[ad_1]
WASHINGTON: Exactly seven months before the 2016 presidential election, pirates of the Russian government have made it into the network of a Democratic Committee.
One of their carefully written fraudulent emails prompted an employee to click on a link to enter
This violation of the Democratic Congressional Campaign Committee was the first major step in accessing the Committee's network National Democratic
To steal politically sensitive information, prosecutors say that hackers have exploited some of the United States. IT infrastructure against it, using rented servers in Arizona and Illinois. The details were included in an indictment released Friday by the special advocate Robert Mueller, who accused the GRU, the Russian military intelligence agency, of participating in a vast conspiracy for S & # 's 39 Ingest in the 2016 presidential election. The companies that operate the servers have not been identified in court documents.
Russians are accused of exploiting their access to powerful and inexpensive servers in the world – readily available for hire – that can be used to commit crimes with impunity. Reaching the oceans and entering networks without borders can obscure their origins.
The indictment painstakingly reconstructs hacker movements using web servers and a complex operation of bitcoin financing.
Two Russian hacking units were tasked. the management of a hacking tool called "X-agent" that has been implanted on computers. The software allowed them to monitor the activity of individuals on computers, steal passwords and maintain access to hacked networks. He captured every keystroke on the infected computers and took screenshots displayed on computer screens, including an employee consulting the DCCC's online banking information
from April to April. June 2016, hackers have installed updated versions of their software on at least. The software transmitted information from infected computers to a server rented by GRU in Arizona, according to the indictment. Hackers have also created a computer overseas to serve as an "intermediary server" in order to obscure the connection between the DCCC and the Arizona-based server of hackers
Once the hackers accessed the DCCC network, included "hillary", "cruz", and "trump" and copied selected records, including "Benghazi Investigations."
In emails, hackers incorporated a link that purported to be a spreadsheet of Clinton's favorability ratings, but instead the computers to send his data to a website created by GRU.
Meanwhile, at about the same time, hackers broke into 33 DNC computers and installed their software on their network. The keystrokes and screen shots of the DCCC and DNC computers, including an employee consulting the DCCC's banking information, were returned to the Arizona server
Russian hackers used other software developed under X -Tunnel to move stolen documents via encrypted channels.
Despite the use of US-based servers, these providers are generally not legally liable for criminal activity unless it can be proven in federal court that the company is not responsible for criminal activity. operator was party to the criminal activity.
A 1996 federal law protects Internet providers from liability for the manner in which customers use their service and, with some exceptions, grants immunity to providers. The law is considered a key element of the legal Internet infrastructure, preventing providers from facing the mammoth task of monitoring the activity on their servers.
"The fact that someone supplies hardware and / or connectivity Theft of data will not be attributed to the seller in this circumstance," said Eric Goldman, law professor and co-director of the High Tech Law Institute The notable exception, however, is if federal prosecutors bring a criminal charge for violations of a federal criminal law.
In this case, " we will require a high level of knowledge of their activity or intent, "Goldman
When the DNC and the DCCC realized that they had been hacked, they hired a cybersecurity firm, Crowdstrike, to determine the extent of the intrusions Crowdstrike, referred to as "Company 1" in the indictment, took steps to chase the hackers out of the networks around June 2016. But for months, the Russians have escaped their querers and a version of the malware remained on the network until October. Return to an Internet address registered at the GRU.
"We have no information suggesting that it has been communicated successfully," said Adrienne Watson, deputy communications director of the DNC
. Officials would have searched online for information about Company 1 and what it had stated regarding the use of X-Agent malware and attempted to delete their traces on the DCCC network using known commercial software. under the name CCleaner. Although Crowdstrike disabled X-agent on the DCCC network, hackers spent seven unsuccessful hours trying to connect to their malware and tried to use stolen credentials to access the network on June 20, 2016.
The indictment also shows government hackers on American technology companies such as Twitter, to disseminate its stolen documents.
Hackers also accessed DNC data in September 2016 by entering Amazon's DNC cloud-hosted computers. Hackers used the backup feature of Amazon Web Services to create "snapshots" that they moved to their own Amazon cloud accounts. Amazon also provides cloud services for various government agencies, including the Central Intelligence Agency.
Source link