07.18.154:38 PM ET

*Exclusive: Russian Hackers Target The Pentagon*

A sophisticated group of hackers, who earlier targeted the White House and
State Department, have launched a stealth phishing campaign on the
Pentagon.

Hackers linked to Russia who penetrated the computer networks of the White
House and the State Department have turned their sights on the Pentagon,
The Daily Beast has learned. And this time the hackers are using more
sophisticated technologies that make them exceptionally hard to detect and
that allow them to cover their tracks.

The Daily Beast obtained an email notice that the Defense Department sent
Friday warning “at least five” DOD computer users have been targeted in the
latest campaign. The notice linked these attacks to penetrations
<http://www.thedailybeast.com/articles/2015/04/08/obama-to-putin-stop-hacking-me.html>
of unclassified networks at the White House and State Department that began
last year and were reported in April. The notice doesn't specify whether
any information has been stolen, nor does it indicate which agencies the
targeted victims work in.

But based on the technical details contained in the notice, the hackers are
upping their game and employing even more advanced methods to trick users
into downloading viruses onto their computers that can then siphon off
files, messages, and other sensitive information.

“The sophistication of this attack far surpasses anything we have seen to
date from any state actors,” said Michael Adams
<https://twitter.com/mla1396>, a computer security expert who served more
than two decades in the U.S. Special Operations Command. The Daily Beast
shared the technical details of the malware with Adams, who said it
employed tools that make the intruder extraordinarily difficult to detect.

“To use a military analogy, the level of sophistication of this attack is
like comparing a World War I propeller-driven fighter plane to a stealth
bomber coming in under the radar, completely destroying its target, and
leaving before the enemy even realizes they have been attacked,” Adams
said.

In the new campaign, which the notice says was detected on July 8, the
victims received emails that purported to come from the National Endowment
for Democracy, a prominent non-profit organization in Washington that
receives congressional funding. The group supports pro-democracy efforts
around the world, including in Russia and China, where hackers who recently
stole
<http://www.thedailybeast.com/articles/2015/06/24/hackers-stole-secrets-of-u-s-government-workers-sex-lives.html>
personal records from more than 22 million current and former U.S.
government employees are believed
<http://www.thedailybeast.com/articles/2015/07/09/security-firm-china-is-behind-the-opm-hack.html>
to be based.

The emails contained a link that, when clicked, takes recipients to an
infected server on the organization’s network. It then downloads malicious
software on to the victim’s computer.

A spokesperson for the National Endowment for Democracy didn’t respond to
requests for comment.

“To use a military analogy, the level of sophistication of this attack is
like comparing a World War I propeller-driven fighter plane to a stealth
bomber.”

The notice says that the campaign is using a “variant” of the the malware
reported in April, but this campaign appears to be more advanced in several
respects. The hackers are using multiple forms of encryption and secure
communication channels. They’re also able to erase traces of the intrusion,
which can make it difficult to know what the hackers stole and whom they
infected.

In another clever trick, the infected server at the pro-democracy group
actually delivers two documents to the intended victim—one a “benign
document” such as a pdf or audio file, and the other a “malware loader”
that starts running unbeknownst to the victim.

The malware works in stages. Once implanted, it calls out to another server
and downloads a second file containing more malicious software. That
communication occurs via an encrypted connection designed to avoid
eavesdropping.

A Defense Department official acknowledged that the notice had been sent
but declined to comment further on the hacking campaign. "There are
thousands of attempts to hack DOD every day. We have processes and
procedures in place to mitigate those attempts,” the official told The
Daily Beast.

A spokesperson for the National Security Council referred queries to the
Pentagon.

The notice, which was distributed to Defense Department contractors and
others cleared by the Pentagon to receive security warnings, says that it
was as an “anticipatory intelligence product,” which may indicate that the
Pentagon thinks it caught onto the hacker campaign early. But it provides
no information on how many Defense employees may have been targeted or
infected, beyond the five people to whom the legitimate-looking emails,
known as spear phishes, were sent. And the notice doesn’t say whether any
of those employees clicked on the dangerous link and downloaded the
malicious software.

“While I am somewhat comforted to hear that the malware was discovered on
some systems, it is a virtual certainty that there are more instances of
this malware inside the DOD and whatever other parts of our infrastructure
this enemy has targeted,” Adams said.

A separate notice sent Friday by the FBI, also obtained by The Daily Beast,
warns that hackers are now targeting “U.S. government agencies and private
sector companies” via a vulnerability in Adobe Flash. That vulnerability
was publicly disclosed earlier this month when the Italian company Hacking
Team, which collects and sells information about flaws in software, was
itself the victim of a massive penetration that exposed
<http://www.thedailybeast.com/articles/2015/07/06/u-s-hired-dictators-favorite-hackers.html>
the company’s inner workings and its business dealings with the U.S.
government as well as a host of despotic regimes around the world.

The FBI warning is apparently unrelated to the one from DOD. But it
underscores the pervasiveness of hacking campaigns in the U.S. today, and
how government security officials find themselves scrambling to prevent
more intrusions.




__._,_.___
 ------------------------------
Posted by: "Beowulf" <[email protected]>
------------------------------


 Visit Your Group
<https://groups.yahoo.com/neo/groups/grendelreport/info;_ylc=X3oDMTJmcXFhbWRiBF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2Z2hwBHN0aW1lAzE0Mzc0MTA4MzY->


 [image: Yahoo! Groups]
<https://groups.yahoo.com/neo;_ylc=X3oDMTJlZW8wNjZtBF9TAzk3NDc2NTkwBGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDZnRyBHNsawNnZnAEc3RpbWUDMTQzNzQxMDgzNg-->
• Privacy <https://info.yahoo.com/privacy/us/yahoo/groups/details.html> •
Unsubscribe <[email protected]?subject=Unsubscribe>
• Terms of Use <https://info.yahoo.com/legal/us/yahoo/utos/terms/>

__,_._,___

-- 
-- 
Thanks for being part of "PoliticalForum" at Google Groups.
For options & help see http://groups.google.com/group/PoliticalForum

* Visit our other community at http://www.PoliticalForum.com/  
* It's active and moderated. Register and vote in our polls. 
* Read the latest breaking news, and more.

--- 
You received this message because you are subscribed to the Google Groups 
"PoliticalForum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to