The U.S. government announced this Thursday a set of sanctions on Russia for attempting to influence last November's elections through cyberattacks. This is how the interference occurred that brought to light internal communications of the Democratic Party, according to a joint report from the U.S. Department of Homeland Security and the Federal Bureau of Investigation (FBI), the most detailed one the White House has released to date.
Who are the hackers
The U.S. government attributes the cyberattacks to two Russian espionage groups, identificados como APT28 y APT29 —APT corresponde a las siglas de ‘amenaza avanzada persistente’, In English. El primero de ellos es el responsable de los ataques realizados en la primavera de 2016, mientras que el segundo operaba desde el verano del año anterior. Según el FBI, funcionaban en Internet con identidades como CosmicDuke, CrouchingYeti, Dragonfly, Skipper o Waterbug, among others.
En qué consisten los ataques
La actividad “maliciosa”, apodada por el gobierno estadounidense como GRIZZLY STEPPE, tenía como objetivo “comprometer y explotar las redes y los servidores asociados a las elecciones de EE UU”. Todo empezaba en lo que la inteligencia de EE UU describe como “espacio adversario”, desde el que los piratas informáticos conectaban con la infraestructura de Internet considerada como “espacio neutral”. Desde estos servidores, los hackers enviaban códigos maliciosos para conectarse con el “espacio de la víctima”, como eran, For example, los sistemas informáticos del Partido Demócrata.
A quién espiaron
Los ataques perpetrados desde el verano 2015 y reiterados después en la primavera de 2016 tenían como objetivo, según EE UU, “agencias gubernamentales, critical infrastructures, universidades, organizaciones políticas y empresas” con el fin de “robar información”. El FBI asegura en su informe que los servicios de inteligencia rusos acostumbran a crear identidades falsas en el extranjero para operar en Internet, confuse the victims of their attacks and 'make them wrongly attribute responsibility for the attack'.
What they achieved
In addition to the malicious code inserted into the computer infrastructure of their targets, the hackers also sent in 2016 a series of emails to more than 1000 potential victims. Those messages contained a link to a page created by the hackers, that seemed perfectly legitimate and that asked the user to change the password. Once this step was taken, the spies gained access to the networks containing, among others, the internal emails of the Democratic Party and members of Hillary Clinton's campaign. That information was later forwarded to databases controlled by the hackers through secure 'tunnels' created by themselves and disseminated on the Internet by agents like Wikileaks or on different websites.
Who supports this information
The joint report has been prepared by the US intelligence community, which includes agencies such as the FBI, el Departamento de Seguridad Nacional, the Director of National Intelligence, private companies and other entities that have provided the 'technical evidence' that supports it. The past 7 October, just a month before the presidential elections, the National Intelligence Department had already published a report on election security that warned of this situation.
What measures does the U.S. recommend to defend against new attacks
U.S. intelligence agencies recommend that all departments review their operating systems to detect the most vulnerable entry points, as well as restrict the number of people who have the necessary credentials to access sensitive information. The FBI states in its report that 'attackers are increasingly focused on gaining access to the credentials of the highest privilege accounts' and recommends that permissions be reduced to only those necessary to perform the work assigned to each employee.
Fountain: El País