Russian hackers used US online infrastructure against itself

Science & Tech 10:51 17.07.2018
Exactly seven months before the 2016 presidential election, Russian government hackers made it onto a Democratic committee’s network. One of their carefully crafted fraudulent emails had hit pay dirt, enticing an employee to click a link and enter her password.
 
That breach of the Democratic Congressional Campaign Committee was the first significant step in gaining access to the Democratic National Committee network.
 
To steal politically sensitive information, prosecutors say, the hackers exploited some of the United States’ own computer infrastructure against it, using servers they leased in Arizona and Illinois. The details were included in an indictment released Friday by special counsel Robert Mueller, who accused the GRU, Russia’s military intelligence agency, of taking part in a wide-ranging conspiracy to interfere in the 2016 presidential election. The companies operating the servers were not identified in the court papers.
 
The Russians are accused of exploiting their access to inexpensive, powerful servers worldwide _ conveniently available for rental _ that can be used to commit crimes with impunity. Reaching across oceans and into networks without borders can obfuscate their origins.
 
The indictment painstakingly reconstructs the hackers’ movements using web servers and a complex bitcoin financing operation.
 
Two Russian hacking units were charged with tasks, including the creation and management of a hacking tool called “X-agent” that was implanted onto computers. The software allowed them to monitor activity on computers by individuals, steal passwords and maintain access to hacked networks. It captured each keystroke on infected computers and took screenshots of activity displayed on computer screens, including an employee viewing the DCCC’s online banking information.
 
From April to June 2016, the hackers installed updated versions of their software on at least 10 Democratic computers. The software transmitted information from the infected computers to a GRU-leased server in Arizona, the indictment said. The hackers also created an overseas computer to act as a “middle server” to obscure the connection between the DCCC and the hackers’ Arizona-based server.
 
Once hackers gained access to the DCCC network, it searched one computer for terms that included “hillary,” `’cruz,” and “trump” and copied select folders, including “Benghazi Investigations.”
 
In emails, the hackers embedded a link that purported to be a spreadsheet of Clinton’s favorability ratings, but instead it directed the computers to send its data to a GRU-created website.
 
Meanwhile, around the same time, the hackers broke into 33 DNC computers and installed their software on their network. Captured keystrokes and screenshots from the DCCC and DNC computers, including an employee viewing the DCCC’s banking information, were sent back to the Arizona server.
 
The Russian hackers used other software they developed called X-Tunnel to move stolen documents through encrypted channels to another computer the GRU leased in Illinois.
 
Despite the use of U.S.-based servers, such vendors typically aren’t legally liable for criminal activities unless it can be proved in federal court that the operator was party to the criminal activity.
 
A 1996 federal statute protects internet vendors from being held liable for how customers use their service, and except for a few exceptions, provides immunity to the providers. The law is considered a key part of the legal infrastructure of the internet, preventing providers from being saddled with the behemoth task of monitoring activity on their servers.
 
“The fact that someone provided equipment and or connectivity that was used to engage in data theft is not going to be attributed to the vendor in that circumstance,” Eric Goldman, a professor of law and co-director of the High Tech Law Institute at Santa Clara University School of Law, said. A notable exception, however, is if federal prosecutors are bringing a criminal charge for violations of a federal criminal law.
 
In that case, “we’re going to require a high level of knowledge of their activity or intent,” Goldman said.
 
When the DNC and DCCC became aware they had been hacked, they hired a cybersecurity firm, Crowdstrike, to determine the extent of the intrusions. Crowdstrike, referred to as “Company 1” in the indictment, took steps to kick the hackers off the networks around June 2016. But for months the Russians eluded their investigators and a version of the malware remained on the network through October _ programed to communicate back to a GRU-registered internet address.
 
“We do not have any information to suggest that it successfully communicated,” said Adrienne Watson, the DNC’s deputy communications director.
 
As the company worked to kick them off, GRU officials allegedly searched online for information on Company 1 and what it had reported about its use of X-Agent malware and tried to delete their traces on the DCCC network by using commercial software known as CCleaner. Though Crowdstrike disabled X-agent on the DCCC network, the hackers spent seven hours unsuccessfully trying to connect to their malware and tried using previously stolen credentials to access the network on June 20, 2016.
 
The indictment also shows the reliance of Russian government hackers on American technology companies such as Twitter, to spread its stolen documents.
 
The hackers also accessed DNC data in September 2016 by breaking into DNC computers hosted on the Amazon Web Services’ cloud. The hackers used Amazon Web Services’ backup feature to create “snapshots” that they moved onto their own Amazon cloud accounts. Amazon also provides cloud computing services for various government agencies, including the Central Intelligence Agency.
Azerbaijan takes measures to turn Khankandi into safe city - VİDEO

News line

Azerbaijan toughens penalties for non-compliance with rules of social emergency environment regime
12:33 29.03.2024
About $7 bln of foreign direct investment was invested in Azerbaijan last year
12:00 29.03.2024
Number of people injured in Crocus City Hall terrorist attack reaches 382
11:48 29.03.2024
Media: Netanyahu rejected the Mossad Chief's proposal for a possible agreement in Gaza
11:37 29.03.2024
Azerbaijani Parliament's meeting kicks off
11:26 29.03.2024
An American couple founded a website, which identifies brands that support Israel
An American couple founded a website, which identifies brands that support Israel
11:07 29.03.2024
US scientists name infection more dangerous for brain than coronavirus
US scientists name infection more dangerous for brain than coronavirus
11:00 29.03.2024
Parviz Shahbazov: Foundations of 4 new renewable energy plants will be laid this year
Parviz Shahbazov: Foundations of 4 new renewable energy plants will be laid this year
10:50 29.03.2024
Japan eyes self-driving expressway lane network
10:40 29.03.2024
Oil prices end 1Q24 with strong growth
10:30 29.03.2024
SECRETS of the European Union's visit to the South Caucasus - Fikret Sadigov EXPLAINS
10:25 29.03.2024
Israeli strikes on Syria kill dozens, security sources say
10:20 29.03.2024
Ammunition found in Khankandi
Ammunition found in Khankandi
10:10 29.03.2024
Iran’s top diplomat: Military presence of third countries in Caspian Sea goes against interests of region
Iran’s top diplomat: Military presence of third countries in Caspian Sea goes against interests of region
10:00 29.03.2024
Armenia officially announces freezing its participation in CSTO
09:50 29.03.2024
US hopes to return to purchase of 72 fighter jets per year amid budget cuts
09:38 29.03.2024
Another 138 IDPs leave for Fuzuli
09:28 29.03.2024
Netanyahu: "We have strategic assets of Hamas"
09:17 29.03.2024
Date of next meeting of Armenian and Azerbaijani Parliament Speakers announced
09:00 29.03.2024
Russia prepares for new offensive in May-June l – says Zelensky
23:52 28.03.2024
Russian investigators have evidence of Ukraine link to Crocus terrorists
22:24 28.03.2024
Committee members of the EU Council will visit the South Caucasus region
19:48 28.03.2024
Bayern to pay Thomas Tuchel 12M euro compensation
Bayern to pay Thomas Tuchel 12M euro compensation
19:00 28.03.2024
Crocus City Hall terrorists took drugs before attack - law enforcement agencies
Crocus City Hall terrorists took drugs before attack - law enforcement agencies
18:33 28.03.2024
Azerbaijan, UN Development Program mull future co-op
18:00 28.03.2024
An Independent Trade Union Established within International Eurasia Press Fund - First in NGO sector - PHOTOS
17:39 28.03.2024
Italian PM condemns Macron for idea of sending troops to Ukraine
Italian PM condemns Macron for idea of sending troops to Ukraine
17:23 28.03.2024
Azerbaijan lends clarity to color requirement for taxis
17:02 28.03.2024
Isaac Herzog: Israel has no greater friend than US, and US has no greater friend than Israel
Isaac Herzog: Israel has no greater friend than US, and US has no greater friend than Israel
16:45 28.03.2024
Nigerian army eliminates over 200 militants in 2 weeks
16:30 28.03.2024
Armored Vehicle Coalition for Ukraine launched in Poland
Armored Vehicle Coalition for Ukraine launched in Poland
16:15 28.03.2024
Russia strengthens transport security measures after terror attack at Crocus City Hall
Russia strengthens transport security measures after terror attack at Crocus City Hall
15:55 28.03.2024
Türkiye plays an important role between Russia and Ukraine - says political scientist Ismail Cingoz
15:45 28.03.2024
2 schoolchildren detained in France on suspicion of sending bomb threats
15:35 28.03.2024
Ski resort in Georgia hit by avalanche
Ski resort in Georgia hit by avalanche
15:26 28.03.2024
Another protest against French colonialism held in New Caledonia, Azerbaijani flag raised
Another protest against French colonialism held in New Caledonia, Azerbaijani flag raised
15:15 28.03.2024
Media: US did not transfer all information about terrorist attack in Crocus City Hall to Russia
15:00 28.03.2024
Movement ‘Together’ calls on Armenia’s parliamentary forces to express vote of no confidence in Pashinyan
14:41 28.03.2024
Azerbaijan to participate in international trade fair in Istanbul
Azerbaijan to participate in international trade fair in Istanbul
14:32 28.03.2024
Le Pen accuses French government of fraud
14:22 28.03.2024
Hamısı