Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Democrats Government Privacy Security Software Windows

Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels (arstechnica.com) 190

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels

Comments Filter:
  • by Anonymous Coward on Saturday August 12, 2017 @09:04AM (#54997999)

    His name is Seth Rich. But you probably know him as Russia.

    All while the CNN fact-checks the president during Korean negotiations: "no, no, Trump lied, our nukes are actually old and weak, and not modernized as he claimed."

    • Re: (Score:3, Informative)

      by Rockoon ( 1252108 )
      This.

      it has been determined that the "hackers" downloaded the DNC emails at a rate of 22 MEGABYTES per second. This sort of connection isnt available across the atlantic, and isnt available from any ISP in the States.

      But such a connection IS available with a local area network, and further such a speed happens to coincide with the write speed of a large USB thumb drive.
      • >and isnt available from any ISP in the States. What? That only equates to 178 Mb/s; people with gigabit fiber like myself can easily push that without even using a 5th of the max bandwidth. However I do agree it was an inside leak from a USB drive. Too many other factors make sense. But to say no ISP offers that speed capability is purely false.
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        I'm supposed to believe that somewhere, there is a "time stamps in the metadata" entry listing the exact time of the start, and end, of the file transfer, allowing its speed to be calculated. A speed from which you're inferring it must have been an internal transfer because back in the dark ages of 2016 and 'delivery overheads', it could never have made it across the atlantic at 20 MB/sec?

        But that same log file entry doesn't contain anything useful like the destination IP address?

        I find this implausible. Th

      • by Kneo24 ( 688412 )
        One distinction that should be pointed out is that you are talking about upload speeds, not download speeds. People seem to forget that if you're downloading something, the other end is uploading it to you. Download speeds of that caliber do exist in the U.S.
        • by pushing-robot ( 1037830 ) on Saturday August 12, 2017 @11:25AM (#54998519)

          176Mbps isn't implausible for an upload speed, either. Residential synchronous 1GBps+ fiber lines are not uncommon in cities; surely a ritzy hotel hosting VIPs would have a decent pipe. And as you said, the person on the other end would only need a halfway decent download speed.

          176MBps is also not at all unreasonable for a cross-Atlantic connection, but hackers with any skill or resources would likely use a machine in the target country as a proxy for attacks, so it's not even relevant.

          In other words, the speed doesn't say anything. It's certainly no proof of an 'inside job' like the alt-right brigading is trying to message.

          • by Kneo24 ( 688412 )
            You bring up a point I hadn't considered. My first comment was just merely trying to reason out the validity of the claim off of a first impression and create some discussion. Verizon, for example, now has matching download and upload speeds for FIOS. I'm still used to thinking that ISP's cap their upload speeds at a tenth, or in some cases half, of the download speeds.
          • by Anonymous Coward

            Since reading comprehension does not appear to be your forte, or your are intentionally trying to distort, let me point out to you the report that I read a while ago by the forensic analyst didn't say "23MB/s therefore DNC inside leaker". It explained what programs could have been involved in constructing the initial archive. It's all evidence together that strongly points out that the initial copy came from inside.

            By pointing out 23MB/s is possible speed on the internet, focusing solely on that, and then i

      • by ceoyoyo ( 59147 )

        OMG 22 MB/s! Is this satire someone marked as insightful?

      • Determined by who? And how?

      • by Shaix ( 4995515 )
        Uh I'm in Taiwan and I can download AND upload from/to NY at over 45MB/sec... and that's over SSH using my home connection in Taiwan which is twice the distance of east coast to Europe... If you know what you're doing, it is totally doable...
      • by ebvwfbw ( 864834 )

        Normally you'd have a point. However these were political e-mails and politicians are 99% full of hot air. So the compression rate is great! They may have only had a ISDN connection to get 25 MB/sec throughput. If they hit a Linux file or something, then it would drop to the 64K.

        (It's funny, laugh)

      • Wrong. Multiple pathways via zombie army attack.
        next time, try repeating RATIONAL BULLSHIT
    • What I don't get about this whole "Russia" narrative is why the fuck the leftists can't provide any evidence or proof.

      It has been, what, almost 8 months since Trump was inaugurated. It has been about 10 months since he was elected. That's plenty of time for some real evidence to be presented.

      Yet all we get are questionable accusations from leftist talking heads.

      Where is the goddamn evidence?! Where is the goddamn proof?!

      More and more this is looking like a "Boy-who-thinks-he's-a-girl-and-surgically-alters-h

      • Do you really, really believe this "Russian Hacker" narrative? In which case your judgement on any and every other politically tinged story here is more than suspect. Or are you spreading this fake Russian news at the behest of a higher editorial dictate? I have slightly more respect for an unwitting pawn than I have for a fool. I think...
      • Here [g-2.space] is some pretty strong evidence that it was an inside leak. Much stronger than anything the IC ever provided pinning it on Russia.

      • by HiThere ( 15173 )

        There's evidence that it was a Russian hack, but there isn't proof. And there isn't proof that there wasn't a Russian hack. Why would you expect evidence of either?

        For that matter, saying it was internal corruption isn't proof that it wasn't masterminded by Russia. Or that it was. Why would you expect it to be?

        Most things aren't really determinable. Now ask yourself why it matters. Some things are known, like that Trump publicly asked the Russians to hack the Democrats, and that Russia took all reason

    • Lost our sense of humor about whether our democracy was hijacked?
  • Which is it??! (Score:5, Insightful)

    by Anonymous Coward on Saturday August 12, 2017 @09:10AM (#54998019)

    Headline: Russian Group that hacked the DNC...
    First Sentence: A Russian government-sponsored group accused of hacking the Democratic National Committee...

    Did they hack it, or are they accused of hacking it?

    • by Anonymous Coward

      There is zero evidence that there was a hack on the DNC. None. Nada. Zippo.

      Furthermore, the DNC has refused to allow access to their servers suggesting that there is a great deal of "politics" involved in the claim.

      And we know via Wikileaks' Podesta emails that the DNC had a leak problem.

      Additionally, Assange has said that the leaker was American, and suggested that it was an insider. He also strongly suggested that insider was Seth Rich -- the technical/systems director for the DNC. (Which would make sense

    • Re: (Score:1, Insightful)

      by Bartles ( 1198017 )

      They did not hack it [g-2.space] and yes they are accused of doing it. It's pretty conclusively an inside leak and a (inept) coverup blaming it on the Russians.

  • by Anonymous Coward on Saturday August 12, 2017 @09:12AM (#54998029)

    I'm not a Trump supporter, but this submission headline is really shitty and deceptive.

    Here's what it currently is, in case the editors do get off of their asses and fix it:

    Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels

    There's no "alleged" or "accused" or "thought to have" in there. It's stating that some vague, unnamed Russian group did engage in some sort of an attack. It's stating it as if it has been proven, when it hasn't been.

    But the first goddamn sentence of the summary contradicts that by at least indicating there's only an accusation so far [emphasis added]:

    A Russian government-sponsored group accused of hacking the Democratic National Committee last year has ...

    Fix this shit up, /. editors. It just gives fuel to the pro-Trump crowd when you make stupid and sloppy mistakes like this.

    • by Anonymous Coward

      This is the interweb. Driving clicks is what matters. Turn off the adblock and see what shit pops up on Slashdot - like that Taboola clickbait shit nonsense.

      Turn it back on and see the other ads that stick around.

      Our comments just fed into their business model, btw.

      Your ONLY recourse is just stop coming to this website.

      Actually, ALL websites that have this news aggregation commenting shit are garbage. It's a complete waste of time, does nothing to inform us, and the commenting is just folks shouting at ea

    • by Anonymous Coward

      Fun fact [dailymail.co.uk], not only is it not proven that Russia hacked the DNC. There isn't a SINGLE witness who has analysed the DNC hacked servers that is willing to say Russia did it while under oath.

      Thats right kiddies. Not only have they not shown proof, but they don't have a single expert willing to say it happened. I know you think the FBI and NSA are on it, but under oath Comey said the FBI did not look at DNC servers and only Crowdstrike did, and Crowdstrike is now unwilling to say Russia did it. When asked wh

    • If you want to see analysis and evidence that comes pretty close to proof that it was an internal leak, look here. [g-2.space]

    • Because the US media made the accusation in the first place while all evidence points in the other direction. There is no evidence the Russians were even involved much less that they run this particular hacker collective.

      The claim that an NSA exploit was used but the NSA exploit wasn't even released until earlier this year. So either the NSA aided and abetted the "Russians" or the story is just spin.

    • it's kinda like climate change. Yes, they are technically accused, just like climate change is technically a theory, in the sense that every expert in the field who isn't a paid shill agrees: they hacked the DNC and yes, our planet it getting warmer. So yes, a proper journalistic source wouldn't have run with a headline like that. But /. is a lot of things, and a proper source of journalism isn't one of them. That's why /. links articles instead of writing them.
  • by ka9dgx ( 72702 ) on Saturday August 12, 2017 @09:16AM (#54998045) Homepage Journal

    The NSA has known for decades that computing systems using a model of ambient authority are insecure. It is my theory that they have promoted this model to allow them to make their work easier. If the worlds computers managed resources in the same manner we manage money, electricity, or any other scarce resource, almost none of this would have happened, and Trillions would have been saved.

    • I don't see how any other authority system is better.

      How we handle money.......so you are saying have a double-entry bookkeeping system for file permissions?
      • by ka9dgx ( 72702 )

        If you're making a purchase, you could hand the person your wallet (along with your entire life savings), and hope they remove the right amount before handing it back.... or you could just hand them a suitable amount of cash... the amount you hand over is the maximum you could lose.

        In a similar fashion, capability based security never, ever, trusts a program to be honest and only touch the resources you wanted it to use. Instead of letting it have access to everything (ambient authority), you let it have

        • Cool, thanks. That's something I'm going to have to think about.

          I'm not entirely convinced (tentatively). It seems to some degree you are trying to sandbox something, but privilege escalation exploits are all over the place in OSes.
    • by Agripa ( 139780 )

      I have not seen any evidence of that however the NSA did control the IPSEC committee and took steps to make sure IPSEC in the form of ubiquitous opportunistic encryption would not be adopted.

  • A Russian government-sponsored group accused of hacking the Democratic National Committee last year

    You can just stop right there. I have been following the news coverage on everything to do with Russia and from what I have seen there is absolutely nothing worth mentioning regarding any connection between the Russians and the DNC or any other Democrat politician or candidate. The DNC was not hacked and what they did with torpedoing the Sanders campaign and colluding^W coordinating with the Clinton campaign during the debate run-ups was perfectly legitimate and in fact done in a spirit of patriotism.

    Now,

    • Here is Adam Carter's Evidence> [g-2.space]

      This is what actual evidence and analysis looks like. Unlike what was presented by the Intelligence Community. I'd like to see someone send a 2 gigabyte file archive from DC to Romania via VPN in 87 seconds, even today. Until I see proof that that's even possible, I'm going with Adam Carter.

  • by burtosis ( 1124179 ) on Saturday August 12, 2017 @09:40AM (#54998141)
    Lack of oversight and a complete inability to keep their own exploits out of the hands of criminals and foreign powers is the exact reason we should be shuttering the doors on this nonsense. Its far better for everyone in the long run to patch exploits instead of hoarding them and turning them into a tool to undermine the very safety and security of the nation they were "meant" to protect. This exact same issue applies to back doors on encryption or secure systems of any kind. No one will probably care until the entire economy crashes after a back door exploit leaks out on financial transactions.
  • https://www.thenation.com/arti... [thenation.com]

    Really this is all a cover up for the real scandal which is that the Hillary camp stole the nomination from Bernie. That act got the Bernie people to leak DNC emails which they had access to... and now the DNC is blaming the consequences of their own corruption on Russia... which has lead to sanctions on Russia and all sorts of diplomatic consequences. The impact of Russia or any hack on the election is at best dubious.

    Fact is that the Dems got split by a corrupt primary fol

    • Here is Adam Carter's evidence and analysis [g-2.space] that The Nation article is based on. It's pretty damned legit.

      • That's an amazing link you posted. Thank you very much for sharing it. Do you have any other sources that you'd recommend I look at on this issue or any other? Just an amazing link. Thank you again.

        • I'm not sure if you're being sincere or sarcastic. But yes, I can provide a link to forensicator's [wordpress.com] analysis, which was the other source that was used for the article. He deals mostly with the issue of transfer speeds and why it's doesn't appear to be possible to transmit as fast as the DNC did.

        • Sorry use this [wordpress.com] one.

    • inb4 "The Nation is part of the Vast Right-Wing Conspiracy" posts.

      • I would never impugn The Nation, though I don't have to agree with every contributor.

        Patrick Lawrence is the author of Somebody Else’s Century: East and West in a Post-Western World, Time No Longer: America After the American Century, and After Exceptionalism, and his columns for Salon and The Nation quite consistently praise the East and Russia and attack the West, Liberals, and "Imperialists" . From the initial reports of the DNC hack he's been putting out articles that it was an inside job and clai

    • Really this is all a cover up for the real scandal which is that the Hillary camp stole the nomination from Bernie.

      I don't know why the simple math of the nomination process befuddles so many people so greatly. Hillary won more states in the primaries and caucuses. That is how you win the nomination.

      Fact is that the Dems got split by a corrupt primary

      What was corrupt about it? People showed up and voted in the primaries and caucuses. Many precincts around the country had record high turnouts. Many states where the primaries and caucuses tend to not matter at all (due to being too late in the order) had competitive votes and did matter.

      Bernie did not get as man

      • There were a series of allegations by the Bernie campaign... one is information was being leaked by the DNC from the Bernie Campaign to Hillary. I could go get a list of these things if you want. There was a lot of shady shit about the Hillary campaign.

        Stuff in this for example:
        http://www.huffingtonpost.com/... [huffingtonpost.com]

        As to her qualifications, her popularity figures, ability to speak publicly, her charisma which is relevant to people wanting to win an election, etc... none of it was very good. But whatever... run h

        • There were a series of allegations by the Bernie campaign... one is information was being leaked by the DNC from the Bernie Campaign to Hillary

          That is all that there was ... allegations. People can level all the allegations they want. At the end of the day Hillary received more votes than Bernie and in so doing she earned the nomination. The primaries and caucuses are run by the individual precincts within the districts within the states. The DNC does not have a way to manipulate those results as they are counted by the precincts.

          Have you seen Bernie himself level any complaints against the process? No, because he understands how it work

          • Have you seen Bernie himself level any complaints against the process? No, because he understands how it works. He didn't get as many voters out to earn the nomination as she did. It doesn't matter if DNC leaders personally liked one candidate over another, they only get one vote.

            He did draw attention to the problem of superdelegates, most of which were lined up for Clinton before the primaries even started. Despite the media repeatedly being told not to report unpledged delegates in the totals they kept doing so anyway, and this made it look like Clinton had a greater lead than she actually did.

            • Have you seen Bernie himself level any complaints against the process? No, because he understands how it works. He didn't get as many voters out to earn the nomination as she did. It doesn't matter if DNC leaders personally liked one candidate over another, they only get one vote.

              He did draw attention to the problem of superdelegates

              The superdelegates ultimately made no difference in the nomination; if there were none at all Hillary still would have won the nomination. There is a definite argument for them being generally un-democratic but they did not change the outcome of the nominating process.

              Despite the media repeatedly being told not to report unpledged delegates in the totals they kept doing so anyway, and this made it look like Clinton had a greater lead than she actually did.

              I saw plenty of media outlets reporting both with and without the superdelegate totals. My state was moderately late in the process and the superdelegate numbers did not discourage any voters I knew from going to the caucus.

          • So your argument is that the republicans are trying to gerrrymander with Voter ID laws?...

            Integrity. Think about it.

            • I have no idea how you reached that conclusion by reading my comment.

              The GOP uses gerrymandering and voter restriction in parallel. The latter is what they sell under "voter ID" and "election integrity" mantras, though ultimately they have the same effect as they both aspire to disenfranchise voters and minimize - or complete cancel - the value of a single vote from people who would ordinarily not vote GOP. As we've seen time and time again when the popular vote is counted the GOP seldom wins, they have
              • So your argument is that only the GOP gerrymanders?

                You clearly didn't work on that integrity thing... tragic.

                • Can you provide a single example of democrat designed gerrymandering since the 2010 census? You can talk about historical examples prior but they are of little to no consequence for the current population of critters in congress.
  • Forensicator and Adam Carter have provided much stronger evidence and analysis that is was a leak from the inside and a coverup that tried to pin it on the Russians. Look here with an open mind> [g-2.space]

  • Isn't this headline extremely disingenuously now that there's been a report confirming it was an internal leak?
  • by dbreeze ( 228599 ) on Saturday August 12, 2017 @12:57PM (#54998921)

    Fake news. Somebody here is feeding an agenda, not searching for the truth.

  • The DNC has NEVER given its server over to anyone in our government to investigate. They have refused every request. So all we have is the moderate-confidence of a "private" company( CrowdStrike ), that the RUSSIANS did it. This whole Russian thing is a BULLSHIT distraction. But STUPID people think the Russians hacked/colluded our election just so we could find out that the DNC and Clinton(Foundation) are a bunch of crooks... Yeah, that makes sense. What makes sense, is that someone who worked for the DN
  • Alternatively:

    NSA Group That Hacked Hotels Used Russian Attack Code In Attack On DNC

    Did the NSA not have a tool that signs malware with the code of known groups as a way of implicating them and not the NSA? This tool simply existing calls into question pretty much any "hacker group did such and such". Unless that group claims responsibility, then we can't be really sure who did what.

  • I just have one single question for people who say the DNC has been hacked by Russians. If Russian hacking is the case, then why has the DNC absolutely refused, for over a year, to allow their servers to be examined by ANY law enforcement authority or even ANY authority beyond their own outside consultants? I mean, if Russia hacked our election and installed a manchurian candidate, and we should be removing this guy at 'all costs' -- why can't anyone obtain any evidence at all from the DNC hack? Can ANYON
  • For all those people that continue to use Windows, really how bad does it have to get before you finally switch to something better/more secure?

  • by PortHaven ( 242123 ) on Monday August 14, 2017 @09:27AM (#55007381) Homepage

    I am becoming less convinced that the work attributed to "Fancy Bear, APT 28" are in fact Russian. We've already exposed NSA/CIA as acting in disguise as foreign entities.

    The irony, is for all the talk of Russian interference. We have done the exact thing in Russia's elections and dozens of other nations. We're the biggest hypocrites. Lastly, the majority of hacking and election tampering was done by the DNC to impede Bernie Sanders and prevent him from winning the nomination.

The IBM purchase of ROLM gives new meaning to the term "twisted pair". -- Howard Anderson, "Yankee Group"

Working...