The Russians Are Coming! Or Are They?

The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.

The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups.    But we have discussed previously how the Russian government is using Russian cyber-criminals as contractors in order to maintain plausible deniability.

What sort of proof does the US intelligence community have?  The FBI and DHS released a report that included a malware sample and several IP addresses used by the attackers.  WordFence Security published an analysis of the malware and IP addresses in their blog.   The malware sample is an out-dated version of a Ukrainian sourced PHP exploit that can be used to compromise WordPress websites.  The IP addresses were located all over the world, the top three sources in order,  were Unknown, United States, and Russia.  And 17% of them were TOR exit nodes, which could be used by anyone using TOR.  Their research did not find conclusive evidence implicating the Russian government directly.  I encourage you to click over to their article.

Do I believe the Russians, and more specifically, the Russian government and Vladimir Putin were behind these attacks on our electoral system?  Sure I do.  Who else?  But I also believe that they are not the first or only country to interfere in the elections of another country.  I do not believe their activity changed the outcome of the election.  I believe our own government, and several others (UK, Israel) has the same capabilities, and would not have developed these capabilities if they were not planning to use them.

Did the Russians really hack the Vermont electric utility as hysterically reported by the mainstream press?   According to researchers at WordFence, “A Vermont electrical utility found a sample of what is in the DHS/FBI Grizzly Steppe report on a single laptop. That laptop was not connected to the Electric Grid network. It was reported as Russia hacking the US electrical grid.”  So, no.  I mean, think about it, if you are looking to make a dent in the US electric grid, are you going to start with Vermont?  Really?  According the the second report by WordFence, (below) a single laptop was infected with the PHP malware in the FBI/DHS Report, and that was the “proof.”

Well-known cybersecurity journalist Brian Krebs been conspicuously silent about these events because there is no way to verify what the government is telling us.  He just released a post where he explains his reluctance.  From his column:

“The public might also be deeply suspicious of hacking claims from a government that practically invented the art of meddling in foreign elections. As Nina Agrawal observes in The Los Angeles Times, the “U.S. has a long history of attempting to influence presidential elections in other countries – it’s done so as many as 81 times between 1946 and 2000, according to a database amassed by political scientist Dov Levin of Carnegie Mellon University.” Also, when it comes to hacking power plants, the U.S. and Israel have probably done more damage than anyone else with their incredibly complex Stuxnet virus, which was created as a weapon designed to delay Iran’s nuclear ambitions and opened a virtual Pandora’s Box.”

I also think that the timing of this action by the US has other ends in mind.  The outgoing administration, headed by a member of the losing party in this last election, is trying to call into question the validity of the last election, and indirectly, the legitimacy of the Trump presidency.

It also creates tension between the US and Russia, a country that Trump has indicated that he would like to improve relations with.  This will leave Trump with the decision to rescind the diplomatic expulsion in order to mend relations with Russia, or leaving it stand.  Either choice will be politically difficult for the new president, and sure to stir up controversy either way.

The Russians also just brokered a peace deal between the Assad regime in Syria, and all the rebel groups except Daesh and the Kurdish separatists.  Could the US be upset at being upstaged in international relations, too?

 

This whole thing has a bad smell to it.  Decide for yourself.  Just bear in mind the the real motives may not be the ones that are publicly announced.

More information:

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.