RoundUp: Spy vs Spy, while Officials and Voters lose

Almost every day lately there is news on the potential of future and past hacking, including election hacking. Today we suggest three recent articles and a report.

Lets start with the story of a hack involving software from Kaspersky Labs in the New York Times: How Israel Caught Russian Hackers Scouring the World for U.S. Secrets  <read>

Before we read the story, remember there is some history here.  Russia is the enemy of choice for the U.S. these days.  The media and Government are biased to attribute any attack to Russia, exaggerate any attack from Russia, and to conflate anything Russian with the Russian Government.  The infamous Stuxnet attack which disabled some of Iran’s nuclear centrifuges was allegedly carried out by Israel and the United States – Kaspersky Labs was one of the main contributors in the discovery and investigation of the attack. We remain skeptical of claims that are not highly documented, yet aware undocumented claims may be true.

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules…

Kaspersky Lab denied any knowledge of, or involvement in, the Russian hacking. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company said in a statement Tuesday afternoon. Kaspersky Lab also said it “respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity.”…

The N.S.A. bans its analysts from using Kaspersky antivirus at the agency, in large part because the agency has exploited antivirus software for its own foreign hacking operations and knows the same technique is used by its adversaries.

Nobody knows who actually exploited the Kaspersky software, yet it could have been Israel:

The report did not name Israel as the intruder but noted that the breach bore striking similarities to a previous attack, known as “Duqu,” which researchers had attributed to the same nation states responsible for the infamous Stuxnet cyberweapon. Stuxnet was a joint American-Israeli operation that successfully infiltrated Iran’s Natanz nuclear facility, and used malicious code to destroy a fifth of Iran’s uranium centrifuges in 2010.

Kaspersky reported that its attackers had used the same algorithm and some of the same code as Duqu, but noted that in many ways it was even more sophisticated. So the company researchers named the new attack Duqu 2.0, noting that other victims of the attack were prime Israeli targets.

This week the DEFCON report on its Election Hacking Village was published:  Report on Cyber Vulnerabilities in
U.S. Election Equipment, Databases, and Infrastructure  <read>

It is a significant event with a short 18 page report.  Well worth reading.  The Forward summarizes it well:

last year’s attack on America’s voting process is as serious a threat to our democracy as any I have ever seen in the last 40+ years–potentially more serious than any physical attack on our Nation. Loss of life and damage to property are tragic, but we are resilient and can recover. Losing confidence in the
security of our voting process–the fundamental link between the American people and our government–could be much more damaging. Inshort, this is a serious national security issue that strikes at the core of our democracy…

If Russia can attack our election, so can others: Iran, North Korea, ISIS, or even criminal or extremist groups. Time is short: our 2018 and 2020 elections are just around the corner and they are lucrative targets for any cyber opponent. We need a sense of urgency now. Finally, this is a national security issue because other democracies–our key allies and partners–are also vulnerable…

For over 40 years I voted by mailing an absentee ballot from wherever I was stationed around the world. I assumed voting security was someone else’s job; I didn’t worry about it. After reading this report, I don’t feel that way anymore. Now I am convinced that I must get involved. I hope you will read this report and come to the same conclusion.

Douglas E. Lute
Former U.S. Ambassador to NATO
Lieutenant General, U.S. Army, Retired

From Newsweek: Russians Still Have An Open Path to U.S. Election Subversion  <read>

Although some of the references to Russian interference in the following story have been withdrawn and questioned, the basic theme that Congress and the Administration are basically not in action is cause for concern that noting of substance will be accomplished.

Exactly a year after U.S. intelligence issued a stern warning about Russian interference in the 2016 presidential election, the Trump administration has failed to fill key homeland security posts responsible for preventing another Kremlin assault on the voting system…

“The second thing is, the administration doesn’t seem to want to have anybody head up to the Hill and testify on issues that would be hot-button issues, namely anything to do with election security, cyber security, or the Russian acts from last year.”

Unless the administration puts its own political appointees in place at DHS, analysts say, the department will struggle to get protective systems up and running in time for the 2017 primaries and state and local races, let alone the 2018 elections.

And from Politico:  Hacker study: Russia could get into U.S. voting machines  <read>  Not just Russia, however:

American voting machines are full of foreign-made hardware and software, including from China, and a top group of hackers and national security officials says that means they could have been infiltrated last year and into the future. American voting machines are full of foreign-made hardware and software, including from China, and a top group of hackers and national security officials says that means they could have been infiltrated last year and into the future…

“From a technological point of view, this is something that is clearly doable,” said Sherri Ramsay, the former director of the federal Central Security Service Threat Operations Center, which handles cyber threats for the military and the National Security Agency. “For us to turn a blind eye to this, I think that would be very irresponsible on our part.”

Often, voting machine companies argue that their supply chain is secure or that the parts are American-made or that the number of different and disconnected officials administering elections would make a widespread hack impossible. The companies also regularly say that since many machines are not connected to the internet, hackers’ ability to get in is limited.

But at the DEFCON event in Las Vegas, hackers took over voting machines, remotely and exposed personal information in voter files and more…

It sounds like science fiction, or at least “Ocean’s 11,” but cybersecurity experts are frantically waving their hands, trying to get Americans to see that in foreign capitals, the American voting system just looks like easy opportunity.


Leave a Reply

You must be logged in to post a comment.