Tag: Grizzly Steppe

United States Senate Committee on the Judiciary letter to AG Rosenstein and Acting Director McCabe on Russian Probe Briefings (12.05.2017)

U.S.: Letter from EEC to Deputy AG Rosenstein on violations of the “AG Sessions recusal from FBI’s Russian Probe” (12.05.2017)

Opinion: Trump’s two Executive Orders tries to deflect FBI’s Russian Probe!

President Donald Trump tries to deflect the Federal Bureau of Investigations Russian Probe into the Trump Campaign and United States Election in 2016. That must be seen since he the day after the FBI Director James Comey. He has tried to fill the news cycle with new movement, that goes back into the campaign spin, that even Sean Spicer hasn’t the capacity to hide behind. This is worrying if the American society buys into the quest Trump has with this new measures, while the acting FBI Director will continue the probe. Certainly, the case will not go away, even if Trump lies out of his teeth to the NBC, as he did earlier today.

LESTER HOLT: He asked for the dinner?

DONALD TRUMP: A dinner was arranged, I think he asked for the dinner. And he wanted to stay on as the FBI head. And I said I’ll, you know, consider and we’ll see what happens– But we had a very nice dinner. And at that time, he told me you are not under investigation. [OVER TALK]

LESTER HOLT: That was–

DONALD TRUMP: Which I knew anyway.

LESTER HOLT: That was one meeting. What was it, what were the other two? [OVER TALK]

DONALD TRUMP: First of all, when you’re under investigation, you’re giving all sorts of documents and everything. I knew I wasn’t under and I heard it was stated at the committee, at some committee level, that I wasn’t. Number one.

LESTER HOLT: So that didn’t come directly from him?

DONALD TRUMP: [OVER TALK] Then during a phone call he said it. And then during another phone call he said it. So he said it once at dinner and then he said it twice during phone calls.

LESTER HOLT: Did you call him?

DONALD TRUMP: Uh, in one case I called him and one case he called me.

LESTER HOLT: And did you ask, “Am I under investigation?”

DONALD TRUMP: I actually asked him, yes. I said, “If it’s possible, would you let me know am I under investigation?” He said you are not under investigation.

LESTER HOLT: But he’s, he’s given sworn testimony that there is an ongoing investigation into the Trump campaign and possible collusion with the Russian government? You were the centerpiece of the Trump campaign so [OVER TALK] was he being truthful when he says you weren’t under investigation?

DONALD TRUMP: [OVER TALK] Well, all I can tell you is, well I know what, I know that I’m not under investigation. Me. Personally. I’m not talking about campaigns. I’m not talking about anything else. I’m not under investigation” (NBC Exclusive Interview, 11.05.2017).

This is typical way of lying, putting different issues together and mixing it, while not disclosing or answering the interviewer. That President Trump knew is strange and that he claims Comey lied, is evident. Because Trump doesn’t want to lose face. Therefore, he called in this interview to try to look smart and deflect the grand issues arising from the sacking. It is not weird that he claims not be under investigation, since the FBI has had this probe for a while and different agents at the San Francisco, Pittsburg and Washington D.C. headquarters has worked on different parts of the investigation. So Mr. Trump is lying out of his teeth.

That is why he suddenly starts wasting public funds looking into ghosts and non-issues like fraudulent elections that the President has claimed all along, therefore now that he is catching a shit-storm of epic proportions. He has to try to send messages of other problems. So that he hopes the media looks away from the investigation that the FBI will continue to pursuit. Even with the firing of Comey and scandal of reasoning for doing so.

Therefore, this mission for a Presidential Advisory Commission on Election Integrity, which just happen to be executed today: “By the authority vested in me as President by the Constitution and the

laws of the United States of America, and in order to promote fair and honest Federal elections, it is hereby ordered as follows: Section 1. Establishment. The Presidential Advisory Commission on Election Integrity (Commission) is hereby established” (…) “Sec. 3. Mission. The Commission shall, consistent with applicable law, study the registration and voting processes used in Federal elections. The Commission shall be solely advisory and shall submit a report to the President that identifies the following:

(a) those laws, rules, policies, activities, strategies, and practices that enhance the American people’s confidence in the integrity of the voting processes used in Federal elections;

(b) those laws, rules, policies, activities, strategies, and practices that undermine the American people’s confidence in the integrity of the voting processes used in Federal elections; and

(c) those vulnerabilities in voting systems and practices used for Federal elections that could lead to improper voter registrations and improper voting, including fraudulent voter registrations and fraudulent voting” (Executive Order, Presidential Advisory Commission on Election Integrity, 2017).

So by all means he tries to start a Commission to safe himself on the grand-issue has claimed all along, that the election was filled with frauds, even if he won it. Like he has been proud of all the time, and to top it all off, he delivered yet another one connected with the whole election. Since there been discussed the leaks and hacking of the elections, therefore he had to order on Cyber Security, even if he has no knowledge of what that entails or envisions how this might implicate the current freedom of the internet.

Like this quote of the Executive Order:

Section1. Cybersecurity of Federal Networks.

(a) Policy. The executive branch operates its information technology (IT) on behalf of the American people. Its IT and data should be secured responsibly using all United States Government capabilities. The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises. In addition, because risk management decisions made by agency heads can affect the risk to the executive branch as a whole, and to national security, it is also the policy of the United States to manage cybersecurity risk as an executive branch enterprise” (…) “Sec. 2. Cybersecurity of Critical Infrastructure.

(a) Policy. It is the policy of the executive branch to use its authorities and capabilities to support the cybersecurity risk management efforts of the owners and operators of the Nation’s critical infrastructure (as defined in section 5195c(e) of title 42, United States Code) (critical infrastructure entities), as appropriate” (…)

Sec. 3. Cybersecurity for the Nation.

(a) Policy. To ensure that the internet remains valuable for future generations, it is the policy of the executive branch to promote an open, interoperable, reliable, and secure internet that fosters efficiency, innovation, communication, and economic prosperity, while respecting privacy and guarding against disruption, fraud, and theft. Further, the United States seeks to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace” (Executive Order – Strengthening the cybersecurity of Federal Network and Critical Infrastructure, 2017).

For a person like me, this seem like a tactic for President Trump to get the discussions being on the Executive Orders, instead of the Russian Probe. Like people will forget that he is investigated by the FBI. Since he trying to get other people to look into the elections and the issues created by the election. Therefore, he now on the same day after the sacking, has to do all of this. Not build roads or anything constructive for the Republic. Instead, he has to gain attention on the other problems that was also during the election. Some that was only in his mind and imagination. So don’t expect any deep findings of irregularities, because I don’t expect them to look into the laws in the different states that often disqualify minorities and people who is not well-informed about the laws on how to register to be voter.

Still, the President Trump will lie, he will not accept the probe and subpoenas, which is about Michael Flynn and other Trump Campaign associates. We will not know for a long while the end-game of this. But there will be more documentation and more findings of the connections between Moscow and Trump. He can blindly lie to the fans of him and the Republican party. Still, the rest of us doesn’t have faith in a man, who cannot speak truthful or act reasonable.

President Trump are really in trouble, still not discussing legislation or trying to get it passed through the House of Representatives or the Senate. Only the Paul Ryan’s draconian health care bill. Therefore, he has to write Executive Orders, since he lack ability to work with others or even trust others. Since he knows and the world knows, he is under investigation by the FBI. That will continue, but don’t believe the hype of these orders today. They are used as pawns to try to change the agenda and questioning the firing of Comey, the Sally Yates revelations and the Russian probe. Peace.

Reference:

NBC News exclusive interview with Donald Trump – Partial transcript – (May 11, 2017)

Donald J. Trump – Executive Order: ‘ESTABLISHMENT OF PRESIDENTIAL ADVISORY COMMISSION ON ELECTION INTEGRITY’ (11.05.2017)

Donald J. Trump – Executive Order: ‘STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE’ (11.05.2017)

Jason Chaffetz letter to Inspector General Michael Horowitz of DOJ on the FBI Probe into Russia and Clinton (10.05.2017)

Opinion: Trump’s Russian ghost doesn’t disappear with the axing of Comey!

“For Carter, it was as if the ghosts of Watergate stalked the halls of the White House. As with most ghosts, he wasn’t sure they existed, where they were or how to exorcise them.” Bob Woodward

President Donald J. Trump neither the wisest men of all; neither does he have the tact to look smart. He is just vicious and mean; he does not have character or have any grudges, except for when demeaning his wealth. Yesterday’s sacking of Federal Bureau of Investigations (FBI) Director James Comey is now on long list of people sacked by him.

Before the FBI director got the axe, several others legislators and security leaders has gotten the axe, that was the former Federal Prosecutor Preet Bharara and Acting Attorney General Sally Quillian Yates. House Intelligence Chairman David Nunes also stepped down from his position in the midst of the growing allegations. Therefore, it is not the first time President Trump clear the house of men and woman who looks into his chambers and his paper trail. Certainly, Trump think this is a wise decisions and thinks he can get people working directly for him, instead of people who investigate wrongdoings.

That the Trump Administration thinks this is brilliant and defending it is evident. As all spokespeople and all of the hired spin control are put into ALERT and trying to deflect the obvious reasons for the sudden axing. Suddenly the shadow of Moscow and the friendly Vlad are not going away. Like a pre-historical relic, it is figuratively the monument in the way for the legitimacy of President Trump.

It is very clear that President Trump want to deflect the matter, as the monster that overshadows his presidency. That is evident with his whiny tweets, and his digressions concerning the matter. Certainly, his manners and his acts towards fellow legislators who are in dismay proves the vulnerable position he has put himself into.

That Trump knows his concerning position on the Russian affairs, should be worrying. If he thinks people and investigators are stupid, than he underestimate the porous and fragile state he is in. President Trump already hired a sacked National Security Advisor, that even President Obama warned him about, but Trump did not care and hired Michael Flynn anyways. Only about 20 days later, because he was lying to Vice-President Mike Pence and later sacked as well.

That was because General Flynn gotten payments without authorization and without consent of the State Department by Russian affiliated groups and by Turkish interests. This was something he did not disclose and his reckless behavior with these foreign entities should have worried Trump, but it did not. Just like it did not matter for Trump during his campaign that the second campaign manager Paul Manafort clearly had contact and been paid by both Ukrainian interest and Russian affiliates. Just like has not mattered to Trump that his daughter Ivanka Trump and now advisor has been on vacation in August 2016 with the one of the supposed “girlfriends” of Vlad. The same as Jared Kushner, the son-in-law’s secret meetings with Russian ambassador and Alfa Bank, as well as the revelation of Eric Trump that it wise to do business in Russia, as reported in 2014.

There are a bit too many straws and too little time to maneuver them. He has hired people like former ExxonMobile executive Rex Tillerson who was enjoying a favorable relationship with Russia and was trying to giant business, even pursuing while in corporate to whine-down the sanctions against Russia. Since he wanted to do a massive oil-deal with the government there. Therefore, getting the job and getting the State Department proves how little effort the President Trump tries to conceal the apparent connection.

He must think people or the American people are stupid with the latest firing of James Comey, that the monster of the past and of the election suddenly disappear. No sorry brother, it will not be that easy. President Trump has mixed feelings, because he knows and therefore he have not been transparent. Certainly, some signs and evidence would be out there if the cash flow of wealth and business was looked into, the apparent profits and trades with Russia would appear. In addition, the IRS Tax Return would certainly establish the real value and the concentrated transactions of his personal wealth and his Trump Organization. Therefore, the world would see his inner-works and not just the image he likes to play.

That President Trump has connections and done activity with Russian is clear, to what extent and what effort, is still not disclosed to the world. We can know that it is something there, if it was not then he would not gone to the step of firing yet another individual looking into his business and the possible interference from a foreign power, in this regard, the Russians.

So even as the subpoenas are against Michael Flynn and on-going Probe in the Russian connections happens, and that Kremlin confirm a coming meeting between President Trump and Sergey Lavrov. Apparently, this all just happen simultaneously and co-existing. While President Trump thinks, it can be a castaway. You can throw a donut, but you cannot get rid of shadows and ghosts. Especially in the oval-office and while being President. The Commander-in-Chief should not have to worry about foreign interference, as he is a sovereign. However, I doubt President Trump knows the definition of sovereign. Peace.

Another ‘Grizzly Steppe’ report sheds more light into the Russian hacking in the United States!

russian-hack

There been several reports and assessments into the cyber-attacks and the hacking of the Presidential Election and Presidential Campaign of 2016 in the United States. This has been either criss-crossed or been over-looked. Certainly these has either addressed certain maladministration or lacking security defence of the Democratic Party. United States has been attacked and this hacking has been used to spread information on certain individuals and their parties when public opinion has mattered. Not all of the reports has shed much light on the matter, still the values of them all kind spread the value of the hacked documents.

Therefore the newly released report of another vision of the ‘Grizzly Steppe’ the Russian hacking on American soil and American computers proves the problematic situation, as this reports shed more light on the issue of the meddling of foreign powers into the recent election.

“JAR-16-20296 provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. JAR-16-20296 remains a useful resource for understanding APT28 and APT29 use of the cyber kill chain and exploit targets. Additionally, JAR-16-20296 discusses some of the differences in activity between APT28 and APT29. This AR primarily focuses on APT28 and APT29 activity from 2015 through 2016” (DHS, P: 2, 2017).

This has already said more than others, where the levels of intelligence and the traits of a single system connected to RIS where there, also the period of activity. Also, with the proof of yet another method that we non-computer technicians haven’t heard about:

“GRIZZLY STEPPE actors use various reconnaissance methods to determine the best attack vector for compromising their targets. These methods include network vulnerability scanning, credential harvesting, and using “doppelganger” (also known as “typo-squatting”) domains to target victim organizations. The doppelganger domains can be used for reconnaissance when users incorrectly type in the web address in a browser or as part of delivery as a URL in the body of a phishing emails. DHS recommends that network defenders review and monitor their networks for traffic to sites that look similar to their own domains. This can be an indicator of compromise that should trigger further research to determine whether a breach has occurred. Often, these doppelganger sites are registered to suspicious IP addresses” (DHS, P: 4, 2017).

“GRIZZLY STEPPE actors have excelled at embedding malicious code into a number of file types as part of their weaponization efforts. In 2014, it was reported that GRIZZLY STEPPE actors were wrapping legitimate executable files with malware (named “OnionDuke”) to increase the chance of bypassing security controls. Since weaponization actions occur within the adversary space, there is little that can be detected by security analysts during this phase. APT28 and APT29 weaponization methods have included:

 Code injects in websites as watering hole attacks

 Malicious macros in Microsoft Office files

 Malicious Rich Text Format (RTF) files with embedded malicious flash code” (DHS, P: 5 ,2017).

So these reports are yet another step into the unravelling of the hacking that has occurred and the TLP White Report from the Department of Homeland Security. This report has showed a little bit more and especially more technical features that are hard to describe in words. Still, this one is the most proving one of the ones delivered.

This report also added technics of ways of hacking computers that can and shows the intelligent ways the RIS and their computer hackers. However, this was more technical so therefore I cannot digest it all, which needs to be done by computer technicians. So my estimation on the value of this one is certainly that the DHS tries to prove the actual acts and not only assess it. Therefore this gives the feeling of proof and the validity of these acts. Peace.

Reference:

Department of Homeland Security (DHS) – ‘Enhanced Analysis of GRIZZLY STEPPE Activity’ (10.02.2017)

Opinion: The new U.S. Intelligence Report following ‘Grizzly Steppe’ as ICA Assessing report reveals little, but the conspiracy and motive is explained!

russian-hack

Today, The Intelligence Community Assessment Report of 6th January 2017 was released, which has been delivered and now is in the public. There we’re already one report out ‘Grizzly Steppe’ of 26th December 2016 that we’re released jointly together Federal Bureau of Investigation (FBI) and  National Cybersecurity & Communications Integration Center (NCCIC) where the key aspect we’re this:

“This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE” (…) “This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens. These cyber operations have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information. In foreign countries, RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks. In some cases, RIS actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack. This JAR provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. Government” (Grizzly Steppe, 2016).

With this in mind the newly made report which is 10 pages longer or little more than the Joint Report from FBI & NCCIC in December 2016. Therefore a new report made in January 2017 should have more indications than that one, as it is also given to the President-Elect.

“Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or “trolls.” Russia, like its Soviet predecessor, has a history of conducting covert influence campaigns focused on US presidential elections that have used intelligence officers and agents and press placements to disparage candidates perceived as hostile to the Kremlin” (ICA, P: 7,  2017)

“We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks” (ICA, P: 8-9, 2016).

“By their nature, Russian influence campaigns are multifaceted and designed to be deniable because they use a mix of agents of influence, cutouts, front organizations, and false-flag operations. Moscow demonstrated this during the Ukraine crisis in 2014, when Russia deployed forces and advisers to eastern Ukraine and denied it publicly” (…) “The General Staff Main Intelligence Directorate (GRU) probably began cyber operations aimed at the US election by March 2016. We assess that the GRU operations resulted in the compromise of the personal e-mail accounts of Democratic Party officials and political figures. By May, the GRU had exfiltrated large volumes of data from the DNC” (ICA, P: 12, 2017).

“We assess with high confidence that the GRU used the Guccifer 2.0 persona, DCLeaks.com, and WikiLeaks to release US victim data obtained in cyber operations publicly and in exclusives to media outlets” (ICA, P: 12-13, 2017).

“Putin’s public views of the disclosures suggest the Kremlin and the intelligence services will continue to consider using cyber-enabled disclosure operations because of their belief that these can accomplish Russian goals relatively easily without significant damage to Russian interests” (ICA, P: 15, 2017).

If the National Intelligence Organizations of United States together says it has been interference, than it more than one chief and one mind behind the investigations. As the reports are piled up with more assessments of the Presidential Election of 2016 and the end-game that we’re in favour of Putin. Since it ended in favour and to the Russia friendly President Candidate, the DNC and now the Security Organizations are blaming the Russian Intelligence Services (RIS) instead we’re now seeing a full blow-out of information and circulated reports made by serious authorities.

These ones doesn’t drop intelligence with ease, they dislike being open to the press and keeps things hidden in the shadow is their business, therefore even smallest drops proves that it isn’t longer conspiracy. Assange of WikiLeaks has claimed it we’re private persons and not Russian Agents giving the documents to WikiLeaks. The public dumping of loads upon loads of DNC e-mails has had to hurt the confidence in Democratic National Committee and the Democratic Party Presidential Nominee Hillary Clinton. Which the releases of E-Mails did with the uncovering of all kind of bad behaviour and the operations behind a Presidential Candidate in the midst of it. Something we have not really seen before and the ability to see how a Presidential Candidate really operates and how the operation has PACs to fuel monies to keep commercial, corporate media and all the other pieces of the puzzles are dancing after a Presidential Candidate in the United States. The best way to learn that is to read the mails and put it in order, to see to how they build organizations to get people elected. Therefore the DNC leak has given lots of knowledge that usually would have been in shadow and not on the sidewalk.

The acts have malicious, but also eye-opening, sure Podesta must hate WikiLeaks, as much as the others like WADA must hate FancyBears. There are others who has dropped intelligence that we’re mentioned, what was strange was that none of the connected to Anonymous or Anonymous who has operated in the United States.

What was weird that in the other one, there we’re clearly indicated operatives and nicknamed hackers mentioned in the December 2016 report, but none in the January 2017. Like they are hidden in the sphere and not known, because they could been more direct about the origin, as the other report isn’t clear about the origin, but the existence of some operatives who has hacked pages. The key of missing information is where the ones who is known is really from and why isn’t that revealed, as it would give more credibility to the report. Because when the direct actors isn’t actually portrayed, but assessed, therefore next time they could reveal more flesh on the bone. There are lose ends to between the bidding and the end-game.

There are motive and there are indicated acts of malice. But what is sure how the DNC documents went online could be more than what these reports are saying. They have not been showing the whole trip of the process of shadowing or even fishing documents of servers. What they have done is showing is the means of what it really took to hack it.

You have a motive, means for a conspiracy and possible outlets for the hacked information, you have some well-known hackers who might have hacked, but their origin is not revealed. Therefore the reports are in the flawed, they are eye-opening, but certain aspects are left in the dark, from the same dark the hackers came from and open the world to how the DNC did their work. Peace.

Reference:

Intelligence Community Assessment – ‘Assessing Russian Activities and Intentions in Recent US Elections’ – ICA 2017-01D | 6 January 2017

NCCIC & FBI ‘TLP White’ – ‘GRIZZLY STEPPE – Russian Malicious Cyber Activity’ (29.12.2016)

The Joint Security Report shows how the hacking of Clinton campaign and Democratic Party happen, as the leaks hurts her campaign and interfered with US Presidential Election of 2016!

wikileaks-assange-promises-leaks-on-us-election-google

We all knew that the Democratic Party where under siege during the Election 2016. That can be known by the DC Leaks, WikiLeaks and Guccifer2.0. Then you have FancyBears who dropped knowledge on athletes who we’re allowed to use questionable substances while still being allowed to be competing in world cups and at the Olympics.

President Obama Executive Order of 29.12.2016:

“Section 1. (a) All property and interests in property that are in the United States, that hereafter come within the United States, or that are or hereafter come within the possession or control of any United States person of the following persons are blocked and may not be transferred, paid, exported, withdrawn, or otherwise dealt in: (i) the persons listed in the Annex to this order; (ii) any person determined by the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to be responsible for or complicit in, or to have engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of: (A) harming, or otherwise significantly compromising the provision of services by, a computer or network of computers that support one or more entities in a critical infrastructure sector” (Obama, 2016).

We couldn’t know who all dropped knowledge and documents about Hillary Clinton and the Democratic National Party. Even if there we’re indications we couldn’t’ directly know who was behind the documents. That were on the pages that I have mentioned. Me myself has downloaded the hacked document and read through a bunch of e-mails released on WikiLeaks. It had to come from somewhere and somebody else had to hack or to do some whistleblowing this information. So that the public and me could collect and analyse the intelligence that the DNC themselves wanted to keep inside their own chambers.

We could now see how a major American party did their practices of fundraising and party works in general towards an election. Like we have never seen how a campaign manager has worked and travelled, how they have gotten fundraising for a bigger political foundation as the Clinton Foundation as now. That is because of the release of e-mails and documents on a scale we haven’t seen. Before those documents has landed in one pile at one journalist or one paper and they have released piece by piece or a cover story. The WikiLeaks drop of the DNC E-Mails of Podesta was not only interesting, but revealing how the internal works of the Democratic Party works.

Therefore the release of FBI, NCCIC and Department of Homeland Security documents shows how they did this and what technic they used to get into the DNC party or WADA to take out the documents that we’re released during the 2016. This shows the power in going into other people’s and organizations computers and computer systems to gain intelligence… That cannot be spared in the conversation as the knowledge of the DNC and other organization that has intelligence that the public could have interest of knowing.

Clinton Campaign TV

Let’s take a brief look at what the State Security Organizations said now in December and before that in October on the matter!

State Actors:

Most capable, active, and dangerous cyber adversaries

Advanced tradecraft and technical expertise

Indigenously developed exploitation tools

Well resourced

Social engineering (spear phishing), extensive research and target profiling, DDoSattacks” (U.S. Department of Homeland Security, P: 3, 2016).

“This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE” (…) “This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens. These cyber operations have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information. In foreign countries, RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks. In some cases, RIS actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack. This JAR provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. Government” (TLP White, P: 1, 2016).

Spearfishing a Political Party:

“Once APT28 and APT29 have access to victims, both groups exfiltrate and analyze information to gain intelligence value. These groups use this information to craft highly targeted spearphishing campaigns. These actors set up operational infrastructure to obfuscate their source infrastructure, host domains and malware for targeting organizations, establish command and control nodes, and harvest credentials and other valuable information from their targets. In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims. APT29 used legitimate domains, to include domains associated with U.S. organizations and educational institutions, to host malware and send spearphishing emails. In the course of that campaign, APT29 successfully compromised a U.S. political party. At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure” (TLP White, P: 2-3, 2016).

“Phishing and Spearphishing

  • Implement a Sender Policy Framework (SPF) record for your organization’s Domain Name System (DNS) zone file to minimize risks relating to the receipt of spoofed messages.
  • Educate users to be suspicious of unsolicited phone calls, social media interactions, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in social media or email, and do not respond to solicitations for this information. This includes following links sent in email.
  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL often includes a variation in spelling or a different domain than the valid website (e.g., .com vs. .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
  • Take advantage of anti-phishing features offered by your email client and web browser.
  • Patch all systems for critical vulnerabilities, prioritizing timely patching of software that processes Internet data, such as web browsers, browser plugins, and document readers” (TLP White, P: 13, 2016).

cnn-election-hack

With this all in mind, we can see that the Russians allegedly interfered with one specific technic to gain intelligence from their American counterparts in this perspective the U.S. Democratic National Party. The DNC and their Presidential Candidate Hillary Clinton; so their effort to install and get a more Russian friendly candidate could be effective with release of certain details of her conducts and her history… that no other candidate has ever gotten more scrutiny as Clinton ever done.

We can surely remember the massive overload of e-mails, documents and also internal memo’s that could boggle political interested minds while Trump where harsh critic and also a right-wing migration biased uprising who couldn’t care less about his own moral defects, while addressing Clinton like the worst politician ever. That can be shown in history. These hacks and release of documents we’re surely important when considering how voters could be swayed away from voting the Democratic Party and their Candidate.

They did in the report site very many different hackers who even I know them and know about their works, without knowing their sources or methods of work. I only know of their pages where they drop the documentation and E-Mails, which showed internal facts I could only wish to see in the past. That I couldn’t have made articles and quick-journalism like pieces without! These hackers and these drops of intelligence we’re vital for me to know more about the DNC and Hillary Clinton. Trump told all his lies and deception in public. Clinton kept it cool, while the droppings of documents, memos and e-mails put it all online. She couldn’t hide the facts or the ways of her party since it was all out there!

I have never seen something similar and if it was done by the method told in the report, than the men or woman behind the hack is sophisticated and also smart. They knew how to get the users to lure their Intel and get it into their own servers. This by any means is a quick theft of sensitive information, which weakens the DNC and Clinton in the public eye. The Public Eye and public perception is vital to ever win an election. Peace.

Reference:

U.S. Department of Homeland Security – ‘Cyber Threats to the Homeland’ (October 2016)

NCCIC & FBI ‘TLP White’ – ‘GRIZZLY STEPPE – Russian Malicious Cyber Activity’ (29.12.2016)

Obama, Barrack – Executive Order – ‘TAKING ADDITIONAL STEPS TO ADDRESS THE NATIONAL EMERGENCY WITH RESPECT TO SIGNIFICANT MALICIOUS CYBER-ENABLED ACTIVITIES’ (29.12.2016)