cloudy
Monday July 23rd, 2018 12:09AM

Cybersecurity firm: US Senate in Russian hackers' crosshairs

By The Associated Press
Related Articles
  Contact Editor

PARIS (AP) — The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said in a report Friday.

The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America's political elite.

"They're still very active — in making preparations at least — to influence public opinion again," said Feike Hacquebord, a security researcher at Trend Micro Inc. who authoered the report. "They are looking for information they might leak later."

The Senate Sergeant at Arms office, which is responsible for the upper house's security, declined to comment, but Nebraska Sen. Ben Sasse said it was time for U.S. Attorney General Jeff Sessions to return to Congress to say what action had been taken to help ensure lawmakers' digital safety.

"The Administration needs to take urgent action to ensure that our adversaries cannot undermine the framework of our political debates," he said in a statement.

Trend Micro based its report on the discovery of a clutch of suspicious-looking websites dressed up to look like the U.S. Senate's internal email system. The Tokyo-based firm then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which it dubs "Pawn Storm."

Trend Micro previously drew international attention when it used an identical technique to uncover a set of decoy websites apparently set up to harvest emails from the French presidential candidate Emmanuel Macron's campaign in April 2017 . The sites' discovery was followed two months later by a still-unexplained publication of private emails from several Macron staffers in the final days of the race.

Hacquebord said the rogue Senate sites — which were set up in June and September of 2017 — matched their French counterparts.

"That is exactly the way they attacked the Macron campaign in France," he said.

Attribution is extremely tricky in the world of cybersecurity, where hackers routinely use misdirection and red herrings to fool their adversaries. But Tend Micro, which has followed Fancy Bear for years, said there could be no doubt.

"We are 100 percent sure that it can attributed to the Pawn Storm group," said Rik Ferguson, one of the Hacquebord's colleagues.

Like many cybersecurity companies, Trend Micro refuses to speculate publicly on who is behind such groups, referring to Pawn Storm only as having "Russia-related interests." But the U.S. intelligence community alleges that Russia's military intelligence service pulls the hackers' strings and a months-long Associated Press investigation into the group, drawing on a vast database of targets supplied by the cybersecurity firm Secureworks, has determined that the group is closely attuned to the Kremlin's objectives.

If Fancy Bear has targeted the Senate over the past few months, it wouldn't be the first time. An AP analysis of Secureworks' list shows that several staffers there were targeted between 2015 and 2016.

Among them: Robert Zarate, now the foreign policy adviser to Florida Sen. Marco Rubio; Josh Holmes, a former chief of staff to Senate Majority Leader Mitch McConnell who now runs a Washington consultancy; and Jason Thielman, the chief of staff to Montana Sen. Steve Daines. A Congressional researcher specializing in national security issues was also targeted.

Fancy Bear's interests aren't limited to U.S. politics; the group also appears to have the Olympics in mind.

Trend Micro's report said the group had set up infrastructure aimed at collecting emails from a series of Olympic winter sports federations, including the International Ski Federation, the International Ice Hockey Federation, the International Bobsleigh & Skeleton Federation, the International Luge Federation and the International Biathlon Union.

The targeting of Olympic groups comes as relations between Russia and the International Olympic Committee are particularly fraught. Russian athletes are being forced to compete under a neutral flag in the upcoming Pyeongchang Olympics following an extraordinary doping scandal that has seen 43 athletes and several Russian officials banned for life. Amid speculation that Russia could retaliate by orchestrating the leak of prominent Olympic officials' emails, cybersecurity firms including McAfee and ThreatConnect have picked up on signs that state-backed hackers are making moves against winter sports staff and anti-doping officials.

On Wednesday, a group that has brazenly adopted the Fancy Bear nickname began publishing what appeared to be Olympics- and doping-related emails from between September 2016 and March 2017. The contents were largely unremarkable but their publication was covered extensively by Russian state media and some read the leak as a warning to Olympic officials not to press Moscow too hard over the doping scandal.

Whether any Senate emails could be published in such a way isn't clear. Previous warnings that German lawmakers' correspondence might be leaked by Fancy Bear ahead of last year's election there appear to have come to nothing.

On the other hand, the group has previously dumped at least one U.S. legislator's correspondence onto the web.

One of the targets on Secureworks' list was Colorado State Senator Andy Kerr, who said thousands of his emails were posted to an obscure section of the website DCLeaks — a web portal better known for publishing emails belonging to retired Gen. Colin Powell and various members of Hillary Clinton's campaign — in late 2016.

Kerr said he was still bewildered as to why he was targeted. He said that while he supported transparency, "there should be some process and some system to it.

"It shouldn't be up to a foreign government or some hacker to say what gets released and what shouldn't."

___

Associated Press writer James Ellingworth in Moscow contributed to this report.

___

Raphael Satter can be reached at: http://raphaelsatter.com

___

Online:

Trend Micro's report: https://goo.gl/ZpHJuJ

  • Associated Categories: Associated Press (AP), AP National News, AP Online National News, Top General short headlines, AP Online Headlines - Washington, AP Online Congress News, AP Elections, AP World News, AP Business, AP Elections - Campaigns, AP Technology News
© Copyright 2018 AccessWDUN.com
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
Trump denies he used vulgarity to describe African countries
President Donald Trump denies he used a vulgar expression to describe countries in Africa, tweeting, "This was not the language used."
8:04AM ( 9 minutes ago )
The Latest: EU presidency welcomes German political deal
The nation that holds the rotating European Union presidency has welcomed the tentative deal to form a grand coalition in Germany and says that Chancellor Angela Merkel would be the key player in all major upcoming decisions
8:01AM ( 13 minutes ago )
Africa startled by Trump's sudden and vulgar attention
Africa startled by Trump's sudden and vulgar attention; while governments hesitated at criticism, the continent's young population wasn't so shy
8:00AM ( 14 minutes ago )
Associated Press (AP)
The Latest: Trump defends immigration stance in tweet
President Donald Trump is calling a bipartisan immigration proposal "a big step backwards" and claiming that it would force the U.S. "to take large numbers of people from high crime countries which are doing badly."
7:24AM ( 50 minutes ago )
McSally launches Senate campaign in heated Arizona contest
Congresswoman Martha McSally launches Senate campaign in heated Arizona contest
7:01AM ( 1 hour ago )
Trump: No trip to London because of embassy choice
President Donald Trump says he canceled upcoming trip to London because he doesn't like the choice of new embassy
6:37AM ( 1 hour ago )
AP Online Headlines - Washington
House OKs spy program after conflicting Trump tweets
House votes to reauthorize a key foreign intelligence collection program after a confusing morning of Trump tweets
12:48AM ( 7 hours ago )
Trump: Why allow immigrants from 'shithole countries'?
President Donald Trump has questioned why the U.S. should permit more immigrants from "shithole countries."
12:09AM ( 8 hours ago )
The Latest: Trump renews push for wall in immigration deal
President Donald Trump is pushing for his proposed border wall again Thursday night, after rejecting a bipartisan proposal that he criticized in harsh terms
12:03AM ( 8 hours ago )
AP Online Congress News
Bid to oust judge in Stanford swimmer case moves forward
Voters are a big step closer to deciding whether to oust a California judge under fire for his handling of a sexual assault case involving a Stanford University swimmer
5:57PM ( 14 hours ago )
Majority of Egypt's lawmakers want president to run again
More than 500 of Egypt's 596 lawmakers have signed "recommendations" for President Abdel-Fattah el-Sissi to run for a second, four-year term in this year's elections
5:30PM ( 14 hours ago )
Groups record voting rights abuses against Native Americans
Native Americans are documenting voting rights abuses across the country in an effort to improve access to the polls
4:01PM ( 16 hours ago )
AP Elections
German leaders express confidence on forming new government
Chancellor Angela Merkel's conservatives and the center-left Social Democrats have taken a big step Friday toward forming a new German government
7:24AM ( 49 minutes ago )
JPMorgan Chase 4Q results fall 37 percent, due to tax charge
JPMorgan Chase's fourth quarter results fall 37 percent from a year ago, caused by one-time charge due to the recently passed Trump tax bill
7:19AM ( 55 minutes ago )
The Latest: Juncker welcomes movement on German coalition
The European Commission president has warmly welcomed the coalition agreement in Germany and indicated that after months of delay it would offer the bloc the spur to move faster in building cooperation
7:12AM ( 1 hour ago )
AP Business
Trump: 'Unlikely' he'd submit to a Russia probe interview
President Donald Trump is playing down the possibility that he'd give an interview to investigators looking into any coordination between his presidential campaign and Russia
12:30AM ( 1 day ago )
Joe Arpaio points to political traits he shares with Trump
Former Sheriff Joe Arpaio has pointed to the political qualities his shares with President Donald Trump a day after announcing his plans for a Senate campaign
12:11AM ( 1 day ago )
Author of Trump dossier had concerns about Russian blackmail
The former British spy who compiled a dossier of allegations about Donald Trump was worried about "whether a political candidate was being blackmailed."
7:51PM ( 2 days ago )
AP Elections - Campaigns
Trump denies he used vulgarity to describe African countries
President Donald Trump denies he used a vulgar expression to describe countries in Africa, tweeting, "This was not the language used."
8:04AM ( 9 minutes ago )
The Latest: EU presidency welcomes German political deal
The nation that holds the rotating European Union presidency has welcomed the tentative deal to form a grand coalition in Germany and says that Chancellor Angela Merkel would be the key player in all major upcoming decisions
8:01AM ( 13 minutes ago )
Africa startled by Trump's sudden and vulgar attention
Africa startled by Trump's sudden and vulgar attention; while governments hesitated at criticism, the continent's young population wasn't so shy
8:00AM ( 14 minutes ago )
The Latest: Trump denies he used vulgarity about Africa
President Donald Trump says "this was not the language used" after reports that he referred to "shithole" African nations in a meeting
7:50AM ( 24 minutes ago )
The Latest: France welcomes 'good news' from Germany
The French government is welcoming the "good news" from Germany, after German Chancellor Angela Merkel and Social Democratic leader Martin Schulz announced a preliminary agreement on a new coalition government.
7:40AM ( 34 minutes ago )