Page 24 - ARUBA TODAY

P. 24

A24 technology
Tuesday 17 July 2018

Russian hackers used U.S. online infrastructure against itself

By TAMI ABDOLLAH for violations of a federal
Associated Press criminal law.
WASHINGTON (AP) — In that case, "we're going
Exactly seven months to require a high level of
before the 2016 presidential knowledge of their activity
election, Russian or intent," Goldman said.
government hackers made When the DNC and DCCC
it onto a Democratic became aware they
committee's network. had been hacked, they
One of their carefully hired a cybersecurity firm,
crafted fraudulent emails Crowdstrike, to determine
had hit pay dirt, enticing the extent of the intrusions.
an employee to click a link Crowdstrike, referred to
and enter her password. as "Company 1" in the
That breach of the indictment, took steps to
Democratic Congressional kick the hackers off the
Campaign Committee networks around June 2016.
was the first significant But for months the Russians
step in gaining access to eluded their investigators
the Democratic National and a version of the
Committee network. malware remained on the
To steal politically-sensitive network through October
information, prosecutors — communicating back to
say, the hackers exploited a GRU-registered internet
some of the United address that appeared to
States' own computer be in Missouri, according to
infrastructure against it, internet records.
using servers they leased As the company worked
in Arizona and Illinois. The to kick them off, GRU
details were included in an officials allegedly searched
indictment released Friday online for information on
by special counsel Robert Company 1 and what it
Mueller, who accused had reported about its use
the GRU, Russia's military of X-Agent malware and
intelligence agency, of tried to delete their traces
taking part in a wide- A man walks past the building of the Russian military intelligence service in Moscow, Russia, on the DCCC network by
ranging conspiracy to Saturday, July 14, 2018. using commercial software
interfere in the 2016 Associated Press known as CCleaner.
presidential election. The Though Crowdstrike
companies operating the on infected computers and embedded a link that court that the operator disabled X-agent on
servers were not identified took screenshots of activity purported to be a was party to the criminal the DCCC network, the
in the court papers. displayed on computer spreadsheet of Clinton's activity. hackers spent seven hours
The Russians are accused screens, including an favorability ratings, but A 1996 federal statute unsuccessfully trying to
of exploiting their access employee viewing the instead it directed the protects internet vendors connect to their malware
to inexpensive, powerful DCCC's online banking computers to send its data from being held liable for and tried using previously
servers worldwide — information. to a GRU-created website. how customers use their stolen credentials to access
conveniently available From April to June 2016, the Meanwhile, around the service, and except for a the network on June 20,
for rental — that can be hackers installed updated same time, the hackers few exceptions, provides 2016.
used to commit crimes versions of their software broke into 33 DNC immunity to the providers. The indictment also shows
with impunity. Reaching on at least 10 Democratic computers and installed The law is considered the reliance of Russian
across oceans and into computers. The software their software on their a key part of the legal government hackers on
networks without borders transmitted information network. Captured infrastructure of the internet, American technology
can obfuscate their origins. from the infected keystrokes and screenshots preventing providers companies such as
The indictment computers to a GRU- from the DCCC and DNC from being saddled with Twitter, to spread its stolen
painstakingly reconstructs leased server in Arizona, computers, including the behemoth task of documents.
the hackers' movements the indictment said. The an employee viewing monitoring activity on their The hackers also accessed
using web servers and a hackers also created an the DCCC's banking servers. DNC data in September
complex bitcoin financing overseas computer to act information, were sent "The fact that someone 2016 by breaking into DNC
operation. as a "middle server" to back to the Arizona server. provided equipment and computers hosted on the
Two Russian hacking units obscure the connection The Russian hackers or connectivity that was Amazon Web Services'
were charged with tasks, between the DCCC and used other software they used to engage in data cloud. The hackers used
including the creation and the hackers' Arizona-based developed called X-Tunnel theft is not going to be Amazon Web Services'
management of a hacking server. to move stolen documents attributed to the vendor backup feature to create
tool called "X-agent" Once hackers gained through encrypted in that circumstance," Eric "snapshots" that they
that was implanted onto access to the DCCC channels to another Goldman, a professor of law moved onto their own
computers. The software network, it searched one computer the GRU leased and co-director of the High Amazon cloud accounts.
allowed them to monitor computer for terms that in Illinois. Tech Law Institute at Santa Amazon also provides
activity on computers by included "hillary," ''cruz," Despite the use of U.S.- Clara University School cloud computing services
individuals, steal passwords and "trump" and copied based servers, such vendors of Law, said. A notable for various government
and maintain access select folders, including typically aren't legally liable exception, however, is if agencies, including the
to hacked networks. It "Benghazi Investigations." for criminal activities unless federal prosecutors are Central Intelligence
captured each keystroke In emails, the hackers it can be proved in federal bringing a criminal charge Agency.q

19 20 21 22 23 24 25 26 27 28 29