Category Archives: Cyber War

Inside the Internet Research Agency: a Mole Among Trolls

ST. PETERSBURG, RUSSIA — Vitaly Bespalov, a 23-year-old journalism school graduate, had no idea what to expect when he arrived at a nondescript four-story business center in St. Petersburg to interview for a job.

Everything about the building at Savushkina 55 seemed odd. Security was heavy and the windows were tinted. Guards dressed in camouflage demanded his passport and his home address before letting him into the building. And, as he negotiated his entry, Bespalov noticed a woman enter the lobby in a rage.

“She was yelling something about how she refused to be part of this,” says Bespalov. “Everything about the place was strange.”

Share

Could Russia and West be heading for cyber-war?

The latest warning of Russian intrusions is another sign that cyber-space is becoming one of the focal points for growing tension between Russia and the West.

But so far, much of the talk about cyber-war remains hypothetical rather than real.

It is true that Britain’s National Cyber Security Centre (NCSC) is on high alert for the possibility of some kind of Russian activity. More people and resources have been devoted to monitoring and investigation.

There has also been outreach to companies to warn them on what to look out for and what to do.

Share

Russian Hackers Attacked U.S. Aviation as Part of Breaches

Russian hackers attempted to penetrate the U.S. civilian aviation industry early in 2017 as part of the broad assault on the nation’s sensitive infrastructure.

The attack had limited impact and the industry has taken steps to prevent a repeat of the intrusion, Jeff Troy, executive director of the Aviation Information Sharing and Analysis Center, said Friday. Troy wouldn’t elaborate on the nature of the breach and declined to identify specific companies or the work that was involved.

Share

North Korea steps up cyber powers with shadowy ‘Reaper’ hacker group

North Korea is stepping up its cyber capabilities to target international aerospace and defence industries through a shadowy and sophisticated hackers group called Reaper, a new report revealed on Tuesday.

The group, also known as APT37, was identified in research by American private security company FireEye, which tracks cyber-attackers around the world.

They reported that it is using malware to infiltrate computer networks and now represents “an advanced persistent threat” that has dramatically increased the reach of North Korea’s already formidable cyber operations

Share

The tactics of a Russian troll farm

The indictment of 13 Russians charged with attempting to manipulate American voters using social media shines a fascinating light on a sophisticated, relentless operation to exploit the internet for political gain. Here’s how US investigators say the Russians did it.

It was 2014, and in a building in St Petersburg, the Russian Internet Research Agency (IRA) was already hard at work building its arsenal to take on US politics.

According to US prosecutors, the IRA had gathered stolen identities of real Americans, and a formidable encyclopaedia of what “works” on social media when it comes to riling up Americans talking about politics. Two members of the agency were said to have travelled to the US to gather more intelligence, a fact-finding tour taking in nine states, according to investigators.

Share

‘Fancy Bear’ hackers took aim at US defense contractors

WASHINGTON (AP) — Russian cyberspies pursuing the secrets of military drones and other sensitive U.S. defense technology tricked key contract workers into exposing their email to theft, an Associated Press investigation has found.

What ultimately may have been stolen is uncertain, but the hackers clearly exploited a national vulnerability in cybersecurity: poorly protected email and barely any direct notification to victims.

The hackers known as Fancy Bear, who also intruded in the U.S. election, went after at least 87 people working on militarized drones, missiles, rockets, stealth fighter jets, cloud-computing platforms or other sensitive activities, the AP found.

Share

Fitness tracking app Strava gives away location of secret US army bases

Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company.

The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others.

The map, released in November 2017, shows every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.

Share

Dutch Spies Infiltrated Russian Hacking Unit Before DNC Attack

Dutch intelligence services had eyes and ears for years on the Russian outfit that hacked the Democratic National Committee, even infiltrating a surveillance camera at the Cozy Bear headquarters and recording hackers’ faces, Dutch media reported.

That trove of intelligence gathered by the Netherlands since 2014 has been crucial to the U.S. investigation into the Russian campaign influence operation, the reports from Nieuwsuur and Volkskrant said.

Share

Cyber-attack risk on nuclear weapons systems ‘relatively high’ – thinktank

US, British and other nuclear weapons systems are increasingly vulnerable to cyber attacks, according to a new study by the international relations thinktank Chatham House.

The threat has received scant attention so far from those involved in nuclear military planning and the procurement of weapons, the report said.

It blames this partly on failure to keep up with fast-moving advances, lack of skilled staff and the slowness of institutional change.

“Nuclear weapons systems were developed before the advancement of computer technology and little consideration was given to potential cyber vulnerabilities. As a result, current nuclear strategy often overlooks the widespread use of digital technology in nuclear systems,” the authors of the study said.

Share

Best of the Best: the South Korean school for hackers hitting back against the North

At the fortified border between South and North Korea, students on a computer hacking course are instructed to peer northwards across a strip of empty land toward the enemy state.

“Our country is divided and we are at war, but you can’t see that division in cyberspace,” said Kim Jin-seok. “So we take them to see it in person.”

Kim manages a program called Best of the Best, the goal of which is to train the next generation of so-called white-hat hackers, netizens with elite cybersecurity skills who are able and willing to defend South Korea against malicious hacking attacks, many of which are believed to come from North Korea.

Share

US blames North Korea for WannaCry cyber attack

The US has blamed North Korea for the rampant WannaCry ransomware that infected more than 200,000 victims in around 150 countries.

Businesses, schools and hospitals including the NHS were brought to their knees by the malicious software after it spread in May.

Tom Bossert, President Donald Trump’s security adviser said that the rogue Asian state was “directly responsible” for the malware that spread “indiscriminately”. He said that officials had investigated the matter and had evidence to suggest the attack came from North Korea.

Share

Fake news and botnets: how Russia weaponised the web

The digital attack that brought Estonia to a standstill 10 years ago was the first shot in a cyberwar that has been raging between Moscow and the west ever since

It began at exactly 10pm on 26 April, 2007, when a Russian-speaking mob began rioting in the streets of Tallinn, the capital city of Estonia, killing one person and wounding dozens of others. That incident resonates powerfully in some of the recent conflicts in the US. In 2007, the Estonian government had announced that a bronze statue of a heroic second world war Soviet soldier was to be removed from a central city square. For ethnic Estonians, the statue had less to do with the war than with the Soviet occupation that followed it, which lasted until independence in 1991. For the country’s Russian-speaking minority – 25% of Estonia’s 1.3 million people – the removal of the memorial was another sign of ethnic discrimination. Russia’s government warned that the statue’s removal would be “disastrous” for Estonia.

That evening, Jaan Priisalu – a former risk manager for Estonia’s largest bank, Hansabank, who was working closely with the government on its cybersecurity infrastructure – was at home in Tallinn with his girlfriend when his phone rang. On the line was Hillar Aarelaid, the chief of Estonia’s cybercrime police.

Share

DHS, FBI Warn Companies of Ongoing Cyber Attacks on Critical Infrastructure

The Department of Homeland Security and FBI issued rare public alert warning owners of U.S. critical infrastructure to battle an ongoing campaign of cyber attacks against their information and control networks.

Energy and industrial firms were notified Friday and again Saturday that sophisticated hackers are attempting to penetrate industrial control systems used by the electrical and nuclear power industry, as well as water, aviation, and manufacturing sectors.

“DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector,” the notice said.

Share