Anatomy of a Russian cyber attack

Interesting article on how the Russian attack on the US 2016 in trump’s favour happened.

CrowdStrike linked both groups to "the Russian government's powerful and highly capable intelligence services." APT 29, suspected to be the FSB, had been on the DNC's network since at least summer 2015. APT 28, identified as Russia's military intelligence agency GRU, had breached the Democrats only in April 2016, and probably tipped off the investigation. CrowdStrike found no evidence of collaboration between the two intelligence agencies inside the DNC's networks, "or even an awareness of one by the other," the firm wrote.
It wasn't just one Russian intelligence agency that carried out the attack it was two. The FSB and GRU. And as soon as the Russian knew they had been detected they began dumping large amounts of the material they had illegally taken from the DNC.
The DNC knew that this wild claim would have to be backed up by solid evidence. A Post story wouldn't provide enough detail, so CrowdStrike had prepared a technical report to go online later that morning. The security firm carefully outlined some of the allegedly "superb" tradecraft of both intrusions: the Russian software implants were stealthy, they could sense locally-installed virus scanners and other defenses, the tools were customizable through encrypted configuration files, they were persistent, and the intruders used an elaborate command-and-control infrastructure. So the security firm claimed to have outed two intelligence operations. Then, the next day, the story exploded. On June 15 a Wordpress blog popped up out of nowhere. And, soon, a Twitter account, @GUCCIFER_2. The first post and tweet were clumsily titled: "DNC's servers hacked by a lone hacker." The message: that it was not hacked by Russian intelligence. The mysterious online persona claimed to have given "thousands of files and mails" to Wikileaks, while mocking the firm investigating the case: "I guess CrowdStrike customers should think twice about company's competence," the post said, adding "Fuck CrowdStrike!!!!!!!!!" Along with the abuse, the Guccifer 2.0 account started publishing stolen DNC documents on the Wordpress blog, on file sharing sites, and by giving "a few docs from many thousands" to at least two US publications, The Smoking Gun and Gawker. Mainstream media outlets quickly picked up the story and covered the Clinton campaign's opposition research on Trump in hundreds of news items that revealed pre-rehearsed arguments against the presumptive Republican nominee: that "Trump has no core"; that he is a "bad businessman;" and that he should be branded "misogynist in chief." Donor lists were leaked along with personal contact details and juicy dollar amounts.
And this links directly to Assange and Wikileaks.
The Guccifer 2.0 account also claimed that it had given an unknown number of documents containing "election programs, strategies, plans against Reps, financial reports, etc" to Wikileaks. Two days later, Wikileaks published a massive 88 gigabyte encrypted file as "insurance." This file, which Julian Assange could unlock by simply tweeting a key, is widely suspected to contain the DNC cache. On 13 July, almost a month after the hack became public, the intruders leaked selected files exclusively to The Hill, a Washington outlet for Congressional and political news, and then made the original files available later. Nine days later, on July 22, just after Trump was officially nominated and before the Democratic National Convention got under way, Wikileaks published more than 19,000 DNC emails with more than 8,000 attachments—"i sent them emails, i posted some files in my blog," Guccifer confirmed by DM, when asked if he shared all files with Julian Assange. Two days later, on July 24, Debbie Wasserman Schultz, chair of Democratic National Committee, announced her resignation—the extraordinary hack and leak had helped force out the head of one of America's political parties and threatened to disrupt Hillary Clinton's nominating convention. This tactic and its remarkable success is a game-changer: exfiltrating documents from political organisations is a legitimate form of intelligence work. The US and European countries do it as well. But digitally exfiltrating and then publishing possibly manipulated documents disguised as freewheeling hacktivism is crossing a big red line and setting a dangerous precedent: an authoritarian country directly yet covertly trying to sabotage an American election.

American sanctions against Russia over such an overt attack on its command and control infrastructure are of course treated with contempt by the government who obviously carried out the attack.

Russia said Monday that its “patience is running out" with the United States to return its diplomatic property seized as part of sanctions imposed over alleged interference in the 2016 presidential election campaign. A few weeks before his term ended, President Barack Obama closed two Russian compounds in New York and Maryland and expelled 35 diplomats.
It was an act of war, - cyber war - the Russians have gotten off very lightly.

Not only did the Russian government go after confidential DNC communications in the 2016 US General Election, Putin also went after the voter rolls in 21 US states.

The U.S. official in charge of protecting American elections from hacking says the Russians successfully penetrated the voter registration rolls of several U.S. states prior to the 2016 presidential election. In an exclusive interview with NBC News, Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, said she couldn't talk about classified information publicly, but in 2016, "We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated." Jeh Johnson, who was DHS secretary during the Russian intrusions, said, "2016 was a wake-up call and now it's incumbent upon states and the Feds to do something about it before our democracy is attacked again."
This was a coordinated, sophisticated and very hostile attack by the Putin government on the government of the US.

While the beat goes on,

Watch Rosenstein’s full announcement of the indictment of 13 Russians Washington Post Published on Feb 16, 2018 Deputy Attorney General Rod J. Rosenstein on Feb. 16 announced the indictment of 13 Russians linked to a troll farm as part of special counsel Robert S. Mueller III’s investigation into meddling in the 2016 election. Read the story: