Sign up to save your podcasts
Or
Share Episode 104: Mueller’s Cyber Eye on the Russian Guys also Reaper Drone Docs Stolen
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 104: Mueller’s Cyber Eye on the Russian Guys also Reaper Drone Docs Stolen
In this week’s episode of the podcast (#104): the Mueller indictment of 12 Russian GRU operatives for hacking the 2016 presidential election was a bombshell. It was also 30 pages long. We read it so you don’t have to and we’ll talk about the big take aways. Also: when researchers from Recorded Future saw an offer on a dark web marketplace for documentation describing the operation of the US Military’s classified Reaper Drone, they thought it must be a ruse. But they were wrong. We’ll talk with RF researcher Andrei Barysevich about how highly sensitive military drone documents fell into the hands of a low level cyber crook.
Cyber eye on the Russian guys
The release last week of the latest indictment (PDF) from the office of Special Counsel Robert Mueller was, quite simply, an earthquake in the already shaky political terrain in the United States. The indictment names and described the months long exploits of 12 Russian operatives – employees of Russia’s Main Intelligence Directorate of the General Staff (or “GRU”) – as they planned and carried out cyber attacks on U.S. targets including the presidential campaign of Democratic Party candidate Hillary Clinton, the Democratic National Committee (DNC), Democratic Congressional Campaign Committee (DCCC), state elections offices and even election equipment vendors.
Excepting the names of the Russian agents who carried out these predations, much of the information contained in the indictment is old news. We know about the spear phishing email sent to Clinton Campaign Chairman John Podesta in the guise of a Google security warning. We had read, as well, about the communications between what were believed to be Russian operatives and organizations like Wikileaks and shadowy social media accounts like Guccifer 2.0 and DCLeaks.
So what is new and important about the indictment? We read the whole thing so you wouldn’t have to. And here are three key takeaways that every information security pro should know.
On the Internet, Robert Mueller knows you’re a dog.
Anonymity was the original killer app of the Internet, as that Peter Steiner New Yorker cartoon from 1993 memorialized. But last week’s indictment makes clear that piercing the Internet’s veil of anonymity is hard, but not impossible. The biggest take-away from reading the 30 page, 11-count indictment is just how much Mr. Mueller and his team have reconstructed of that online campaign and the impressive amount of information they have on the individuals who carried it out.
The indictment rolls out not just identities, titles and roles, but tools, tactics, processes in minute detail. The indictment not only describes the roles the 12 named Russian operatives played in the conspiracy to disrupt the U.S. election, it provides accounts of specific actions they performed down to the exact day and time they performed them. One of the most impressive “reveals” comes in paragraph 41, in which Mueller’s team is able to link searches for English language phrases conducted on a Moscow-based server operated by the GRU during a 40 minute window on June 15, 2016 with the exact same phrases in a blog entry posted by “Guccifer 2.0” later that day. Wow!
Three words: Time. To. Detection.
It’s common for information security vendors these days to throw around nebulous terms like “threat intelligence,” “TTPs” and “time to detection.” It all ends up sounding like so much marketing gobbledygook. But if you read the Mueller indictment closely, you’ll realize that its anything but. The cyber failings of the Clinton campaign and the Democratic Party are well documented at this point: lackluster security, no use of strong second factors and a soporific incident response. And, “yes,” the Dems were being targeted by a nation state actor who was re...
View all episodes
By The Security Ledger
4.3
88 ratings
In this week’s episode of the podcast (#104): the Mueller indictment of 12 Russian GRU operatives for hacking the 2016 presidential election was a bombshell. It was also 30 pages long. We read it so you don’t have to and we’ll talk about the big take aways. Also: when researchers from Recorded Future saw an offer on a dark web marketplace for documentation describing the operation of the US Military’s classified Reaper Drone, they thought it must be a ruse. But they were wrong. We’ll talk with RF researcher Andrei Barysevich about how highly sensitive military drone documents fell into the hands of a low level cyber crook.
Cyber eye on the Russian guys
The release last week of the latest indictment (PDF) from the office of Special Counsel Robert Mueller was, quite simply, an earthquake in the already shaky political terrain in the United States. The indictment names and described the months long exploits of 12 Russian operatives – employees of Russia’s Main Intelligence Directorate of the General Staff (or “GRU”) – as they planned and carried out cyber attacks on U.S. targets including the presidential campaign of Democratic Party candidate Hillary Clinton, the Democratic National Committee (DNC), Democratic Congressional Campaign Committee (DCCC), state elections offices and even election equipment vendors.
Excepting the names of the Russian agents who carried out these predations, much of the information contained in the indictment is old news. We know about the spear phishing email sent to Clinton Campaign Chairman John Podesta in the guise of a Google security warning. We had read, as well, about the communications between what were believed to be Russian operatives and organizations like Wikileaks and shadowy social media accounts like Guccifer 2.0 and DCLeaks.
So what is new and important about the indictment? We read the whole thing so you wouldn’t have to. And here are three key takeaways that every information security pro should know.
On the Internet, Robert Mueller knows you’re a dog.
Anonymity was the original killer app of the Internet, as that Peter Steiner New Yorker cartoon from 1993 memorialized. But last week’s indictment makes clear that piercing the Internet’s veil of anonymity is hard, but not impossible. The biggest take-away from reading the 30 page, 11-count indictment is just how much Mr. Mueller and his team have reconstructed of that online campaign and the impressive amount of information they have on the individuals who carried it out.
The indictment rolls out not just identities, titles and roles, but tools, tactics, processes in minute detail. The indictment not only describes the roles the 12 named Russian operatives played in the conspiracy to disrupt the U.S. election, it provides accounts of specific actions they performed down to the exact day and time they performed them. One of the most impressive “reveals” comes in paragraph 41, in which Mueller’s team is able to link searches for English language phrases conducted on a Moscow-based server operated by the GRU during a 40 minute window on June 15, 2016 with the exact same phrases in a blog entry posted by “Guccifer 2.0” later that day. Wow!
Three words: Time. To. Detection.
It’s common for information security vendors these days to throw around nebulous terms like “threat intelligence,” “TTPs” and “time to detection.” It all ends up sounding like so much marketing gobbledygook. But if you read the Mueller indictment closely, you’ll realize that its anything but. The cyber failings of the Clinton campaign and the Democratic Party are well documented at this point: lackluster security, no use of strong second factors and a soporific incident response. And, “yes,” the Dems were being targeted by a nation state actor who was re...