavily contaminated” with polonium 210, the inquiry found.

“The highest readings were taken from the table where Mr Litvinenko was sitting and from the inside of one of the teapots. No comparable levels of contamination were found in any of the other places that Mr Litvinenko visited that day,” the report said.

Sir Robert said he was sure that Lugovoy and Kovtun placed the polonium in the teapot at the Pine Bar. They had tried to kill him with the same poison at a meeting a few weeks earlier.

Alexander Litvinenko, former KGB spy and author of the book Blowing Up Russia Terror From Within, at home in London in 2002 image www.intelagencies.com

Kovtun and Lugovoy are wanted by British authorities on suspicion of the murder of Mr Litvinenko. A warrant has been issued for their arrest but Russia has not extradited them. Both have denied killing Mr Litvinenko.

Forensic scientists found “widespread radioactive contamination” at locations linked to Lugovoy, Kovtun and Mr Litvinenko in the weeks before he fell ill.

There were also high levels of radioactive contamination on the British Airways plane seats Kovtum and Lugovoy used when flying to Moscow two days after the murder, and in placed visited by Kovtun in Germany the week before he took met with Litvinenko.

The inquiry rejected a “chemical fingerprint” theory that definitively traced the polonium to a Russian factory in Sarov, though it “unquestionably” could have come from there.

Sir Robert also cast doubt on a claim by a ‘Mr Potemkin’ that the polonium came from an August 2006 shipment to the FSB in Moscow.

However, given the amount of polonium possessed and used by the assassins, it “strongly indicated” the involvement of a state, Sir Robert said.

“Ordinary criminals might have been expected to use a straightforward, less sophisticated means of killing… the polonium 210 used to kill Mr Litvinenko must have come from a reactor and such reactors are in general under state control.”

The evidence in open court was strong circumstantial evidence of Russian state involvement, and the ‘closed evidence’ made it a strong probability that the FSB directed Lugovoy to poison Mr Litvinenko.

“There were powerful motives for organisations and individuals within the Russian state to take action against Mr Litvinenko, including killing him,” Sir Robert said.

“Mr Litvinenko was … regarded as having betrayed the FSB, … was an associate of leading opponents of the Putin regime and he had repeatedly targeted President Putin himself with highly personal public criticism.”

In one article, published the year he was killed, Mr Litvinenko claimed Mr Putin was a paedophile.

Evidence suggested Russia had previously killed a number of opponents of the Putin administration, through bombings and poison including radioactive poison.

Sir Robert said he was sure that Lugovoy and Kovtun were acting on behalf of others, probably the FSB.

Though they did not know the precise nature of the poison, they knew it was deadly, Sir Robert said.

During the inquiry Mr Putin awarded Lugovoy an honour for “services to the fatherland”. He is now a member of the Russian parliament.

In a deathbed statement Mr Litvinenko accused Mr Putin of direct involvement in his murder.

The inquiry heard evidence from several of Mr Litvinenko’s associates that the assassination could not have been done without Mr Putin’s knowledge and approval.

“This is a KGB rule number one, cover your back,” said one associate, Yuri Shvets.

An independent expert, Oxford University’s Professor Robert Service, who studies Russian history, told the inquiry it was “inconceivable” that FSB head Mr Patrushev would not have had advance knowledge of the operation.

Professor Service said Mr Putin had “some oversight” of FSB operations, and Sir Robert concluded that Mr Patrushev probably would have told Mr Putin about an operation such as the murder of Mr Litvinenko, though it was at present “unprovable”.

It was widely reported – and claimed by Mr Litvinenko’s widow and associates – that Mr Litvinenko had worked for British intelligence service MI6 after his arrival in Britain.

Sir Robert said the British government had not provided any evidence on the question in the “open” part of the inquiry – but had not denied it, either.

Sir Robert said in any case it was more important whether the FSB believed he was working for British intelligence agencies, and “that is precisely what the FSB believed” according to Lugovoy.

Mr Litvinenko’s former superior at the Russian secret service, Alexander Gusak, had agreed in an interview in 2007 that Litvinenko deserved to be executed because “when (he) defected abroad, he naturally handed over the undercover experts who had been its contacts”.

Mr Litvinenko was born in December 1962 and was an officer in the KGB and then the FSB. He was dismissed in 1998 after making public allegations of illegal activity within the FSB.

He was granted asylum with his wife and son in Britain in 2001 and worked as a journalist and author and producing ‘due diligence’ reports on Russian individuals and companies.

He fell ill on the evening of November 1, 2006 and died on November 23.

Just before his death, experts realised his body was highly contaminated with radioactive polonium 201.

Sir Robert said he had made one recommendation as a result of his inquiry, but he could not reveal it publicly as it concerned the ‘closed’ evidence he had heard.

Mr Litvinenko’s widow Marina said she was “very pleased” with the inquiry’s findings.

She called for the British government to expel all Russian intelligence agents, “either FSB or other Russian agencies based in the London embassy”.

She also called for immediate, targeted economic sanctions and travel bans against the people named in the report, including Mr Putin.

“It’s unthinkable that the prime minister would do nothing in the face of (these) damning findings,” she said.

Home Secretary Theresa May revealed she had also written to her counterparts in the EU, NATO and ‘Five Eyes’ countries – which includes Australia – drawing their attention to the report and the need to take steps “to prevent such a murder being committed on their streets”.

She told parliament the report’s finding that the Russian state was probably involved in the murder was “deeply disturbing” and a “blatant and unacceptable breach of fundamental international law”.

She announced new asset freezes on the two alleged killers, saying Russia’s “continued failure to ensure they are brought to justice is unacceptable”.

The government had summoned the Russian ambassador to the Foreign Office to demand an account of the FSB’s role in this case.

Lugovoy calls accusations ‘absurd’

Andrei Lugovoy said the accusations against him were “absurd”, the Interfax news agency quoted him as saying.

Lugovoy, who represents the ultra-nationalist Liberal Democratic Party of Russia in the Russian parliament, called the British inquiry “a pathetic attempt by London to use a skeleton in the closet for the sake of its political ambitions”.

He said the findings of the inquiry published on Thursday continued Britain’s “anti-Russian hysteria” which he said began after “the events in Ukraine in 2014”.

“The accusations brought against me are absurd,” he said.

“As we expected, there was no sensation. The results of the inquiry published today are yet more proof of London’s anti-Russian stance, its blinkered thinking and … unwillingness to establish the true cause of Litvinenko’s death.”

With Reuters

ooo

Henry Sapiecha

RUSSIAN HACKERS GET INTO THE DOW JONES BUSINESS PROFITS FORECAST SYSTEM

A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. REUTERS/Kacper Pempel/Files

Russian hackers had infiltrated Dow Jones & Co to steal information to trade on before it was made public, and the breach was “far more serious than a lower-grade intrusion” disclosed by the company, Bloomberg reported, citing sources.

The Federal Bureau of Investigation, Secret Service and the Securities and Exchange Commission are leading an investigation, which began at least a year ago, Bloomberg reported. (bloom.bg/1LSxcUI)

“We have received no information from the authorities about any such alleged matter,” Dow Jones spokeswoman Colleen Schwartz said in an email, adding that the company was looking into the report.

Dow Jones, the publisher of the Wall Street Journal and a unit of Rupert Murdoch’s News Corp, disclosed last week a breach of its systems that put payment card and contact information of about 3,500 individuals at risk.

Dow Jones had said that there was unauthorized access to its systems at certain times between August 2012 and July 2015.

“We are aware of the Dow Jones intrusion and looking into it,” FBI spokeswoman Kelly Langmesser said via email.

Langmesser added that she could not confirm anything else in the Bloomberg report.

The hackers sought information including stories being prepared for publication, Bloomberg said on Friday, citing two people familiar with the investigation.

The Secret Service could not be immediately reached for comment on the Bloomberg report. The SEC declined to comment

OOO

Henry Sapiecha

 

Clinton Private Account Targeted in Russia-Linked Email Scam

This portion of an email from Hillary Rodham Clinton's private email account when she was secretary of state and released by the State Department on Sept. 30, 2015, shows an email Clinton received early in the morning on Aug. 3, 2011. The newly released emails show Russia-linked hackers tried at least five times to pry into Clinton's private email account while she was secretary of state. It is unclear if she clicked on any attachment and exposed her account. Clinton received the infected emails, disguised as speeding tickets, over four hours early the morning of Aug. 3, 2011. The emails instructed recipients to print the attached tickets, which would have allowed hackers to take control of their computers. Security researchers who analyzed the malicious software have said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. (AP Photo/Jon Elswick)

This portion of an email from Hillary Rodham Clinton’s private email account when she was secretary of state and released by the State Department on Sept. 30, 2015, shows an email Clinton received early in the morning on Aug. 3, 2011. The newly released emails show Russia-linked hackers tried at least five times to pry into Clinton’s private email account while she was secretary of state. It is unclear if she clicked on any attachment and exposed her account. Clinton received the infected emails, disguised as speeding tickets, over four hours early the morning of Aug. 3, 2011. The emails instructed recipients to print the attached tickets, which would have allowed hackers to take control of their computers. Security researchers who analyzed the malicious software have said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. (AP Photo/Jon Elswick)

Russia-linked hackers tried at least five times to trick Hillary Rodham Clinton into infecting her computer systems while she was secretary of state, newly released emails show. It is unclear whether she was fooled into clicking any attachments to expose her account.

Clinton received the virus-riddled emails, disguised as speeding tickets from New York, over four hours early on the morning of Aug. 3, 2011. The emails instructed recipients to print the attached tickets – and opening them would have allowed hackers to take over control of a victim’s computer.

Security researchers who analyzed the malicious software in September 2011 said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. That doesn’t necessarily mean Russian intelligence or citizens were responsible.

Nick Merrill, a spokesman for Clinton’s Democratic presidential campaign, said: “We have no evidence to suggest she replied to this email or that she opened the attachment. As we have said before, there is no evidence that the system was ever breached. All these emails show is that, like millions of other Americans, she received spam.”

Practically every Internet user is inundated with spam or virus-riddled messages daily. But these messages show hackers had Clinton’s email address, which was not public, and sent her a fake traffic ticket from New York state, where she lives. Most commercial antivirus software at the time would have detected the software and blocked it.

The phishing attempts highlight the risk of Clinton’s unsecure email being pried open by foreign intelligence agencies, even if others also received the virus concealed as a speeding ticket from Chatham, New York. The email misspelled the name of the city, came from a supposed New York City government account and contained a “Ticket.zip” file that would have been a red flag.

Clinton has faced increasing questions over whether her unusual email setup amounted to a proper form of secrecy protection and records retention. The emails themselves – many redacted heavily before public release – have provided no shocking disclosures thus far and Clinton has insisted the server was secure.

During Clinton’s tenure, the State Department and other U.S. government agencies faced their own series of hacking attacks. U.S. counterterrorism officials have linked them to China and Russia. But the government has a large staff of information technology experts, whereas Clinton has yet to provide any information on who maintained her server and how well it was secured.

Republican presidential candidate Marco Rubio told Fox News Channel on Wednesday, “The exposure of sensitive information to foreign intelligence agencies by communicating in an insecure manner is incompetent, it is malpractice, it’s inexcusable.”

The emails released Wednesday also show a Clinton confidant urging her boss and others in June 2011 not to “telegraph” how often senior officials at the State Department relied on their private email accounts to do government business because it could inspire hackers to steal information. The discussion never mentioned Clinton’s own usage of a private email account and server.

The exchange begins with policy chief Anne-Marie Slaughter lamenting that the State Department’s technology is “so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively.” She said more funds were needed and that an opinion piece might make the point to legislators.

Clinton said the idea “makes good sense,” but her chief of staff, Cheryl Mills, disagreed: “As someone who attempted to be hacked (yes I was one), I am not sure we want to telegraph how much folks do or don’t do off state mail b/c it may encourage others who are out there.”

The hacking attempts were included in the 6,300 pages the State Department released, covering a period when U.S. forces killed Osama bin Laden and the Arab Spring rocked American diplomacy.

New York State police warned as early as July 2011 about emails containing warnings of traffic tickets that actually contained computer viruses.

Clinton received five copies between 1:44 am and 5:26 am on Aug. 3, 2011. They appeared to come from “New York State — Department of Motor Vehicles,” warning that a car registered to Clinton was caught speeding “over 55 zone” on July 5. Clinton had no public events in Washington that day, following the July 4 holiday. The email instructed the recipient to “print out the enclosed ticker and send it to town court, Chatam Hall, PO Box 117.”

The former first lady and New York senator had maintained that nothing was classified in her correspondence, but the intelligence community has identified messages containing “top secret” information. Clinton had insisted that all of her work emails were being reviewed by the State Department, but Pentagon officials recently discovered a new chain of messages between Clinton and then-Gen. David Petraeus dating to her first days in office that she did not send to the State Department.

As part of Wednesday’s release, officials upgraded the classification level of portions of 215 emails, State Department spokesman John Kirby said. Almost all were “confidential,” the lowest level of classification. Three emails were declared “secret,” a mid-tier level for information that could still cause serious damage to national security, if made public.

“The information we upgraded today was not marked classified at the time the emails were sent,” Kirby stressed.

Source: Associated Press

ooo

Henry Sapiecha

Kaspersky faked malware to harm rivals, ex-employees claim

Moscow-based KAspersky Lab is one of the biggest antivirus companies in the world image www.intelagencies.com

Moscow-based KAspersky Lab is one of the biggest antivirus companies in the world. Photo: Reuters

Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees.

They said the secret campaign targeted Microsoft, AVG, Avast and other rivals, fooling some of them into deleting or disabling important files on their customers’ PCs.

Some of the attacks were ordered by Kaspersky Lab’s co-founder, Eugene Kaspersky, in part to retaliate against smaller rivals that he felt were aping his software instead of developing their own technology, they said.

Eugene Kaspersky, chairman and CEO of Kaspersky Lab image www.intelagencies.com
“Eugene considered this stealing,” said one of the former employees. Both sources requested anonymity and said they were among a small group of people who knew about the operation.Kaspersky Lab strongly denied that it had tricked competitors into categorising clean files as malicious, so-called false positives.

“Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” Kaspersky said in a statement to Reuters. “Such actions are unethical, dishonest and their legality is at least questionable.”

Executives at Microsoft, AVG and Avast previously told Reuters that unknown parties had tried to induce false positives in recent years. When contacted this week, they had no comment on the allegation that Kaspersky Lab had targeted them.

Exclusive: Russian antivirus firm faked malware to harm rivals – Ex-employees

Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus software

The Russian company is one of the most popular antivirus software makers, boasting 400 million users and 270,000 corporate clients. Kaspersky has won wide respect in the industry for its research on sophisticated Western spying programs and the Stuxnet computer worm that sabotaged Iran’s nuclear program in 2009 and 2010.

The two former Kaspersky Lab employees said the desire to build market share also factored into Kaspersky’s selection of competitors to sabotage.

“It was decided to provide some problems” for rivals, said one ex-employee. “It is not only damaging for a competing company but also damaging for users’ computers.”

The former Kaspersky employees said company researchers were assigned to work for weeks or months at a time on the sabotage projects.

Their chief task was to reverse-engineer competitors’ virus detection software to figure out how to fool them into flagging good files as malicious, the former employees said.

The opportunity for such trickery has increased over the past decade and a half as the soaring number of harmful computer programs have prompted security companies to share more information with each other, industry experts said. They licensed each other’s virus-detection engines, swapped samples of malware, and sent suspicious files to third-party aggregators such as Google’s VirusTotal.

By sharing all this data, security companies could more quickly identify new viruses and other malicious content. But the collaboration also allowed companies to borrow heavily from each other’s work instead of finding bad files on their own.

Kaspersky Lab in 2010 complained openly about copycats, calling for greater respect for intellectual property as data-sharing became more prevalent.

In an effort to prove that other companies were ripping off its work, Kaspersky said it ran an experiment: It created 10 harmless files and told VirusTotal that it regarded them as malicious. VirusTotal aggregates information on suspicious files and shares them with security companies.

Within a week and a half, all 10 files were declared dangerous by as many as 14 security companies that had blindly followed Kaspersky’s lead, according to a media presentation given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010.

When Kaspersky’s complaints did not lead to significant change, the former employees said, it stepped up the sabotage.

Injecting bad code

In one technique, Kaspersky’s engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would send the doctored file anonymously to VirusTotal.

Then, when competitors ran this doctored file through their virus detection engines, the file would be flagged as potentially malicious. If the doctored file looked close enough to the original, Kaspersky could fool rival companies into thinking the clean file was problematic as well.

VirusTotal had no immediate comment.

In its response to written questions from Reuters, Kaspersky denied using this technique. It said it too had been a victim of such an attack in November 2012, when an “unknown third party” manipulated Kaspersky into misclassifying files from Tencent , Mail.ru and the Steam gaming platform as malicious.

The extent of the damage from such attacks is hard to assess because antivirus software can throw off false positives for a variety of reasons, and many incidents get caught after a small number of customers are affected, security executives said.

The former Kaspersky employees said Microsoft was one of the rivals that were targeted because many smaller security companies followed the Redmond, Washington-based company’s lead in detecting malicious files. They declined to give a detailed account of any specific attack.

Microsoft’s antimalware research director, Dennis Batchelder, told Reuters in April that he recalled a time in March 2013 when many customers called to complain that a printer code had been deemed dangerous by its antivirus program and placed in “quarantine.”

Batchelder said it took him roughly six hours to figure out that the printer code looked a lot like another piece of code that Microsoft had previously ruled malicious. Someone had taken a legitimate file and jammed a wad of bad code into it, he said. Because the normal printer code looked so much like the altered code, the antivirus program quarantined that as well.

Over the next few months, Batchelder’s team found hundreds, and eventually thousands, of good files that had been altered to look bad. Batchelder told his staff not to try to identify the culprit.

“It doesn’t really matter who it was,” he said. “All of us in the industry had a vulnerability, in that our systems were based on trust. We wanted to get that fixed.”

In a subsequent interview last week, Batchelder declined to comment on any role Kaspersky may have played in the 2013 printer code problems or any other attacks. Reuters has no evidence linking Kaspersky to the printer code attack.

As word spread in the security industry about the induced false positives found by Microsoft, other companies said they tried to figure out what went wrong in their own systems and what to do differently, but no one identified those responsible.

At Avast, a largely free antivirus software maker with the biggest market share in many European and South American countries, employees found a large range of doctored network drivers, duplicated for different language versions.

Avast Chief Operating Officer Ondrej Vlcek told Reuters in April that he suspected the offenders were well-equipped malware writers and “wanted to have some fun” at the industry’s expense. He did not respond to a request for comment on the allegation that Kaspersky had induced false positives.

Waves of attacks

The former employees said Kaspersky Lab manipulated false positives off and on for more than 10 years, with the peak period between 2009 and 2013.

It is not clear if the attacks have ended, though security executives say false positives are much less of a problem today.

That is in part because security companies have grown less likely to accept a competitor’s determinations as gospel and are spending more to weed out false positives.

AVG’s former chief technology officer, Yuval Ben-Itzhak, said the company suffered from troves of bad samples that stopped after it set up special filters to screen for them and improved its detection engine.

“There were several waves of these samples, usually four times per year. This crippled-sample generation lasted for about four years. The last wave was received at the beginning of the year 2013,” he told Reuters in April.

AVG’s chief strategy officer, Todd Simpson, declined to comment.

Kaspersky said it had also improved its algorithms to defend against false virus samples. It added that it believed no antivirus company conducted the attacks “as it would have a very bad effect on the whole industry.”

“Although the security market is very competitive, trusted threat-data exchange is definitely part of the overall security of the entire IT ecosystem, and this exchange must not be compromised or corrupted,” Kaspersky said.

Reuters

ooo
Henry Sapiecha

RUSSIAN HACKERS TAP INTO USA PRESIDENT OBAMA’S EMAILS

US President Barack Obama uses a Blackberry. image www.intelagencies.com

US President Barack Obama uses a Blackberry. Photo: AFP

Washington: Some of US President Barack Obama’s email correspondence was swept up by Russian hackers last year in a breach of the White House’s unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation.

The hackers, who also got deeply into the State Department’s unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr Obama’s BlackBerry, which he or an aide carries constantly.

But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr Obama regularly communicated. From those accounts, they reached emails that the President had sent and received, according to officials briefed on the investigation.

White House officials said that no classified networks had been compromised, and that the hackers had collected no classified information. Many senior officials have two computers in their offices, one operating on a highly secure classified network and another connected to the outside world for unclassified communications.

But officials have conceded that the unclassified system routinely contains much information that is considered highly sensitive: schedules, email exchanges with ambassadors and diplomats, discussions of pending personnel moves and legislation, and, inevitably, some debate about policy.

Officials did not disclose the number of Mr Obama’s emails that were harvested by hackers, nor the sensitivity of their content. The President’s email account itself does not appear to have been hacked. Aides say that most of Mr Obama’s classified briefings – such as the morning Presidential Daily Brief – are delivered orally or on paper (sometimes supplemented by an iPad system connected to classified networks) and that they are usually confined to the Oval Office or the Situation Room.

Still, the fact that Mr Obama’s communications were among those hit by the hackers – who are presumed to be linked to the Russian government, if not working for it – has been one of the most closely held findings of the inquiry. Senior White House officials have known for months about the depth of the intrusion.

“This has been one of the most sophisticated actors we’ve seen,” said one senior US official briefed on the investigation.

Others confirmed that the White House intrusion was viewed as so serious that officials met on a nearly daily basis for several weeks after it was discovered. “It’s the Russian angle to this that’s particularly worrisome,” another senior official said.

While Chinese hacking groups are known for sweeping up vast amounts of commercial and design information, the best Russian hackers tend to hide their tracks better and focus on specific, often political targets. And the hacking happened at a moment of renewed tension with Russia – over its annexation of Crimea, the presence of its forces in Ukraine and its renewed military patrols in Europe, reminiscent of the Cold War.

Inside the White House, the intrusion has raised a new debate about whether it is possible to protect a president’s electronic presence, especially when it reaches out from behind the presumably secure firewalls of the executive branch.

Mr Obama is no stranger to computer-network attacks: His 2008 campaign was hit by Chinese hackers. Nonetheless, he has long been a frequent user of email, and publicly fought the Secret Service in 2009 to retain his BlackBerry, a topic he has joked about in public. He was issued a special smartphone, and the list of those he can exchange emails with is highly restricted.

When asked about the investigation’s findings, the spokeswoman for the National Security Council, Bernadette Meehan, said: “We’ll decline to comment.” The White House has also declined to provide any explanations about how the breach was handled, though the State Department has been more candid about what kind of systems were hit and what it has done since to improve security. A spokesman for the FBI declined to comment.

Officials who discussed the investigation spoke on the condition of anonymity because of the delicate nature of the hacking. While the White House has refused to identify the nationality of the hackers, others familiar with the investigation said that in both the White House and State Department cases, all signs pointed to Russians.

On Thursday, Defence Secretary Ashton Carter revealed for the first time that Russian hackers had attacked the Pentagon’s unclassified systems, but said they had been identified and “kicked off”. Defence Department officials declined to say if the signatures of the attacks on the Pentagon appeared related to the White House and State Department attacks.

The discovery of the hacking in October led to a partial shutdown of the White House email system. The hackers appear to have been evicted from the White House systems by the end of October. But they continued to plague the State Department, whose system is much more far-flung. The disruptions were so severe that during the Iranian nuclear negotiations in Vienna in November, officials needed to distribute personal email accounts, to one another and to some reporters, to maintain contact.

Earlier this month, officials at the White House said that the hacking had not damaged its systems and that, while elements had been shut down to mitigate the effects of the attack, everything had been restored.

One of the curiosities of the White House and State Department attacks is that the administration, which recently has been looking to name and punish state and non-state hackers in an effort to deter attacks, has refused to reveal its conclusions about who was responsible for this complex and artful intrusion into the government. That is in sharp contrast to Mr Obama’s decision, after considerable internal debate in December, to name North Korea for ordering the attack on Sony Pictures Entertainment, and to the director of national intelligence’s decision to name Iranian hackers as the source of a destructive attack on the Sands Casino.

This month, after CNN reported that hackers had gained access to sensitive areas of the White House computer network, including sections that contained the President’s schedule, the White House spokesman, Josh Earnest, said the administration had not publicly named who was behind the hack because federal investigators had concluded that “it’s not in our best interests”.

By contrast, in the North Korea case, he said, investigators concluded that “we’re more likely to be successful in terms of holding them accountable by naming them publicly”.

But the breach of the President’s emails appeared to be a major factor in the government secrecy.

“All of this is very tightly held,” one senior American official said, adding that the content of what had been breached was being kept secret to avoid tipping off the Russians about what had been learned from the investigation.

Mr Obama’s friends and associates say that he is a committed user of his BlackBerry, but that he is careful when emailing outside the White House system.

“The frequency has dropped off in the last six months or so,” one of his close associates said, though this person added that he did not know if the drop was related to the hacking.

Mr Obama is known to send emails to aides late at night from his residence, providing them with his feedback on speeches or, at times, entirely new drafts. Others say he has emailed on topics as diverse as his golf game and the struggle with Congress over the Iranian nuclear negotiations.

George W. Bush gave up emailing for the course of his presidency and did not carry a smartphone. But after Mr Bush left office, his sister’s email account was hacked, and several photos – including some of his paintings – were made public.

The White House is bombarded with cyber attacks daily, not only from Russia and China. Most are easily deflected.

The White House, the State Department, the Pentagon and intelligence agencies put their most classified material into a system called JWICS, for Joint Worldwide Intelligence Communications System. That is where top-secret and “secret compartmentalised information” traverses within the government, to officials cleared for it – and it includes imagery, data and graphics. There is no evidence, senior officials said, that this hacking pierced it.

New York Times

ooo

Henry Sapiecha