News Article | May 6, 2017
Emmanuel Macron, head of the political movement En Marche !, or Onwards !, and candidate for the 2017 presidential election, speaks with supporters during a campaign visit in Rodez, France, May 5, 2017. REUTERS/Regis Duvignau FRANKFURT/PARIS (Reuters) - Leading French presidential candidate Emmanuel Macron's campaign said on Friday it had been the target of a "massive" computer hack that dumped its campaign emails online 1-1/2 days before voters choose between the centrist and his far-right rival, Marine Le Pen. Macron, who is seen as the frontrunner in an election billed as the most important in France in decades, extended his lead over Le Pen in polls on Friday. As much as 9 gigabytes of data were posted on a profile called EMLEAKS to Pastebin, a site that allows anonymous document sharing. It was not immediately clear who was responsible for posting the data or if any of it was genuine. In a statement, Macron's political movement En Marche! (Onwards!) confirmed that it had been hacked. "The En Marche! Movement has been the victim of a massive and co-ordinated hack this evening which has given rise to the diffusion on social media of various internal information," the statement said. An interior ministry official declined to comment, citing French rules that forbid any commentary liable to influence an election, which took effect at midnight on Friday (2200 GMT). The presidential election commission said in statement that it would hold a meeting later on Saturday after Macron's campaign informed it about the hack and publishing of the data. It urged the media to be cautious about publishing details of the emails given that campaigning had ended, and publication could lead to criminal charges. Comments about the email dump began to appear on Friday evening just hours before the official ban on campaigning began. The ban is due to stay in place until the last polling stations close Sunday at 8 p.m. (1800 GMT). Opinion polls show independent centrist Macron is set to beat National Front candidate Le Pen in Sunday's second round of voting, in what is seen to be France's most important election in decades. The latest surveys show him winning with about 62 percent of the vote. Former economy minister Macron's campaign has previously complained about attempts to hack its emails, blaming Russian interests in part for the cyber attacks. On April 26, the team said it had been the target of a attempts to steal email credentials dating back to January, but that the perpetrators had failed to compromise any campaign data. The Kremlin has denied it was behind any such attacks, even though Macron's camp renewed complaints against Russian media and a hackers' group operating in Ukraine. Vitali Kremez, director of research with New York-based cyber intelligence firm Flashpoint, told Reuters his review indicates that APT 28, a group tied to the GRU, the Russian military intelligence directorate, was behind the leak. He cited similarities with U.S. election hacks that have been previously attributed to that group. APT28 last month registered decoy internet addresses to mimic the name of En Marche, which it likely used send tainted emails to hack into the campaign’s computers, Kremez said. Those domains include onedrive-en-marche.fr and mail-en-marche.fr. "If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the U.S. presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome," Kremez said. France is the latest nation to see a major election overshadowed by accusations of manipulation through cyber hacking. U.S. intelligence agencies said in January that Russian President Vladimir Putin had ordered hacking of parties tied to Democratic presidential candidate Hillary Clinton to influence the election on behalf of Republican rival Donald Trump. On Friday night as the #Macronleaks hashtag buzzed around social media, Florian Philippot, deputy leader of the National Front, tweeted "Will Macronleaks teach us something that investigative journalism has deliberately killed?" En Marche! said the documents only showed the normal functioning of a presidential campaign, but that authentic documents had been mixed on social media with fake ones to sow "doubt and misinformation".
News Article | May 4, 2017
The Russian intervention in Syria has been, by most accounts, a success. And Russian President Vladimir Putin is going to do everything he can to keep it that way. Beginning with an air campaign on behalf of Syrian President Bashar al-Assad in September 2015, Russian forces have not only stopped regime losses but also helped Damascus retake Aleppo city in December 2016. Now with the opposition stronghold under government control and Assad’s hold on power no longer in question, Moscow has said it plans to reduce its presence in the country. But while some Russian forces did initially depart in early January, Moscow is actually expanding its role in Syria. Russian officials announced major expansions to Russian military bases in the country while the number of private contractors fighting on the Kremlin’s behalf also swelled. Most interestingly, however, Putin deployed an unprecedented Russian weapon to Syria: several units of Chechen and Ingush commandos hailing from Russia’s restive North Caucasus region. Until recently, regular Russian forces in Syria were largely limited to being a support crew for aircraft conducting strikes across the country. Apart from a few notable exceptions — artillery and special forces deployments in Hama province and military advisors alongside Syrian troops in Latakia — Moscow’s ground game in Syria has been minimal. But the ongoing deployment of the Chechen and Ingush brigades marks a strategic shift for the Kremlin: Russia now has its own elite ground personnel, drawn from its Sunni Muslim population, placed across Syria. This growing presence allows the Kremlin to have a greater role in shaping events on the ground as it digs in for the long term. Such forces could prove vital in curtailing any action taken by the Assad regime that would undermine Moscow’s wider interests in the Middle East while offering a highly effective method for the Kremlin to project power at a reduced political cost. The exact role and size of the Kremlin’s new brigades are still uncertain. Initial open-source reports on the ground placed the number of Chechens deployed in December at around 500, while some estimates suggested a total of 300-400. The number of Ingush is reportedly slightly smaller, at roughly 300. Despite their designation as “military police,” the units are reportedly drawn from elite Spetnaz formations within the Chechen armed forces and are being employed in a role far beyond the simple rear-area guard duty that’s typical of such units: manning checkpoints, distributing aid, guarding bases, and even coordinating the defense of pro-government strongholds with regime forces. “I think this represents Moscow’s grudging recognition that it’s stuck in a quagmire,” says Mark Galeotti, a senior researcher at the Institute of International Relations in Prague. In their hybrid civil-military role, capable of a wide range of operations, these brigades have become a go-to deployment for the Kremlin as it seeks to assert itself in various theaters abroad. Chechen fighters have appeared alongside pro-separatist Russian “volunteers” in eastern Ukraine, and several battalions of Chechen servicemen also entered Georgia during its brief war with Russia in August 2008, occupying the town of Gori. At least some of the Chechen troops deployed in Syria have combat experience in eastern Ukraine, with the Russian newspaper Novaya Gazeta reporting that one of the Chechen commanders is Apti Bolotkhanov, who spent substantial time fighting alongside pro-Russian forces in the Donbass. But beyond their skill on the battlefield, the brigades are valuable to Moscow for other reasons. Russian society and leadership have proved extremely sensitive to casualties in Syria; the Kremlin has gone to extreme lengths to hide its losses. Casualties are often only publicly confirmed after observers find the tombstones of deceased soldiers in their hometown cemeteries. Moscow’s official figures only account for 30 dead in Syria — with the true figure likely much higher. Using nonethnic Russian special personnel might protect the Kremlin from a public backlash sparked by rising battlefield casualties. Losses incurred by the new, North Caucasian contingent are unlikely to trigger such a response. Russian society carries a deep-seated resentment toward natives of the region, in particular Chechens, after two wars in the 1990s and multiple terrorist attacks since. Gregory Shvedov, the editor of the Caucasian Knot website and an expert on the North Caucasus, says popular disdain toward the region is a major factor for the deployment of these personnel. “Cynically speaking [it would be much easier for Putin] if the Chechens or other [troops] from the Caucasus would be killed in Syria … than those from other regions of Russia,” Shvedov notes. Employing these fighters offers Moscow another major advantage. The natives of the North Caucasus are almost entirely Sunni Muslims, a faith they share with the majority of Syria’s population. Since the first units arrived in December 2016, Moscow has sought to use their shared religion and appearance to its advantage. North Caucasian units have been documented using handbooks that include helpful suggestions for dealing with locals, such as the liberal use of the word “mukhabarat” (Syrian secret police) — implying detention and other nasty repercussions — should a request be met with resistance. On a more cordial level, Chechen military police have been told to use shared Islamic words to build friendlier relations with the public, relying on various religious epithets to greet locals when on a patrol. The conversion of an ethnic Russian soldier to Sunni Islam, conducted by Chechnya’s grand mufti in front of Syrian onlookers in Aleppo, was another public relations maneuver utilizing the shared faith between Syrians and the servicemen. While the deployment of the Caucasian brigades represents a new phase of Russia’s intervention in Syria, Moscow’s use of its Muslim-majority regions to reach out to the Middle East is not new. Chechen leader Ramzan Kadyrov has often acted as an interlocutor between Moscow and Sunni Arab states, making state visits on behalf of Putin and attracting Gulf investors to the Chechen capital. Kadyrov has attempted to cast the Chechen capital, Grozny, as a center of international Sunni discussion on the state level, hosting numerous international forums where Chechen figures were the sole representatives of Russia’s 20 million Muslims. The aim of such conferences is generally to discredit Salafi Islam, the hard-line strain followed by most jihadis. Syrian officials themselves have begun to engage closely with North Caucasian authorities. A delegation from Damascus including Syria’s minister of religious affairs visited the Dagestani capital of Makhachkala in March, discussing counterradicalization with Dagestani authorities and students. In present circumstances, where it is rare for Syrian officials to make any foreign trip, let alone to a far-flung region of another country, the Makhachkala trip is significant in demonstrating the depth of Moscow’s use of its Sunni Muslim region as an outreach tool. Most recently, the head of Damascus University announced in mid-April that his institution is opening a campus in Chechnya. Given these religious and cultural links, Moscow is banking on its new Muslim-majority brigades to prove more amenable to the Syrian populace than its ethnic Russian soldiers. As Moscow’s footprint deepens, North Caucasian special forces have taken on increasingly important tasks across Syria, from guarding Syrian Kurdish units against Turkish incursions in Manbij to ensuring the success of negotiated rebel evacuations on the outskirts of Damascus. The growing role of the brigades demonstrates a desire on Russia’s part to wield greater influence over areas of Syria it deems crucial, particularly in the face of occasional tension with its Syrian and Iranian allies. Although outward appearances suggest solidarity, Moscow has occasionally clashed with both Damascus and Tehran. Perhaps the most publicized example of this uneasy alliance came during the late stages of the Aleppo campaign. Iranian officials were reportedly incensed with the terms of a cease-fire brokered for the city by Russia and Turkey in December 2016 that were imposed without their input. Iran later intentionally scuttled the deal, using its Iraqi and Syrian proxy forces to resume fighting in Aleppo. Not coincidentally, Moscow’s first Chechen soldiers arrived in Syria within weeks of that event. The importance for Moscow in being able to control unexpected events on the ground was highlighted in late January when rumors began to spread that Assad had suffered a stroke. Adding fuel to the fire, some opposition figures claimed that the Syrian president had flown to Beirut for treatment; Damascus uncharacteristically denied the claims instead of ignoring them, fueling the speculation. Amid the uncertainty, reports emerged that with Assad’s health failing, Iranian forces were posturing to install his brother Maher, who is rumored to not be among the Kremlin’s preferred list of successors. Within several days, Assad returned to Damascus and held a series of publicized meetings, calming the situation. But the incident highlighted the value for Moscow in having its own ground forces in the Syrian capital. As part of its strategy to further control events on the ground in Syria, the Kremlin has also elected far more secretive means to expand its footprint. To bolster its regular forces, Moscow has employed a sizable private military contractor (PMC) that now has nearly four years of experience in the country. First known as the Slavonic Corps, the group’s first mission in 2013 in Syria proved a major debacle, but after rebranding itself and gaining stronger Kremlin backing, the group redeployed to Syria as part of Moscow’s official intervention in 2015. Now called Wagner, the group is headed by Dmitry Utkin, a former intelligence officer in the GRU, Russia’s foreign military intelligence agency, who first deployed the PMC in operations in Crimea and eastern Ukraine. Obtaining precise statistics on the group is difficult, but the most accurate estimate by the Russian daily RBC, whose experts have broken numerous stories on the group, puts their number at 2,500. Russia’s regular forces in Syria total around 5,000, so when combined with its brigades from the North Caucasus and its PMCs, Moscow’s true ground strength in the country has swelled significantly. The first stage of Moscow’s Caucasian adventure in Syria ended on March 27, as the deployed Chechen military police returned home after their first tour. The soldiers were greeted by Kadyrov himself in Grozny and received several awards for their service. But the Chechens’ initial success appears to have earned them another tour. Less than a month after the return of the first military police battalion, Kadyrov announced on April 19 that a new unit of Chechens had just been deployed to Syria. The Ingush battalion, meanwhile, continues to function in Damascus, having been spotted in the center of the capital throughout April. There are signs that the Ingush battalion is becoming more involved in front-line action with rebel forces in the Syrian capital. In Damascus’s Jobar district, the scene of heavy fighting in March, rebels reportedly intercepted communications indicating that some Ingush officers, as well as some remaining Chechens, were coordinating much of the pro-government defense of the area. The Ingush battalion will reportedly return home from its tour in May. Another tour is yet to be announced for the Ingush battalion, but given the units’ early successes, expect to see Russia’s North Caucasian specialists appear in locations across Syria as the war grinds on. So far, the deployment of Chechen and Ingush forces has been very surgical, appearing only in areas and events Moscow considers critical to its aims in Syria. And while their role is unlikely to expand greatly anytime soon, the North Caucasian battalions will continue to serve as the tip of the spear in Moscow’s wider strategy to expand its influence in Syria. Christian Borys, an independent Canadian journalist focused on Eastern Europe and based in Ukraine, contributed to this report. Follow him on Twitter at: @itsborys.
News Article | May 6, 2017
Emmanuel Macron, head of the political movement En Marche !, or Onwards !, and candidate for the 2017 presidential election, is pictured through a window of his hotel during a campaign visit in Rodez, France, May 5, 2017. REUTERS/Regis Duvignau TPX IMAGES OF THE DAY FRANKFURT/PARIS (Reuters) - Leading French presidential candidate Emmanuel Macron's campaign said on Friday it had been the target of a "massive" computer hack that dumped its campaign emails online 1-1/2 days before voters choose between the centrist and his far-right rival, Marine Le Pen. Macron, who is seen as the frontrunner in an election billed as the most important in France in decades, extended his lead over Le Pen in polls on Friday. As much as 9 gigabytes of data were posted on a profile called EMLEAKS to Pastebin, a site that allows anonymous document sharing. It was not immediately clear who was responsible for posting the data or if any of it was genuine. In a statement, Macron's political movement En Marche! (Onwards!) confirmed that it had been hacked. "The En Marche! Movement has been the victim of a massive and co-ordinated hack this evening which has given rise to the diffusion on social media of various internal information," the statement said. An interior ministry official declined to comment, citing French rules that forbid any commentary liable to influence an election, which took effect at midnight on Friday (2200 GMT). The presidential election commission said in statement that it would hold a meeting later on Saturday after Macron's campaign informed it about the hack and publishing of the data. It urged the media to be cautious about publishing details of the emails given that campaigning had ended, and publication could lead to criminal charges. Comments about the email dump began to appear on Friday evening just hours before the official ban on campaigning began. The ban is due to stay in place until the last polling stations close Sunday at 8 p.m. (1800 GMT). Opinion polls show independent centrist Macron is set to beat National Front candidate Le Pen in Sunday's second round of voting, in what is seen to be France's most important election in decades. The latest surveys show him winning with about 62 percent of the vote. Former economy minister Macron's campaign has previously complained about attempts to hack its emails, blaming Russian interests in part for the cyber attacks. On April 26, the team said it had been the target of a attempts to steal email credentials dating back to January, but that the perpetrators had failed to compromise any campaign data. The Kremlin has denied it was behind any such attacks, even though Macron's camp renewed complaints against Russian media and a hackers' group operating in Ukraine. Vitali Kremez, director of research with New York-based cyber intelligence firm Flashpoint, told Reuters his review indicates that APT 28, a group tied to the GRU, the Russian military intelligence directorate, was behind the leak. He cited similarities with U.S. election hacks that have been previously attributed to that group. APT28 last month registered decoy internet addresses to mimic the name of En Marche, which it likely used send tainted emails to hack into the campaign’s computers, Kremez said. Those domains include onedrive-en-marche.fr and mail-en-marche.fr. "If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the U.S. presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome," Kremez said. France is the latest nation to see a major election overshadowed by accusations of manipulation through cyber hacking. U.S. intelligence agencies said in January that Russian President Vladimir Putin had ordered hacking of parties tied to Democratic presidential candidate Hillary Clinton to influence the election on behalf of Republican rival Donald Trump. On Friday night as the #Macronleaks hashtag buzzed around social media, Florian Philippot, deputy leader of the National Front, tweeted "Will Macronleaks teach us something that investigative journalism has deliberately killed?" En Marche! said the documents only showed the normal functioning of a presidential campaign, but that authentic documents had been mixed on social media with fake ones to sow "doubt and misinformation".
News Article | May 8, 2017
The hackers behind a “massive and coordinated” attack on the campaign of France’s president-elect, Emmanuel Macron, have been linked by a number of cybersecurity research firms to the Russian-affiliated group blamed for attacking the Democratic party shortly before the US election. Tens of thousands of internal emails and other documents were released online overnight on Friday as the midnight deadline to halt campaigning in the French election passed. According to the head of Macron’s digital team, Mounir Mahjoubi, “five entire mailboxes” were “stolen”, with many of the accounts being personal Gmail mailboxes. New York’s Flashpoint and Tokyo-based Trend Micro have shared intelligence that suggests that the hacking group known variously as Advanced Persistent Threat 28, Fancy Bear and Pawn Storm was responsible. The group has been linked with the GRU, the Russian military intelligence directorate. Macron, an independent centrist, won Sunday’s runoff election against the far-right Marine Le Pen by a 66% to 34% margin. A congratulatory statement from the Kremlin, which had been widely seen as backing Le Pen, urged Macron to work with Russia to “overcome mutual mistrust and unite to ensure international stability and security”. In an interview on Monday with Radio France, Mahjoubi sought to play down the impact of the data release, saying there were “no secrets” in the emails. “You will find jokes, you will find tens of thousands of invoices from suppliers … And you will find hundreds of exchanges on the manifesto, on organising events. In fact, all that makes a campaign.” He said, however, that some among the thousands of published documents were fake. “There are files that have been added to these archives … fake emails that have been added.” Despite the strong technical abilities believed to be possessed by APT 28, its primary route of attack is a simple yet effective method known as spear phishing: creating fake login pages targeted at individuals in an attempt to encourage them to enter their usernames and passwords, giving the hackers access to confidential information. They can then repeat the process, using the confidential information to craft even more convincing phishing pages, until they have stolen significant amounts of data. Vitali Kremez of Flashpoint said his review indicated APT 28 was behind the leak. As part of the group’s spear phishing technique, it needs to register and control web addresses which could plausibly fool a target into thinking they were logging into a legitimate website. In the US elections, one such address (“myaccount.google.com-changepasswordmyaccount-idx8jxcn4ufdmncudd.gq”) was designed to look like an official Google page. Last month, APT 28 registered decoy internet addresses to mimic the name of Macron’s movement, En Marche!, which it probably used to send emails to hack into the campaign’s computers, Kremez said. Those domains include onedrive-en-marche.fr, designed to appear like an official Microsoft address, and mail-en-marche.fr, which pretended to be a webmail site. “If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the US presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome,” Kremez said. Trend Micro also identified links between the hacks, noting that the same organisation registered the fake Google address used in the hacks of the Democratic party’s national committee in April 2016 and the Macron address in March this year. That organisation had also registered domain names with the apparent purpose of stealing details from Germany’s Christian Democratic Union, through the party’s foundation arm Kas, and from MPs in Montenegro, where the government said last year said a coup plot had aimed at derailing the country’s elections. Ryan Kalember of information security firm Proofpoint said there was evidence that En Marche!’s attacker had Russian connections. “Some of the metadata from this breach clearly indicates that certain documents, such as those with Macron’s ‘Bahamian bank accounts’, were edited on computers with Russian language operating systems,” he said. Kalember said that was also a warning that some of the claimed leaked documents may be fake. “It’s absolutely critical that French citizens confirm the legitimacy of the news they are reading as this story develops. Make sure it is a reputable outlet and check multiple sources to confirm accuracy.” A number of factors appear to have lessened the impact of the hacks, from the late date when the stolen data was released – two days before Sunday’s runoff vote – to the rapid response of the French electoral authorities. The presidential electoral authority, the CNCCEP, warned broadcasters and the public to avoid sharing details gleaned from the documents, 9GB of which were posted by a user calling themselves Emleaks to the anonymous data-sharing site Pastebin. Another factor may have been the response of the Macron campaignIt intervened an hour before the legally imposed blackout on public statements from election candidates to report that many of the documents being shared were fake. The Daily Beast claimed that rather than being faked by the hackers or those reposting the data, the bogus information had been planted by the Macron campaign, which had become aware it was the target of a phishing campaign and flooded the hackers with false information. The Macron campaign reportedly turned the spear phishing strategy against the attackers, by flooding “these addresses with multiple passwords and logins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out”, according to Mahjoubi. As well as the fake documents that he alleged had been added by the hackers, “there is also information that we had sent in counter-retaliation for phishing attempts”, he told Radio France.
News Article | November 22, 2016
NEW YORK--(BUSINESS WIRE)--Fitch Ratings has affirmed the ratings on the following bonds for the city of Gainesville, Florida: --Approximately $900 million in outstanding utility system revenue bonds, multiple series at 'AA-'; --$85 million utilities system tax-exempt commercial paper (CP) notes program series 2010C at 'F1+'. The Rating Outlook is Stable. SECURITY The revenue bonds are secured by a first lien on the net revenues of Gainesville Regional Utilities (GRU), which is the combined ele
News Article | December 12, 2016
In the closing days of the 2016 election campaign, hackers believed to be working for Russian intelligence launched a new wave of attacks on Hillary Clinton’s campaign and the Democratic National Committee — a previously unreported cyberoffensive that heightened concerns, now endorsed by the CIA, that the Russian government was seeking to influence the outcome of the election in favor of Donald Trump, according to sources familiar with the investigations into the attempted intrusions. The attacks came in the form of so-called “phishing” emails sent to nearly a dozen campaign and committee staffers in a renewed effort at penetrating their networks, said Dmitri Alperovitch, the co-founder and chief technology officer of CrowdStrike, the cybersecurity firm hired by the DNC to repel attacks on its network. Staffers at that point were alert enough to reject entreaties to click on the unsolicited email messages that would have allowed the hackers into their computers, he said. But at least one top Clinton campaign staffer, communications director Jennifer Palmieri, told Yahoo News on Sunday that she received an alert from Google in mid-October informing her that her personal Gmail account had been targeted by a “foreign state” actor and that her password needed to be changed. “They were targeting us throughout the election,” said another former senior Clinton campaign staffer, who asked not to be identified. “They never stopped trying to get back in.” The disclosure of the late campaign attack could fuel a mounting controversy over U.S. intelligence findings that link Russian intelligence to the cyberattacks for the express purpose of throwing the election as part of a campaign, orchestrated in Moscow, to defeat Clinton. The Washington Post reported Saturday that the CIA has briefed members of Congress on an assessment that the Russians targeted Democratic political organizations and campaign officials as part of a specific effort to defeat Clinton and elect Trump. This goes beyond an earlier public finding that U.S. intelligence officials were “confident” that the Russian government was behind the cyberattacks, but did not ascribe a motive for the Russians doing so. One piece of damning evidence behind the new finding is that the CIA and the FBI have both identified specific individuals associated with or close to the Russian government who provided the DNC emails to WikiLeaks, which began publishing them in July, a senior law enforcement official told Yahoo News. Despite reports of a clash between the CIA and the FBI over the motive behind Russia’s intelligence service in launching the operation, the differences are more a matter of “degree” and emphasis, with the FBI believing there may have been “mixed” motives for the Russian effort, the official said. Still, “we all agree they did these things,” the official said. But President-elect Trump doubled down on his rejection of the intelligence findings in an interview with Fox News anchor Chris Wallace that aired Sunday, dismissing any conclusion that points to Russian government involvement. “I think it’s ridiculous,” Trump told Chris Wallace in interview that aired on “Fox News Sunday,” his first Sunday show sit-down since winning the election. “I don’t believe it.” “If you look at the story and you take a look at what they said, there’s great confusion,” Trump added. “Nobody really knows, and hacking is very interesting. Once they hack, if you don’t catch them in the act you’re not going to catch them. They have no idea if it’s Russia or China or somebody. It could be somebody sitting in a bed someplace. I mean, they have no idea.” Alperovitch of CrowdStrike, the cybersecurity firm that first publicly linked the cyberattacks to Russian intelligence, said Sunday that he was “puzzled” by Trump’s remarks and assumes he has not yet been fully briefed on the matter. (CrowdStrike, whose principals include Shawn Henry, the former chief of the FBI’s cyber division, was initially hired by the DNC to investigate the cyberattacks and defend its network last May.) “At this point, the matter of attribution on the intrusions has been settled,”Alperovitch said. “There is nobody that looks at the evidence who disputes this.” Asked his level of confidence in his firm’s findings, he responded “100 percent.” CrowdStrike Co-Founder and Chief Technology Officer Dmitri Alperovitch speaks during the Reuters Media and Technology Summit in June. (Photo: Keith Bedford/Reuters) Much of the evidence, he said, revolves around the nature of the sophisticated tools used by the attackers on the DNC and forensic evidence showing strong similarities to Russian cyberattacks that have occurred in Ukraine and other Eastern European countries — as well as to intrusions of the Joint Chiefs of Staff, the White House and the State Department and other U.S. government agencies. “The digital fingerprints are of the same origin,” said Alperovitch. CrowdStrike initially identified two sets of attackers on the DNC’s servers: One, dubbed “Cozy Bear,” was associated with the Russian FSB (the successor to the Soviet KGB) and which first breached the DNC’s network in the summer of 2015. Another, dubbed “Fancy Bear,” has been associated with Russia’s military intelligence service, the GRU. The latter infiltrated the DNC’s network in late April of this year in what turned into a far more devastating attack, resulting in the disclosure of 20,000 internal DNC emails to WikiLeaks — an act, according to Alperovitch, of “information warfare.” (He acknowledged that a third Russian intelligence service, the SVR, which has responsibility for foreign intelligence operations, may also have been involved.) “When we look at this over 10 years — literally hundreds of intrusions — [and] you look at the tradecraft, you look at the victims, it all points to Russian intelligence services,” Alperovitch said. In addition, he said, there was another separate cyberattack discovered in late September from an undetermined party that penetrated DNC computers with software containing sensitive voter analytic data that was being provided in regular memos to Clinton campaign manager Robby Mook, the sources said. The breach was detected by CrowdStrike, and the cyberinvaders were expelled from a cloud server housing the data; this server was distinct from the DNC’s internal computer network that had been previously breached, he said. But the intruders were never identified, and it was never determined whether the data — containing detailed reports on voter registration and estimates of likely voter participation in the November election — was ever actually stolen. People gather near the headquarters of the Federal Security Service in Moscow. (Photo: Sergei Karpukhin/Reuters) Alperovitch said he doesn’t know whether these hackers were associated with Russian intelligence; they used different methods and publicly available cybertools to pull it off — also he said the DNC never authorized his firm to conduct a full investigation. But he said the late October “phishing” attacks on the DNC and the Clinton campaign resembled the earlier Fancy Bear attacks, leading him to conclude they were likely the work of the GRU. Moreover, attacks by the Cozy Bear intruders have continued throughout the fall, targeting multiple organizations, including think tanks and universities whose scholars work on Russian policy issues, he said. And even more recently, he said, there was evidence that the separate “Fancy Bear” hackers are now also attacking political organizations in Germany and elsewhere in Europe in an apparent attempt to meddle in their elections as well. (The chief of German domestic intelligence said last week that there has been a recent increase in “aggressive cyberespionage” against German politicians and warned about “growing evidence for attempts to influence the [German] federal elections next year.” “These activities have not stopped,” said Alperovitch. “Now that they were executed [in the United States] and they have a successful playbook, I fully expect they are going to continue.” Russian President Vladimir Putin and Defense Minister Sergei Ivanov visit the Defense Ministry’s Main Intelligence Directorate, known by its Russian acronym GRU, in Moscow. (Photo: ITAR-TASS, Dmitry Astakhov, Presidential Press Service/AP)
News Article | February 15, 2017
In October of 2014 an American security company revealed that a group of hackers affiliated with the Russian government, dubbed APT28, had targeted Georgia and other Eastern European countries in a wide-ranging espionage campaign. Two and a half years later, APT28—also known as "Fancy Bear" or "Sofacy"—is a household name not just in the cybersecurity industry, but in the mainstream too, thanks to its attack on the US Democratic party and the ensuing leaks of documents and emails. Before that report by FireEye, APT28 was a well-kept secret within the cybersecurity industry. At the time, several companies were willing to share information about the hacking group. Even Google investigated the group, and penned a 40-page technical report on the hacking group that has never been published before. Read more: How Hackers Broke Into John Podesta and Colin Powell's Gmail Accounts This sort of document, which Motherboard obtained from two independent sources, may be a common sight in the threat intelligence industry, but the public rarely gets to see what such a report from Google looks like. The report draws from one of Google's most interesting sources of data when it comes to malware and cybersecurity threats: VirusTotal, a public malware repository that the internet giant acquired in 2012. Sofacy and X-Agent, the report read, referring to the malware used by APT28, "are used by a sophisticated state-sponsored group targeting primarily former Soviet republics, NATO members, and other Western European countries." "It looks like Google researchers were well aware of Sofacy before it was publicly disclosed." While Google security researchers don't dwell into who's really behind these operations, they do hint that they agree with the now widespread belief that APT28 works for the Russian government in a clever, indirect, way—in the very title of the report: "Peering into the Aquarium." While that might seem like an obscure title, for those who follow Russian espionage activities, it's a clear reference to the headquarters of the military intelligence agency known as GRU or Glavnoye Razvedyvatel'noye Upravleniye, which are popularly known as "The Aquarium." "It looks like Google researchers were well aware of Sofacy before it was publicly disclosed," Matt Suiche, a security researcher and the founder of Comae Technologies and the OPCDE conference, told Motherboard in an online chat after reviewing the report. "And also attributed Sofacy and X-Agent to Russia before it was publicly done by FireEye, ESET or CrowdStrike." In its report Google security researcher note that APT28 attacks a large number of targets with its first-stage malware Sofacy, but only uses the more tailored and sophisticated X-Agent, which was recently used against Ukraine's military units, for "high-priority targets." "Sofacy was three times more common than X-Agent in the wild, with over 600 distinct samples," Google's report stated. Asked for comment, a Google spokesperson said via email that the company's "security teams are constantly monitoring potential threats to internet users, and regularly publish information to better protect them." The report noted that Georgia had the highest ratio of submissions of Sofacy malware, followed by Romania, Russia and Denmark. While this report is now a bit dated, it shows that for all its sophistication, APT28 has been often caught in the act of hacking politically interesting targets, betraying the origin of the hackers behind the dry nickname. It also reveals how much a company like Google, which doesn't have software installed on thousands of customers computers like other antivirus and security vendors, can still learn a lot about government hacking groups thanks to the other data it has access to. Get six of our favorite Motherboard stories every day by signing up for our newsletter .
News Article | November 2, 2016
Microsoft's Windows chief has accused a notorious group of hackers - previously linked to Russia - of making use of an unpatched flaw in its operating system. Terry Myerson said Strontium was exploiting the bug to infect PCs in order to get access to potentially sensitive data. Strontium is also known as APT28 and Fancy Bear, and has previously been blamed for attacking a French TV network and the US Democratic Party. Microsoft says it is working on a fix. It intends to release the patch next week. Other cybersecurity researchers say analysis of the hackers' previous activities suggests they are Russians, or at least citizens of a neighbouring country who can speak Russian, and appear to be acting in Moscow's interests rather than for personal profit. FireEye - a company whose clients include the US Department of Defense - has gone so far as to say the attackers are "most likely sponsored by the Russian government". But the link has never been conclusively proven, and the Kremlin has repeatedly denied its involvement. It's unusual for the big tech companies to reveal a software flaw in their products before they have a fix, because it flags the problem to cybercriminals. Indeed, Microsoft had planned to stay quiet about this bug until it had a solution. But Google forced its hand when it published details of the issue on Monday. Microsoft was irked. But Google justified its move saying: "This vulnerability is particularly serious because we know it is being actively exploited." Mr Myerson has confirmed the issue is with a system file, which Windows requires to display graphics. The company says customers using both the latest version of Windows 10 and Microsoft's own Edge web browser should be safe but acknowledges others remain at risk. However, it says the attack only works if a user also has Flash installed, and a newly released version of Adobe's media plug-in also provides protection. Regarding Strontium itself, Microsoft says the hackers have come up with more types of novel attack - known as zero-days - than any other tracked group this year. "Strontium frequently uses compromised email accounts from one victim to send malicious emails to a second victim and will persistently pursue specific targets for months until they are successful in compromising the victims' computers," Mr Myerson wrote. "Once inside, Strontium moves laterally throughout the victim network, entrenches itself as deeply as possible to guarantee persistent access, and steals sensitive information." The hackers are believed to have used spearphishing - a technique that involves targeting specific individuals with emails and other messages that seek to fool them into revealing their logins. The attackers have a reputation for being persistent. They have been known to repeatedly send messages to high-value individuals for more than a year, if necessary, until one succeeds. Neither Google nor Microsoft have said who received the latest batch of booby-trapped emails. But Microsoft has previously said of the hackers' typical prey: "Its primary institutional targets have included government bodies, diplomatic institutions, and military forces and installations in Nato member states and certain Eastern European countries. "Additional targets have included journalists, political advisers, and organisations associated with political activism in Central Asia." The group has also been called Sofacy, Sednit and Pawn Storm, and has been linked to attacks dating back to 2007. It appears to operate its own website, where it calls itself Fancy Bears. It was used to leak confidential medical files about US Olympic athletes earlier this year, which had been stolen from the World Anti-Doping Agency. The site suggests the group is part of the wider Anonymous hacktivist collective, although this may be an attempt at misdirection. Months earlier, cybersecurity company Crowdstrike accused the hackers of breaching the US Democratic Party's governing body's network. It suggested they might be affiliated with the GRU, Russia's military intelligence service. "Their tradecraft is superb, operational security second to none, and the extensive usage of 'living-off-the-land' techniques enables them to easily bypass many security solutions they encounter," it said in a report. Other activities blamed on the team include: No. Security company Trend Micro has previously linked the hackers to malware designed to infect jailbroken iPhones and iPads. Microsoft says it has also observed the group using web domains customised to compromise Mac and Linux computers in other campaigns. In the past, Kremlin spokesman Dmitry Peskov has strenuously denied allegations that the hackers are directed or supported by the Russian government or its intelligence services. He has said the claims are "unfounded" and "do not contain anything tangible". "There's no smoking gun," says Alan Woodward, a security consultant who advises Europol and has worked with GCHQ in the past. "But the amount of circumstantial evidence is certainly mounting. "What most of the government agencies are saying is that the Russian government doesn't seem to be doing anything to stop them, which kind of tells a story in itself."
News Article | December 22, 2016
The same Russian intelligence hackers who attacked the Democratic National Committee and stole thousands of internal emails used computer malware to penetrate the Android cellphone of a Ukrainian military officer, enabling the Russian military to target and destroy Ukrainian artillery forces in that country, according to a new report released Thursday by a top cybersecurity firm. The report is by CrowdStrike, the firm that was hired by the DNC last spring and that first linked the hack of the committee’s computers to Russian hackers it called “Fancy Bear.” Its new analysis further strengthens the case that these same Fancy Bear hackers are closely tied to the Russian military, said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike. “The same hackers that have stolen files from the DNC are engaged in the identification and targeting of Ukrainian forces in eastern Ukraine,” said Alperovitch in an interview with Yahoo News. “This establishes a connection between Fancy Bear and the Russian military at an operational level.” The deployment of Fancy Bear hacking tools in the Ukrainian conflict is, in one sense, not a surprise. Ever since CrowdStrike first published its report linking the DNC hack to Fancy Bear, the firm has contended the perpetrators were closely associated with the GRU, the name of Russia’s military intelligence service. But the new report being published Thursday would appear to make the linkages even stronger, suggesting that Fancy Bear hackers even used the identical malware to penetrate both the DNC and the Ukrainian military. According to its new report, the malware was likely initially designed in order to target a mobile app that had been developed by a Ukrainian military officer, part of that country’s 55th Artillery Brigade, to enable his country’s artillery forces to more rapidly fire D-30 Howitzers against Russian separatist forces, backed by the Russian military, in eastern Ukraine. The military officer, a Russian language speaker, in April 2013 surprisingly promoted the app as “modern combat software” on a Russian language social media site. This apparently drew the attention of the Fancy Bear hackers, who regularly monitor such sites, according to the CrowdStrike report. The hackers then developed a malware dubbed “X-agent” to infiltrate the officer’s Android app sometime in late 2014 — a year of turmoil in Ukraine when then pro-Russian president Viktor Yanukovych fled the country following protests in Maiden Square, and military conflict broke out with an estimated 10,000 Russian troops moving into the country. The report says Russian troops then used the X-agent malware to pinpoint the location of Ukrainian Howitzers and destroy them. This resulted in potentially hundreds of Ukrainian casualties, according to Alperovitch. Relying in part on open source media reports and eyewitness accounts, the report notes that the Russians used drones to develop more precise locational data for Ukrainian positions, “introducing the possibility that the Android malware served to support the reconnaissance role of traditional battlefield assets.” But what may be most significant, according to Alperovitch, is that the same X-agent malware was later used by Fancy Bear to attack the DNC. “We have ONLY seen Fancy Bear use it and no other group ever,” he wrote in an email to Yahoo News. “Its source code is also not publicly available and has never been seen on any underground forums.”
Biochimica et Biophysica Acta - Molecular Basis of Disease | Year: 2013
Parabiosis is a chronic preparation that allows exchange of whole blood between two animals. It has been used extensively to test for involvement of circulating factors in feedback regulation of physiological systems. The total blood volume of each animal exchanges approximately ten times each day, therefore, factors that are rapidly cleared from the circulation do not reach equilibrium across the parabiotic union whereas those with a long half-life achieve a uniform concentration and bioactivity in both members of a pair. Involvement of a circulating factor in the regulation of energy balance was first demonstrated when one member of a pair of parabiosed rats became hyperphagic and obese following bilateral lesioning of the ventromedial hypothalamus. The non-lesioned partner stopped eating, lost a large amount of weight and appeared to be responding to a circulating "satiety" factor released by the obese rat. These results were confirmed using different techniques to induce obesity in one member of a pair. Studies with phenotypically similar ob/ob obese and db/db diabetic mice indicated that the obese mouse lacked a circulating signal that regulated energy balance, whereas the diabetic mouse appeared insensitive to such a signal. Positional cloning studies identified leptin as the circulating factor and subsequent parabiosis studies confirmed leptin's ability to exchange effectively between parabionts. These studies also suggest the presence of additional unidentified factors that influence body composition. © 2013 Elsevier B.V.