Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
How Chinese Spies Got the N.S.A.'s Hacking Tools, and Used Them for Attacks
Source: New York Times
How Chinese Spies Got the N.S.A.s Hacking Tools, and Used Them for Attacks
By Nicole Perlroth, David E. Sanger and Scott Shane
May 6, 2019
Chinese intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia, a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal.
Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers like a gunslinger who grabs an enemys rifle and starts blasting away.
The Chinese action shows how proliferating cyberconflict is creating a digital wild West with few rules or certainties, and how difficult it is for the United States to keep track of the malware it uses to break into foreign networks and attack adversaries infrastructure.
The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the worlds most high-tech, stealthy cyberweapons if it is unable to keep them under lock and key.
-snip-
By Nicole Perlroth, David E. Sanger and Scott Shane
May 6, 2019
Chinese intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia, a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal.
Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers like a gunslinger who grabs an enemys rifle and starts blasting away.
The Chinese action shows how proliferating cyberconflict is creating a digital wild West with few rules or certainties, and how difficult it is for the United States to keep track of the malware it uses to break into foreign networks and attack adversaries infrastructure.
The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the worlds most high-tech, stealthy cyberweapons if it is unable to keep them under lock and key.
-snip-
Read more: https://www.nytimes.com/2019/05/06/us/politics/china-hacking-cyber.html
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
1 replies, 1908 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (3)
ReplyReply to this post
1 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
How Chinese Spies Got the N.S.A.'s Hacking Tools, and Used Them for Attacks (Original Post)
Eugene
May 2019
OP
LessAspin
(1,413 posts)1. How Hackers Pose A Threat To Cities & Elections - Fresh Air
Link to tweet
DAVIES: This is FRESH AIR, and we're speaking with Nicole Perlroth. She is a cybersecurity correspondent for The New York Times.
I want to talk a bit about election security. You know, there's a general feeling, I think, that there was Russian interference in the 2016 presidential campaign in the form of hacked emails and disinformation campaigns but that the voting process itself was not tampered with. You've been on this beat a while and have been looking into this. What did you find?
PERLROTH: Well, we found that there is a dearth of serious forensic investigation that investigated problems from the 2016 election. And there were issues, particularly in North Carolina, that suggest that there actually were quite a few problems tied to issues with electronic pollbook systems, the systems that check you in when you go to check in at the voting booth.
And in many cases, these pollbooks were telling people that they had already voted when they hadn't, that they were not registered to vote when they were. And some of those pollbooks were managed by a company called VR Systems that, we know from leaked NSA documents, was in fact hacked by Russia prior to the 2016 election.
DAVIES: And was there any pattern to which communities or precincts these problems occurred?
PERLROTH: There was. Durham County, in particular, had a lot of problems with its e-poll book systems. Now, if you were going to try to disenfranchise a large number of Democratic voters in North Carolina, you'd probably go right to Durham County. This is a blue county in a largely red state. And when people went to go vote in Durham County, they were finding a lot of irregularities with the e-poll book systems.
So over a year ago, we wrote about those problems. And what was really disturbing is that when we tried to find whether there had been an in-depth forensic investigation of the e-poll book issues in Durham County, I found a report that was conducted that was unlike any other cyberforensics report I had ever seen. Usually, when you look at these forensic reports, they tell you, you know, we did an analysis of this computer. We found this vulnerability. We found this malware or we didn't find this malware or we found this hacking technique or we didn't find this hacking technique.
This read very differently. It read like a police report, where whoever was conducting the investigation was a local detective, former police officer, who said, at 3:15 p.m., I interviewed Suzy (ph), who was working at the voting booth, and she said all was normal. I mean, I've never seen a cybersecurity investigation report look like that.
And when we asked North Carolina to sort of account for this or to take a deeper look, they were pretty defensive about the issues that had happened in Durham County. And only now, a couple of years later, have we found out that, in fact, VR Systems - the company that was hacked by China - did remotely access the e-poll book systems in Durham the night before the 2016 election to try and diagnose some problems it was seeing. And that remote access could have very well been exploited by nation-state hackers. We just don't know.
DAVIES: Right. And so, again, we're talking about the electronic pollbooks. That's essentially the registry of electors in a particular polling place. And the company that managed them, VR Systems - you say that we know that it actually was penetrated by Russian hackers. What exactly do we know about that?
PERLROTH: We know this from leaked NSA documents that VR Systems was compromised in some kind of spear phishing-attack - so when employees open a malicious email attachment or click on a malicious link that allows malware into their systems. And we know that VR Systems maintained remote access to the e-poll books in Durham and many other counties all over the country - in Florida and elsewhere.
And what we don't know is, was that access exploited by Russian hackers to disenfranchise voters? We still don't know. And only now do we know that DHS, the Department of Homeland Security, is conducting a forensic examination of those e-poll book issues in Durham County.
DAVIES: And what does VR Systems say?
PERLROTH: VR Systems hasn't said much. I think the last time we spoke to them, they denied that they had been phished. They have sort of resisted what was leaked in the NSA documents that suggested it was successfully phished. And they've said they're cooperating with investigators. But beyond that, we really don't know what actually happened there.
DAVIES: Authorities actually identified the person in the NSA who leaked this report that VR Systems had been hacked. You want to tell us that story? What became of her?
PERLROTH: Right. So we may have never known about this if not for a young NSA employee by the name of Reality Winner, and that is her actual name. She leaked NSA documents that confirmed VR Systems had been hacked in a Russian cyberattack to The Intercept - a digital publication run by Glenn Greenwald. And The Intercept actually published the leaked documents and did it in a way that the NSA was able to trace the leak pretty easily back to Reality Winner. Now, she's since been sentenced to more than five years in prison under the Espionage Act for leaking those documents.
DAVIES: You've also written that there's evidence of Russian hacking in the 2018 midterm elections. Are the FBI and American security officials putting more resources into dealing with foreign interference in 2020? Is Congress doing anything?
PERLROTH: I wish I could say yes. The reality is that there's been a lot of red tape and a lot of politics around securing the next election. Now, that's not to say nothing's been done. We know that U.S. Cyber Command, that U.S. military hackers, going into the 2018 election, conducted a cyberattack that shut down servers that belonged to Russia's Internet Research Agency to sort of preemptively shut down any kind of Russian interference. We also know Claire McCaskill and other Democratic senators were targeted by spear phishing attacks ahead of the 2018 midterm elections, although they say that the attacks weren't successful...
https://www.npr.org/templates/transcript/transcript.php?storyId=732320853
I want to talk a bit about election security. You know, there's a general feeling, I think, that there was Russian interference in the 2016 presidential campaign in the form of hacked emails and disinformation campaigns but that the voting process itself was not tampered with. You've been on this beat a while and have been looking into this. What did you find?
PERLROTH: Well, we found that there is a dearth of serious forensic investigation that investigated problems from the 2016 election. And there were issues, particularly in North Carolina, that suggest that there actually were quite a few problems tied to issues with electronic pollbook systems, the systems that check you in when you go to check in at the voting booth.
And in many cases, these pollbooks were telling people that they had already voted when they hadn't, that they were not registered to vote when they were. And some of those pollbooks were managed by a company called VR Systems that, we know from leaked NSA documents, was in fact hacked by Russia prior to the 2016 election.
DAVIES: And was there any pattern to which communities or precincts these problems occurred?
PERLROTH: There was. Durham County, in particular, had a lot of problems with its e-poll book systems. Now, if you were going to try to disenfranchise a large number of Democratic voters in North Carolina, you'd probably go right to Durham County. This is a blue county in a largely red state. And when people went to go vote in Durham County, they were finding a lot of irregularities with the e-poll book systems.
So over a year ago, we wrote about those problems. And what was really disturbing is that when we tried to find whether there had been an in-depth forensic investigation of the e-poll book issues in Durham County, I found a report that was conducted that was unlike any other cyberforensics report I had ever seen. Usually, when you look at these forensic reports, they tell you, you know, we did an analysis of this computer. We found this vulnerability. We found this malware or we didn't find this malware or we found this hacking technique or we didn't find this hacking technique.
This read very differently. It read like a police report, where whoever was conducting the investigation was a local detective, former police officer, who said, at 3:15 p.m., I interviewed Suzy (ph), who was working at the voting booth, and she said all was normal. I mean, I've never seen a cybersecurity investigation report look like that.
And when we asked North Carolina to sort of account for this or to take a deeper look, they were pretty defensive about the issues that had happened in Durham County. And only now, a couple of years later, have we found out that, in fact, VR Systems - the company that was hacked by China - did remotely access the e-poll book systems in Durham the night before the 2016 election to try and diagnose some problems it was seeing. And that remote access could have very well been exploited by nation-state hackers. We just don't know.
DAVIES: Right. And so, again, we're talking about the electronic pollbooks. That's essentially the registry of electors in a particular polling place. And the company that managed them, VR Systems - you say that we know that it actually was penetrated by Russian hackers. What exactly do we know about that?
PERLROTH: We know this from leaked NSA documents that VR Systems was compromised in some kind of spear phishing-attack - so when employees open a malicious email attachment or click on a malicious link that allows malware into their systems. And we know that VR Systems maintained remote access to the e-poll books in Durham and many other counties all over the country - in Florida and elsewhere.
And what we don't know is, was that access exploited by Russian hackers to disenfranchise voters? We still don't know. And only now do we know that DHS, the Department of Homeland Security, is conducting a forensic examination of those e-poll book issues in Durham County.
DAVIES: And what does VR Systems say?
PERLROTH: VR Systems hasn't said much. I think the last time we spoke to them, they denied that they had been phished. They have sort of resisted what was leaked in the NSA documents that suggested it was successfully phished. And they've said they're cooperating with investigators. But beyond that, we really don't know what actually happened there.
DAVIES: Authorities actually identified the person in the NSA who leaked this report that VR Systems had been hacked. You want to tell us that story? What became of her?
PERLROTH: Right. So we may have never known about this if not for a young NSA employee by the name of Reality Winner, and that is her actual name. She leaked NSA documents that confirmed VR Systems had been hacked in a Russian cyberattack to The Intercept - a digital publication run by Glenn Greenwald. And The Intercept actually published the leaked documents and did it in a way that the NSA was able to trace the leak pretty easily back to Reality Winner. Now, she's since been sentenced to more than five years in prison under the Espionage Act for leaking those documents.
DAVIES: You've also written that there's evidence of Russian hacking in the 2018 midterm elections. Are the FBI and American security officials putting more resources into dealing with foreign interference in 2020? Is Congress doing anything?
PERLROTH: I wish I could say yes. The reality is that there's been a lot of red tape and a lot of politics around securing the next election. Now, that's not to say nothing's been done. We know that U.S. Cyber Command, that U.S. military hackers, going into the 2018 election, conducted a cyberattack that shut down servers that belonged to Russia's Internet Research Agency to sort of preemptively shut down any kind of Russian interference. We also know Claire McCaskill and other Democratic senators were targeted by spear phishing attacks ahead of the 2018 midterm elections, although they say that the attacks weren't successful...
https://www.npr.org/templates/transcript/transcript.php?storyId=732320853
Link to tweet
Link to tweet