Cybersecurity and Cyberwarfare

The government's top watchdog has agreed to investigate the reported cyberattack that targeted the Federal Communications Commission earlier in 2017 while the agency was preparing to roll back net neutrality regulations. A spokesman for the Government Accountability Office (GAO) confirmed it has accepted a request from two Democratic lawmakers to probe the distributed denial of service (DDoS) attack that the FCC said disrupted its electronic comment filing system in May. The spokesman said that the probe, which was first reported by Politico, is “now in the queue, but the work won’t get underway for several months.” The investigation will also examine the FCC’s broader cybersecurity efforts.

On Oct 10, the Supreme Court sidestepped a growing controversy over who can give permission to access a computer, a debate that goes to the core of what constitutes hacking in this era of widespread use of the internet and social media. The justices turned away two cases over whether it is a violation of federal anti-hacking law for account holders to give a third party access to a computer system they do not own themselves. In doing so, they left in place a lower court ruling that went against a Cayman Islands company in a dispute with Facebook, and another against a California-based executive recruiter. The San Francisco-based 9th US Circuit Court of Appeals ruled in both cases that only computer system owners may grant authorization, and not account holders or employees with legitimate access credentials.

The Russian government used a popular antivirus software to secretly scan computers around the world for classified US government documents and top-secret information, modifying the program to turn it into an espionage tool, apparently.

The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations that the officials say could only have been made with the company’s knowledge, the program searched for terms as broad as “top secret,” which may be written on classified government documents, as well as the classified code names of US government programs, apparently.

A division of the Library of Congress could play a key role in ensuring future US elections are protected against cyberattacks that alter vote tallies or other digital meddling, the authors of a major report on election hacking said. That division, the US Copyright Office, approved a slate of exemptions to a 1996 copyright law that give ethical hackers more leeway to search for digital vulnerabilities in products without facing legal threats from companies that don’t want their security gaps exposed. The exemption, which came out shortly after the 2016 election, included a specific provision freeing ethical hackers to poke and prod at voting machines. That provision paved the way for a “voting machine hacking village” at the 2017 DEF CON security conference in Las Vegas in July that turned up cyber vulnerabilities in numerous voting systems. If the exemption is allowed to expire in 2018, however, it could leave future elections more vulnerable to nation-state and criminal hackers.

It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs. What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.

The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision in Sept to order Kaspersky software removed from government computers. The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

The hack into the accountancy giant Deloitte compromised a server that contained the e-mails of an estimated 350 clients, including four US government departments, the United Nations and some of the world’s biggest multinationals, apparently. The incident was potentially more widespread than Deloitte has been prepared to acknowledge and that the company cannot be 100% sure what was taken. Deloitte said it believed the hack had only “impacted” six clients, and that it was confident it knew where the hackers had been. It said it believed the attack on its systems, which began a year ago, was now over. However, apparently, the company red-flagged, and has been reviewing, a cache of e-mails and attachments that may have been compromised from a host of other entities.

White House officials believe that chief of staff John Kelly’s personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials. The discovery raises concerns that hackers or foreign governments may have had access to data on Kelly’s phone while he was secretary of Homeland Security and after he joined the West Wing.

Tech support staff discovered the suspected breach after Kelly turned his phone in to White House tech support this summer complaining that it wasn’t working or updating software properly. Kelly told the staffers the phone hadn’t been working properly for months, according to the officials. White House aides prepared a one-page September memo summarizing the incident, which was circulated throughout the administration. A White House spokesman said Kelly hadn’t used the personal phone often since joining the administration. This person said Kelly relied on his government-issued phone for most communications. The official, who did not dispute any of Politico’s reporting on the timeline of events or the existence of the memo, said Kelly no longer had possession of the device but declined to say where the phone is now.

Senate Armed Services Committee Chairman John McCain (R-AZ) said the panel will work to combat Russia's disinformation campaign that aims to undermine democratic governments and sow division and dissent throughout the United States. “We know that Putin’s Russia has not slowed its efforts to interfere in our elections and domestic affairs. The Senate Armed Services Committee will continue working to address this challenge, which is a threat to our national security,” Sen McCain said. Sen McCain said he is a victim of one of Russia's targeted ads, which planted a false narrative that he met with a leader from the Islamic State of Iraq and Syria (ISIS).

[Commentary] With Facebook handing over Russian propaganda ads from the US election to Congressional investigators, we must understand that this is part of a much broader assault. The threat of these digital attacks extends to all democracies, in the West and beyond. Furthermore, attacks on elections over the past year are asymmetric. Liberal democracies do not and often cannot respond in kind to cyberattacks on their own way of governance. Democracies with free and fair elections are vulnerable to attack, while in autocratic societies, it only matters who is counting the votes. Authoritarian regimes do just fine manipulating their own elections. In Russia, tweeting or sharing real news that’s embarrassing to the regime can land you in prison. Imagine then the response of the regime to fake news that’s damaging to the Kremlin. If democracies actively disseminated such fake news, it would only reduce us to Russia’s level and lead to greater repression there.

The response to these cybercrimes must be international and must be broad-based, ranging from regulating social media to guarding our electrical grid and electoral systems. Building a collective defense in this new code war is at least as great a challenge as staving off the territorial or regional threats of the Cold War, when NATO was established in order to respond to threats in Europe.

[Toomas Hendrik Ilves served as president of Estonia from 2006-2016. He is a distinguished visiting fellow at the Hoover Institution.]

Apparently, hackers working for the Russian government stole details of how the US penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer. The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab.

The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the US. The incident occurred in 2015 but wasn’t discovered until spring of 2016, apparently.The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the US.