December 29, 2016

Obama Issues Sanctions for Alleged Russian Hacking of DNC and Podesta Emails

December 29, 2016

ABC News - The U.S. government provided new details today that revealed how a state adversary broke into American computer systems and influenced the U.S. democratic process.

In a report issued this afternoon, the FBI and Department of Homeland Security outlined “technical details” that led them to conclude Russian military and intelligence services were behind a massive cyber assault on U.S. institutions, including the breach of the Democratic National Committee that became public earlier this year.

“All Americans should be alarmed by Russia’s actions,” which seek “to harm U.S. interests in violation of established international norms of behavior,” President Barack Obama said in a statement today.

U.S. officials have dubbed the alleged Russian campaign “Grizzly Steppe,” and today’s report was issued shortly after the Obama administration announced new sanctions against Russian agencies and individuals for the cyber attacks.

According to the report, two different Russian groups took part in the hack of “a U.S. political party” – a direct reference to the Democratic Party and DNC, which had tens of thousands of internal emails stolen and then released online this year.
 
The report said one group -- known as “Advanced Persistent Threat 29” or “APT 29” -- first broke into the Democratic Party’s systems in summer 2015, and then the second group -- known as “APT 28” -- successfully breached systems in spring 2016.

The groups often “trick” their victims into divulging “legitimate credentials” by closely mimicking domains and email addresses from their employers, the FBI and DHS said.

“Once APT28 and APT29 have access to victims, both groups exfiltrate and analyze information to … craft highly targeted spearphishing campaigns” and then ultimately “harvest credentials and other valuable information from their targets,” according to the report.

In fact, in summer 2015, operatives from APT29 blasted out a malicious link to more than 1,000 potential victims, many of them within the U.S. government, the report said. And that effort ultimately led to the DNC hack after at least one “targeted individual” clicked on links to malicious software and opened attachments.

“APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections,” the report continued.

In spring 2016, a new “spearphishing” campaign from APT28 targeting the Democratic Party “tricked recipients into changing their passwords through a fake webmail domain,” ultimately allowing hackers to “steal content,” likely including “multiple senior party members,” the FBI and DHS concluded.

“The U.S. government assesses that information was leaked to the press and publicly disclosed,” the report said.

Internal DNC messages posted online earlier this year appeared to show efforts by DNC officials to undermine Democratic presidential candidate Bernie Sanders during the primary season.

After those damaging emails were publicly released by WikiLeaks, Florida Rep. Debbie Wasserman Schultz stepped down as the DNC's chairwoman. 


Emails stolen from the private email account of Hillary Clinton’s campaign chairman, John Podesta, also led to a series of uncomfortable disclosures that were repeatedly highlighted by now-President-elect Donald Trump and other critics during the presidential campaign. 


In October, DHS and the Director of National Intelligence issued a statement saying the U.S. intelligence community was “confident that the Russian government directed the recent compromises of emails from U.S. persons and institutions,” and insisting the “thefts and disclosures are intended to interfere with the U.S. election process.”

Today’s report expands on that statement, noting that Russian services “are continuing to engage in spearphishing campaigns, including one launched as recently as November 2016, just days after the U.S. election.”

Russia has denied any involvement in such cyber attacks.  

And Trump has continued to question the U.S. intelligence community's unanimous conclusions.

“There’s no debate in the U.S. administration about the fact -- and it's a fact -- that Russian interfered in our democratic election," an administration official told reporters today, speaking on the condition of anonymity. "I would never expect Russia to come out with their hands up and acknowledge what they did. They don’t do that.”

In their report, DHS and the FBI offered “indicators” and details from the malicious software that was used to hack the DNC and other entities, insisting those indicators are directly linked to Russian operatives. DHS also released samples of the Russian “malware” so other U.S. agencies and private companies can further defend themselves, U.S. officials said.

“The U.S. government seeks to arm network defenders with the tools they need to identify, detect and disrupt Russian malicious cyber activity that is targeting our country’s and our allies’ networks,” DHS, FBI and the DNI said in a joint statement today.
December 29, 2016
 
Good Morning America - President Obama has expelled 35 Russian nationals and sanctioned five Russian entities and four individuals for an alleged cyber assault on Democratic political organizations during the 2016 presidential campaign, the White House announced today.


“I have ordered a number of actions in response to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election,” Obama wrote in a statement. “These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior.”

Obama noted that all Americans “should be alarmed by Russia’s actions” which were designed to “interfere with the U.S. election process.”

“These data theft and disclosure activities could only have been directed by the highest levels of the Russian government,” Obama said. “Moreover, our diplomats have experienced an unacceptable level of harassment in Moscow by Russian security services and police over the last year. Such activities have consequences.”

Obama issued an executive order, amending his April 2015 decree to expand authorization for a response to certain cyber activity that seeks to interfere with or undermine U.S. election processes and institutions.

Obama said that the State Department is also shutting down two Russian compounds, in Maryland and New York, used by Russian personnel for intelligence-related purposes, and has ordered 35 Russian intelligence operatives to leave the U.S. within 72 hours.

State Department deputy spokesman Mark Toner wrote in a statement that "the Russian government has impeded our diplomatic operations by, among other actions: forcing the closure of 28 American corners which hosted cultural programs and English-language teaching; blocking our efforts to begin the construction of a new, safer facility for our Consulate General in St. Petersburg; and rejecting requests to improve perimeter security at the current, outdated facility in St. Petersburg."

"Today’s actions send a clear message that such behavior is unacceptable and will have consequences," Toner added.

House Speaker Paul Ryan supported the new sanctions, saying in a statement that "Russia does not share America’s interests. In fact, it has consistently sought to undermine them, sowing dangerous instability around the world. While today’s action by the administration is overdue, it is an appropriate way to end eight years of failed policy with Russia. And it serves as a prime example of this administration's ineffective foreign policy that has left America weaker in the eyes of the world."

The Department of Homeland Security and the Federal Bureau of Investigation said today that Russian military and intelligence organizations hacked digital files belonging to the Democratic National Committee and continue to target U.S. entities.

“These cyber operations have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations and corporations leading to the theft of information," according to a report issued by the DHS and FBI. "In foreign countries, [Russian] actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks. In some cases, [Russian] actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack.”

Obama warned that today’s actions will not be the full extent of his administration’s response to Russia’s interference in the election, which several Democrats blame for Hillary Clinton’s loss to Donald Trump.
“We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized,” Obama promised. “In addition to holding Russia accountable for what it has done, the United States and friends and allies around the world must work together to oppose Russia’s efforts to undermine established international norms of behavior, and interfere with democratic governance.”

The president pledged that his administration will provide a report to Congress in the coming days about Russia’s efforts to interfere in the election, as well as “malicious cyber activity related to our election cycle in previous elections.”

The announcement is not the culmination of the broad review of Russian hacking recently ordered by Obama. That review is ongoing, and the government is expected to release its findings before Obama leaves office next month.

The timing of today's expected announcement is notable, with Obama's term coming to a close in 22 days. President-elect Trump has questioned the intelligence community's conclusions and has not said he firmly believes that Russia was behind the hacks.

On Wednesday, Trump spoke briefly to reporters at his Mar-a-Lago estate in Florida. He was asked about U.S. intelligence efforts to determine whether there was Russian interference in the election. "They should do the best they can, figure it all out," he replied.

No comments:

Post a Comment