Russian hackers used US online infrastructure against itself

A man walks past the building of the Russian military intelligence service in Moscow, Russia, in this July 14, 2018 photo. (AP)
Updated 17 July 2018

Russian hackers used US online infrastructure against itself

  • The Russians are accused of exploiting their access to inexpensive, powerful servers worldwide
  • The hackers accessed DNC data in September 2016 by breaking into DNC computers hosted on the Amazon Web Services’ cloud

WASHINGTON: Exactly seven months before the 2016 presidential election, Russian government hackers made it onto a Democratic committee’s network.
One of their carefully crafted fraudulent emails had hit pay dirt, enticing an employee to click a link and enter her password.
That breach of the Democratic Congressional Campaign Committee was the first significant step in gaining access to the Democratic National Committee network.
To steal politically sensitive information, prosecutors say, the hackers exploited some of the United States’ own computer infrastructure against it, using servers they leased in Arizona and Illinois. The details were included in an indictment released Friday by special counsel Robert Mueller, who accused the GRU, Russia’s military intelligence agency, of taking part in a wide-ranging conspiracy to interfere in the 2016 presidential election. The companies operating the servers were not identified in the court papers.
The Russians are accused of exploiting their access to inexpensive, powerful servers worldwide — conveniently available for rental — that can be used to commit crimes with impunity. Reaching across oceans and into networks without borders can obfuscate their origins.
The indictment painstakingly reconstructs the hackers’ movements using web servers and a complex bitcoin financing operation.
Two Russian hacking units were charged with tasks, including the creation and management of a hacking tool called “X-agent” that was implanted onto computers. The software allowed them to monitor activity on computers by individuals, steal passwords and maintain access to hacked networks. It captured each keystroke on infected computers and took screenshots of activity displayed on computer screens, including an employee viewing the DCCC’s online banking information.
From April to June 2016, the hackers installed updated versions of their software on at least 10 Democratic computers. The software transmitted information from the infected computers to a GRU-leased server in Arizona, the indictment said. The hackers also created an overseas computer to act as a “middle server” to obscure the connection between the DCCC and the hackers’ Arizona-based server.
Once hackers gained access to the DCCC network, it searched one computer for terms that included “hillary,” “cruz,” and “trump” and copied select folders, including “Benghazi Investigations.”
In emails, the hackers embedded a link that purported to be a spreadsheet of Clinton’s favorability ratings, but instead it directed the computers to send its data to a GRU-created website.
Meanwhile, around the same time, the hackers broke into 33 DNC computers and installed their software on their network. Captured keystrokes and screenshots from the DCCC and DNC computers, including an employee viewing the DCCC’s banking information, were sent back to the Arizona server.
The Russian hackers used other software they developed called X-Tunnel to move stolen documents through encrypted channels to another computer the GRU leased in Illinois.
Despite the use of US-based servers, such vendors typically aren’t legally liable for criminal activities unless it can be proved in federal court that the operator was party to the criminal activity.
A 1996 federal statute protects Internet vendors from being held liable for how customers use their service, and except for a few exceptions, provides immunity to the providers. The law is considered a key part of the legal infrastructure of the Internet, preventing providers from being saddled with the behemoth task of monitoring activity on their servers.
“The fact that someone provided equipment and or connectivity that was used to engage in data theft is not going to be attributed to the vendor in that circumstance,” Eric Goldman, a professor of law and co-director of the High Tech Law Institute at Santa Clara University School of Law, said. A notable exception, however, is if federal prosecutors are bringing a criminal charge for violations of a federal criminal law.
In that case, “we’re going to require a high level of knowledge of their activity or intent,” Goldman said.
When the DNC and DCCC became aware they had been hacked, they hired a cybersecurity firm, Crowdstrike, to determine the extent of the intrusions. Crowdstrike, referred to as “Company 1” in the indictment, took steps to kick the hackers off the networks around June 2016. But for months the Russians eluded their investigators and a version of the malware remained on the network through October — programed to communicate back to a GRU-registered Internet address.
“We do not have any information to suggest that it successfully communicated,” said Adrienne Watson, the DNC’s deputy communications director.
As the company worked to kick them off, GRU officials allegedly searched online for information on Company 1 and what it had reported about its use of X-Agent malware and tried to delete their traces on the DCCC network by using commercial software known as CCleaner. Though Crowdstrike disabled X-agent on the DCCC network, the hackers spent seven hours unsuccessfully trying to connect to their malware and tried using previously stolen credentials to access the network on June 20, 2016.
The indictment also shows the reliance of Russian government hackers on American technology companies such as Twitter, to spread its stolen documents.
The hackers also accessed DNC data in September 2016 by breaking into DNC computers hosted on the Amazon Web Services’ cloud. The hackers used Amazon Web Services’ backup feature to create “snapshots” that they moved onto their own Amazon cloud accounts. Amazon also provides cloud computing services for various government agencies, including the Central Intelligence Agency.


Indians demonstrate against ‘divisive’ citizenship bill

Updated 11 December 2019

Indians demonstrate against ‘divisive’ citizenship bill

  • The bill, which goes to the upper house on Wednesday, would ensure citizenship for Hindus, Sikhs, Parsis and Buddhists from Bangladesh, Pakistan and Afghanistan, but exclude Muslims

NEW DELHI: Protests erupted across various parts of India on Tuesday, a day after the lower house of Parliament passed the controversial Citizenship Amendment Bill (CAB) which makes religion the basis for granting Indian citizenship to minorities from neighboring countries. 

The bill, which goes to the upper house on Wednesday, would ensure citizenship for Hindus, Sikhs, Parsis and Buddhists from Bangladesh, Pakistan and Afghanistan, but exclude Muslims.

“After the CAB, we are going to bring in the National Register of Citizens (NRC),” Home Minister Amit Shah said after the passage of the bill. 

The fear among a large section of Indians is that by bringing in the CAB and the NRC — a process to identify illegal immigrants — the ruling Bharatiya Janata Party (BJP) is trying to target Muslim minorities. 

They insist that the new bill protects all other communities except Muslims, who constitute around 14 percent of India’s total population.

The opposition Congress Party said that the bill was a move to “destroy the foundation” of India.

“The CAB is an attack on the Indian constitution. Anyone who supports it is attacking and attempting to destroy the foundation of our nation,” party leader Rahul Gandhi posted in a tweet.

Priyanka Gandhi, Rahul’s sister and a prominent opposition leader, called the bill “India’s tryst with bigotry.”

However, BJP spokesperson Sudesh Verma said: “The opposition is communalizing the bill. 

The CAB saves minorities who owe their origin to India from being prosecuted on grounds of religious status. The same is not the case with Muslims since they have not been prosecuted because of their religion.”

Eight northeastern states observed a day-long strike against the CAB. 

“Once the bill is implemented, the native tribal people will become permanent minorities in their own state,” Animesh Debbarma, a tribal leader who organized the strike in the state of Tripura said.

“The bill is against our fundamental rights and it is an attack on our constitution and secularism,” he told Arab News.

In Assam, some places saw violence with a vehicle belonging to the BJP state president vandalized.

In New Delhi, different civil society groups and individuals gathered close to the Indian Parliament and expressed their outrage at the “open and blatant attack” on what they called the “idea” of India.

“The CAB is not only against Muslim minorities but against all the minorities — be it Tamils or Nepali Gurkhas — and is a blatant attempt to polarize the society in the name of religion and turn India into a majoritarian Hindu state,” Nadeem Khan, head of United Against Hate, a campaign to connect people from different faiths, said.

Rallies and protests were also organized in Pune, Ahmadabad, Allahabad, Patna and Lucknow.

On Tuesday, more than 600 academics, activists, lawyers and writers called the bill “divisive, discriminatory, unconstitutional” in an open letter, and urged the government to withdraw the proposed law.

They said that the CAB, along with the NRC, “will bring untold suffering to people across the country. It will damage fundamentally and irreparably, the nature of the Indian republic.”

Delhi-based activist and a prominent human rights campaigner, Harsh Mander, said: “I feel the CAB is the most dangerous bill that has ever been brought by the Indian Parliament. We need a mass civil disobedience movement to oppose this legislation.”

Meanwhile, the international community is also watching the domestic debate on the CAB. 

Describing the initiative as a “dangerous turn in the wrong direction,”  a federal US commission on international religious freedom has sought US sanctions against Shah and other Indian leaders if the bill with the “religious criterion” is passed.

EU ambassador to India, Ugo Astuto, in a press conference in New Delhi on Monday said that he hopes: “The spirit of equality enshrined in the Indian constitution will be upheld by the Parliament.”