BREAKING: A federal grand jury has charged six Russian hackers with launching the devastating NotPetya malware, hacking the 2018 Olympics and the Ukrainian power grid, targeting the 2017 French election, and several other campaigns.
Press conference starting soon.
We've known about all of these operations, but the indictment goes into detail about who did what and how.
Stand by for more.
This campaign represents the “most disruptive and most destructive series of attacks ever attributed to a single group,” says John Demers, head of DOJ's National Security Division, as press conference begins.
Demers says Russia's cyber M.O. is "causing unprecedented collateral damage to pursue small tactical advantages and fits of spite."
Referring to NotPetya, Demers says, “Rather than express remorse for the damage they inflicted against victims worldwide, the conspirators callously celebrated their success.”
Yes, the indictment says DOJ has evidence of the defendants celebrating. Now that's good intel.
Demers: "Today's allegations in their entirety provide a useful lens for evaluating Russia's offer two weeks ago for a reset in cyber relations between the Russia and the United States." I'll say!
The Russian hacker team, Unit 74455 of the GRU (aka "Sandworm"), was also involved in the 2016 U.S. election interference, per a Mueller indictment. (This indictment doesn't cover that already charged activity.)
Among NotPetya's many victims: Heritage Valley Health System in PA.
The attack compromised "two hospitals, 60 physician offices, and 18 community satellite facilities," according to the indictment.
U.S. Attorney Scott Brady says the shared democratic ideals of the targeted countries (U.S., U.K., France, Ukraine) mean that they're all top targets of Russia, which "will stop at nothing to destroy those ideals and instill a sense of instability in its adversaries."
How does DOJ have so much information about what the Russian defendants said and did?
Well, here's one hint: FBI Deputy Director David Bowdich just thanked Google, Cisco, Facebook, and Twitter for their investigative assistance.
FBI Pittsburgh SAC Michael Christman thanks agents at partner field offices, including Atlanta (expertise on Ukrainian blackouts and NotPetya) and Oklahoma City (expertise on GRU).
Q: Is there a significance to the timing of this announcement?
Demers: “Not particularly.” We announce when we reach the right point in our investigation.
For those following the news about today's charges, here's my initial story, but I just filed a big update that will have a lot more details, so stay tuned: politico.com/news/2020/10/1…
Also, if you're interested in NotPetya after reading about these charges, I highly recommend @a_greenberg's story about how the malware just crushed companies.
The Maersk stuff is just extraordinary. This was a real-world crisis.
This morning, a company called SecurityScorecard published a report on states' cyber postures.
It painted a grim picture, but several states told me it was wildly inaccurate. And while the company said it alerted states in advance, they say it didn't.
Missed this last night, but apparently U.S. Cyber Command was behind the recent temporary disruption in the massive Trickbot botnet, which officials worry could be used to lock up election offices with ransomware. washingtonpost.com/national-secur…
Microsoft has won a court order giving it control of domain names associated with the Trickbot ransomware. The company has disabled the servers that let the malware's operators infect new computers. blogs.microsoft.com/on-the-issues/…
Ransomware affecting election systems is one of U.S. officials' biggest concerns right now.
Microsoft execs told NYT that "they had carefully timed their operations to put Russian cybercriminals on their heels weeks before the election."
This extraordinary allegation fits with a pattern of Trump officials like AG Barr distorting the IC's findings about evergreen Chinese and Iranian propaganda to distract from Russia's aggressive election interference efforts.
The acting (and, per GAO, illegally appointed) deputy DHS secretary allegedly ordered a subordinate to water down a warning about white supremacist terrorism.
Why doesn't Ken Cuccinelli (allegedly) want the government to understand the threat of white supremacist terrorists?
O'Brien has been one of the most aggressively dishonest officials re: election interference, constantly pushing falsehood that China is the biggest threat.
The test lab, Pro V&V, used VVSG 1.1, which @EACgov approved in 2015. Experts call the security reqs in 1.1 laughably anemic. (VVSG 2 is in the works.)
@jhalderm said the report “illustrates why VVSG 1.1 certification is inadequate to establish the security of a voting system.”
.@mspecter, who co-wrote a report exposing serious vulns in Voatz's system, told me that Pro V&V's report "says little-to-nothing."
For one thing, it doesn't even address flaws that MIT & @trailofbits identified in their reports.
BREAKING: U.S. charges two Chinese hackers with breaching hundreds of companies, NGOs, & dissidents + trying to hack 3 U.S. firms researching coronavirus. The men sometimes worked in partnership with a Chinese MSS officer.
Since September 2009, the defendants have allegedly hacked into medical device makers, industrial engineering firms, gaming and education software firms, pharma companies, and defense contractors.
Victims in U.S., Australia, Germany, Japan, U.K., and 6 other countries.
The hackers tried to breach the networks of Maryland, Massachusetts and California firms researching coronavirus vaccines and treatments.