Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (61)
  • add to favourites
    Add to Bookmarks

Random victims

Read: 508 Comments: 12 Rating: 14

The US elections are coming, and naturally "Russian hackers" are hard at work.

Military cyber officials are developing information warfare tactics that could be deployed against senior Russian officials and oligarchs if Moscow tries to interfere in the 2020 US elections through hacking election systems or sowing widespread discord, according to current and former US officials.

Source

In general, any State will act in its own best interests using all available means and will do its best to counter similar steps taken by other countries—things have always been that way. But, according to some claims, this time the situation is indeed critical:

“We can’t let up. This is something we cannot be episodic about. The defense of our nation, the defense of our elections, is something that will be going on every single day for as far into the future as I can see".

Source

And when in fact there is little if any interference, which counter measures will yield political dividends?

Military cyber officials are developing information warfare tactics that could be deployed against senior Russian officials and oligarchs.

Source

It appears that those who are believed to be responsible for certain actions will be notified that they have been exposed. In fact, a similar operation has already been undertaken before.

The options being considered build on an operation Cybercom undertook last fall in the run-up to the midterm elections. Beginning in October 2018, Cybercom used emails, pop-ups and texts to target Russian Internet “trolls” who were seeding disinformation on US social media platforms. Cybercom also messaged hackers working for Russian military intelligence, indicating to them that their identities were known and could be publicized. Although the command did not sign its messages, the Americans knew there would be no mistaking who had sent them, officials said at the time.

When the trolls persisted, Cybercom, beginning on Election Day and for at least two days afterward, knocked their servers offline.

Some workers were so perturbed that they launched an internal investigation to root out what they thought were insiders leaking personnel information, according to US officials.

Source

But in reality, it was way more destructive than that.

On November 5, 2018, at about 10 p.m. MSK, a RAID controller on the Federal News Agency's office server was rendered non-operational. Two out of four of the machine's hard drives shared its fate. Furthermore, two hard drives on rented servers in Sweden and Estonia were formatted. The drives were maintaining USAReally site mirrors, which had been set up specifically for situations when the main server gets blocked.

A few days before the attack, a news agency employee received an email with an attachment in their personal mailbox. Once the attached content was extracted, the computer was infected with malware that used Windows backdoors to grant the Americans full remote control over a computer in the agency's office. However, they weren't able to infect the other hosts on the network and seize control over them, too.

The infection spread from an ordinary iPhone 7 Plus belonging to an agency employee. A USB data cable was used to connect the device to a PC that had no Internet access. The compromised gadget automatically uploaded malicious files to the computer and gave the attackers remote access to the PC.

As for the European servers (in Sweden and Estonia), the Americans were able to get what they wanted without having to employ anything sophisticated. They didn't even need to mount an attack. The European companies merely served the US Cyber Command with whatever it demanded.

Source

Now they want to build upon their previous success:

The new options contemplate targeting key leaders in the security services and the military and potentially some oligarchs. The messaging would be accompanied by a limited cyber-operation that demonstrates the Americans’ access to a particular system or account and the ability to inflict a cost, said individuals familiar with the matter.

Another possibility involves disinformation aimed at exploiting rivalries within the Russian government and power elites.

Source

Dr.Web recommends

In a clash of major forces, it’s the little people who suffer. "The infection spread from an ordinary iPhone 7 Plus belonging to an agency employee. A USB data cable was used to connect the device to a PC". This smart phone could get connected to any computer in any company office visited by the employee or to someone's home PC. A random person could have come under fire.

Therefore:

  • Scan visitors' removable media.
  • If a device of dubious origin needs to be connected to your computer, use an account that doesn't have permission to run executable files from removable media.
  • Once the device has been unplugged, scan the computer with your anti-virus.

And protect your computers at home as much as you do the ones in your office!

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments