America’s indictment of Russian hackers underlines the cyber risks facing US politics
Special Counsel Robert Mueller’s charges against 12 members of Russia’s GRU military intelligence agency accused of hacking related to the 2016 US presidential election are a stark reminder of the ways in which technology can be used to disrupt democratic processes.
Speaking at a press conference announcing the charges today, Rod Rosenstein, the deputy US attorney general (pictured at center above), said the indictment (PDF) didn’t contain allegations that the hacking had actually influenced the outcome of the 2016 election.
But it provides plenty of details about just how extensive and well-planned the attack was on targets that included the Democratic Congressional Campaign Committee, Democratic National Committee, and the Clinton campaign. Here are a few of the things that immediately stand out.
Humans let the hackers in: The Russians didn’t need to probe systems for software weaknesses; they allegedly got in via the front door by sending “spearphishing” e-mails to trick campaign officials to click on bogus links like “Hillary-clinton-favorable-rating.xlsx” that revealed their passwords.
Once in, they knew how to get data out: Using malware dubbed X-Agent, the indictment says, the hackers were able to infect computers at the DCCC and gain access to the DNC’s network. They got far more than just e-mails, too—the malware allowed the attackers to snoop on what staffers were typing and take screenshots of their work. Security software can often spot suspicious attempts to extract large amounts of data from a system, but X-Agent compressed and encrypted data files before sneaking them out.
They tried their best to cover their tracks … The Russians allegedly used an extensive network of servers to hide their tracks and funded the purchase of computer infrastructure using Bitcoin. Among other things, this enabled the hackers to pay a firm based in Romania to register a domain they used to distribute stolen content. They also tried to pass their attacks off as the handiwork of Guccifer 2.0, a lone Romanian hacker. (The indictment says one, unnamed US congressional candidate subsequently reached out to Guccifer to get access to stolen information.)
… and to hide from cyber sleuths: When Democratic officials realized their systems had been penetrated, they called in a security firm. To dodge the investigators, the Russians tried to erase evidence of their penetration using a widely used program that cleans unwanted files off computers.
They had state electoral systems in their sights: The indictment says the hackers got into the system of a state board of elections and stole information including names, addresses, dates of birth, and partial Social Security numbers related to half a million voters. They also hacked into the computer of an unnamed company that makes voter registration software.
With the US midterm elections looming in November, the news is an urgent reminder of the need to beef up the cyber defenses of the US political and electoral infrastructure. Earlier this year, Congress voted an additional $380 million of funding for states to improve security ahead of the midterms, and they’re soon due to explain how they intend to spend it. Given the sophistication of the attacks revealed in the indictment, election officials will need all the help they can get.