Little Kremlin-on-the-Potomac


I’ve been waiting for the MIT Download newsletter thingie to arrive because I knew that they would take an informed look at the Russian Hackers indictment from a technical perspective than our (failed) media:

Humans let the hackers in: The Russians didn’t need to probe systems for software weaknesses; they allegedly got in via the front door by sending “spearphishing” e-mails to trick campaign officials to click on bogus links like “Hillary-clinton-favorable-rating.xlsx” that revealed their passwords.
Once in, they knew how to get data out: Using malware dubbed X-Agent, the indictment says, the hackers infected computers at the DCCC and gained access to the DNC’s network. They got far more than just e-mails—the malware allowed the attackers to snoop on what staffers were typing and take screenshots of their work.
What else does the indictment reveal? One detail in particular that should stand out to techies: the defendants allegedly used Bitcoin to fund the operation. Our own Martin Giles dove into the rest of the indictment to pick out the other details you should know.
What’s next: With the US midterm elections looming, the news is an urgent reminder of the need to beef up the cyber defenses of America’s political infrastructure. Earlier this year, Congress voted on an additional $380 million of funding for states to improve security ahead of the midterms. Given the sophistication of the attacks revealed in the indictment, election officials will need all the help they can get.

I’m told that the spearphishing was so low-tech as to be laughable: John Podesta (bolognese sauce impresario of the DNC) reset his Google password from one of the Russians bogus emails and that set off the cavalcade of events. The course of US history changed from a single click.

I shouldn’t laugh, I’ve received so many Viagra emails my laptop opens on its own. That said, I’m forever checking the authenticity of email alleging to be from a service I use.

This entry was posted in Little-Kremlin-on-the-Potomac, Technology. Bookmark the permalink.

2 Responses to Little Kremlin-on-the-Potomac

  1. AuroraS says:

    I’m sure they exploited the fuck out of the fact that all of our politicians are like 90 and their bullshit censors shut down the second they get behind a computer screen. Don’t they have seminars for politicians on how not to get screwed by scammers and trolls before you get to touch your computer, because, yannow, national security and shit?

    Hell, my mother is 61 and always shaking her fist at Those Darn Millennials and griping about how they need to get off her lawn, but can’t change the ink cartridges in her printer or figure out an Apple TV to save her life.

    Hackers don’t have to put that much effort into obtaining information, half-assed bullshit works.

    Liked by 1 person

    • As one of those “IT Guys” for a sizeable College, this is a constant worry for us; we nag, cajole, joke, and basically do everything we can to keep the folks from answering those things, to the point where some folks will pass along legitimate emails from us as ‘phishing attempts’. It makes us SO proud when they do that!

      The ones that do get caught? they’re either the ‘English is their third language’ grad students, (which is forgiveable), or the big bosses too busy and important to worry about that lowly IT stuff. (which is where the dumbass pols fall)

      Although, ISTR Podesta originally asked their IT staffer about the spearphish email and in the Typo That Changed The World, he wrote back ‘it is OK’ instead of what he meant ‘it is not OK’.

      Anyone above a certain level of responsibility should have 2FA turned on on all their accounts. That helps to block this kind of shit.

      Like

Comments are closed.