Cybersecurity and Cyberwarfare

It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs. What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.

The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision in Sept to order Kaspersky software removed from government computers. The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

The hack into the accountancy giant Deloitte compromised a server that contained the e-mails of an estimated 350 clients, including four US government departments, the United Nations and some of the world’s biggest multinationals, apparently. The incident was potentially more widespread than Deloitte has been prepared to acknowledge and that the company cannot be 100% sure what was taken. Deloitte said it believed the hack had only “impacted” six clients, and that it was confident it knew where the hackers had been. It said it believed the attack on its systems, which began a year ago, was now over. However, apparently, the company red-flagged, and has been reviewing, a cache of e-mails and attachments that may have been compromised from a host of other entities.

White House officials believe that chief of staff John Kelly’s personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials. The discovery raises concerns that hackers or foreign governments may have had access to data on Kelly’s phone while he was secretary of Homeland Security and after he joined the West Wing.

Tech support staff discovered the suspected breach after Kelly turned his phone in to White House tech support this summer complaining that it wasn’t working or updating software properly. Kelly told the staffers the phone hadn’t been working properly for months, according to the officials. White House aides prepared a one-page September memo summarizing the incident, which was circulated throughout the administration. A White House spokesman said Kelly hadn’t used the personal phone often since joining the administration. This person said Kelly relied on his government-issued phone for most communications. The official, who did not dispute any of Politico’s reporting on the timeline of events or the existence of the memo, said Kelly no longer had possession of the device but declined to say where the phone is now.

Senate Armed Services Committee Chairman John McCain (R-AZ) said the panel will work to combat Russia's disinformation campaign that aims to undermine democratic governments and sow division and dissent throughout the United States. “We know that Putin’s Russia has not slowed its efforts to interfere in our elections and domestic affairs. The Senate Armed Services Committee will continue working to address this challenge, which is a threat to our national security,” Sen McCain said. Sen McCain said he is a victim of one of Russia's targeted ads, which planted a false narrative that he met with a leader from the Islamic State of Iraq and Syria (ISIS).

[Commentary] With Facebook handing over Russian propaganda ads from the US election to Congressional investigators, we must understand that this is part of a much broader assault. The threat of these digital attacks extends to all democracies, in the West and beyond. Furthermore, attacks on elections over the past year are asymmetric. Liberal democracies do not and often cannot respond in kind to cyberattacks on their own way of governance. Democracies with free and fair elections are vulnerable to attack, while in autocratic societies, it only matters who is counting the votes. Authoritarian regimes do just fine manipulating their own elections. In Russia, tweeting or sharing real news that’s embarrassing to the regime can land you in prison. Imagine then the response of the regime to fake news that’s damaging to the Kremlin. If democracies actively disseminated such fake news, it would only reduce us to Russia’s level and lead to greater repression there.

The response to these cybercrimes must be international and must be broad-based, ranging from regulating social media to guarding our electrical grid and electoral systems. Building a collective defense in this new code war is at least as great a challenge as staving off the territorial or regional threats of the Cold War, when NATO was established in order to respond to threats in Europe.

[Toomas Hendrik Ilves served as president of Estonia from 2006-2016. He is a distinguished visiting fellow at the Hoover Institution.]

Apparently, hackers working for the Russian government stole details of how the US penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer. The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab.

The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the US. The incident occurred in 2015 but wasn’t discovered until spring of 2016, apparently.The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the US.

Russia has opened a new battlefront with North Atlantic Treaty Organization (NATO), according to Western military officials, by exploiting a point of vulnerability for almost all allied soldiers: their personal smartphones. Troops, officers and government officials of NATO member countries said Russia has carried out a campaign to compromise soldiers’ smartphones.

The aim, they say, is to gain operational information, gauge troop strength and intimidate soldiers. Russian officials deny that Moscow stages such attacks. US and other Western officials said they have no doubt Russia is behind the campaign. They said its nature suggests state-level coordination, and added that the equipment used, such as sophisticated drones equipped with surveillance electronics, is beyond the reach of most civilians.

All 3 billion Yahoo accounts were affected by a 2013 data breach — three times as many as the company first reported. In December, Yahoo disclosed that hackers stole information that could be connected to more than 1 billion accounts, an incident that was then believed to be the most users affected in a single breach. The company updated that tally Oct 3, saying on its website that outside forensic experts analyzed “recently obtained additional information” that shows “all accounts that existed at the time of the August 2013 theft were likely affected.” The stolen data could include names, email addresses, phone numbers, dates of birth, passwords that have been scrambled, or “hashed,” and encrypted or unencrypted security questions or answers, the company said.

Early in his administration, President Donald Trump signed a directive outlining a strategy of pressure against North Korea that involved actions across a broad spectrum of government agencies and led to the use of military cyber-capabilities, according to US officials.

As part of the campaign, US Cyber Command targeted hackers in North Korea’s military spy agency, the Reconnaissance General Bureau, by barraging their computer servers with traffic that choked off Internet access. The effects were temporary and not destructive, officials said. Nonetheless, some North Korean hackers griped that lack of access to the Internet was interfering with their work. A senior administration official said, “What I can tell you is that North Korea has itself been guilty of cyberattacks, and we are going to take appropriate measures to defend our networks and systems.”

An analysis of more than 70,000 Mac computers being used in businesses and organizations has revealed a firmware vulnerability that could be exploited by a determined, well-resourced attacker such as a foreign government. Thousands of computers, if not more, are potentially in danger. While Apple devices were the focus of the study released Sept 29 by the firm Duo Security, experts at the company said that Windows-based machines are even more likely to be at risk, because of the range of manufacturers involved in building those types of PCs.

The flaw outlined by Duo Security researchers Rich Smith and Pepijn Bruienne concerns Apple's Extensible Firmware Interface, or EFI, which helps computers boot up and run the main operating systefam. Because all subsequent hardware and software operations are dependent on the EFI, allowing hijackers to gain control of it could prove disastrous.