Bloomberg Reports 39 US States Were Hit By Russian Cyberattacks Before 2016 Election

HyTrust Cybersecurity News

In June of 2017, it’s kind of impossible to talk about hackers without talking about Russia.

Russian cyberattacks hit systems in 39 U.S. states in the months leading up to the 2016 election, insiders told Bloomberg News this week. Previous reports tallied just over half that many. Truth be told, it’s still unknown just how deep the infiltration goes.

Federal agents found digital fingerprints in the form of Internet Protocol (IP) addresses on Illinois computer banks, where the breach was first detected. The state gave the FBI and Department of Homeland Security almost total access to investigate its system after a contractor detected unauthorized data leaving the network last July.

Once Homeland Security had identified the IP addresses, it sent them around to all U.S. states, and 37 found traces of the hackers in their systems, Bloomberg learned. Plus, traces were found in systems run by private contractors managing critical election systems in Florida and California.

Up to 90,000 voter accounts were compromised in Illinois. Hackers had access to data for 15 million people in that state alone, from names and birth dates to driver’s licenses and partial Social Security numbers.

Furthermore, at least one campaign finance database was accessed. And, according to the NSA, just days before the election, hackers working for Russian military intelligence tried to take over 122 local election officials’ computers.

Data from other states is less complete, since states do not have to cooperate with the federal government on matters like this, and some have not.

Investigators reportedly found evidence of attempts to alter or delete voter data using software intended for poll workers on Election Day, but these efforts were not successful. Still, that could suggest that the hackers wanted more than just information. Insiders speculated this could have been a test for a potential disruptive attack.

It may have worked in America’s favor that its voting technologies are so decentralized and piecemeal. While the attacks may point to significant vulnerabilities in the voting system, officials surmised that the reason nothing got changed or removed was that the hackers couldn’t parse the patchwork voting systems across more than 7,000 local jurisdictions.

It also helped that state databases get their data from the counties, not vice versa, so targeting the state database would not have actually affected the election, except in the case of online voter registration applications, which are processed by the state first and then sent to counties for approval.

Still, the hackers didn’t have to change anything to have a profound effect. Their actions deeply undermined voter confidence in the election process, creating discord and chaos in the days leading up to and following the November 8, 2016 election.

Russian officials denied involvement but allowed that Russian criminals may have been involved without the government’s sanction. At this stage of the investigation, there are few who still believe that Russia’s hands are entirely clean in the matter.

The jury’s a little more hung on whether President Donald Trump or members of his campaign colluded on the attacks. Trump says it’s “fake news,” and so far, the evidence agrees. But there’s still a lot to discover, especially now that voting systems have officially been declared “national critical infrastructure,” giving the federal government broader powers to look into this matter.

Bloomberg has a handy FAQ on the Russian attacks and the American government’s potential involvement in them.

By way of response, the Department of Homeland Security has dispatched teams to reinforce cyber defenses, and some states have augmented those efforts by hiring their own private security companies. They’re probably better safe than sorry, because if FBI Director James Comey is right, this isn’t the last we’ve seen of Russian cyber-interference in America.

In Other News…

Experts are saying bitcoin might be to blame for the 3,500 percent increase in ransomware attacks between the fourth quarter of 2015 and the first quarter of 2016. Until bitcoin gained traction, hackers had to demand ransom be sent via Western Union. Those transactions were extremely easy to trace once authorities got involved.

Bitcoin lets hackers collect their ransom automatically and anonymously. Then they scramble it through bitcoin mixing services and pass it through multiple bitcoin wallets. Though all those transactions are logged in the blockchain register, it doesn’t take long for bitcoin ransoms to become so dispersed that they’re nearly impossible to trace.

A Bengaluru data scientist and bitcoin investor found two unauthorized transactions in his Unocoin account. Someone had hacked into his account and stolen around $1,870 worth of bitcoin. The hacker achieved this by requesting a password change and intercepting the one-time password sent to the investor’s Gmail account.

The hacker’s IP address points to a service called QuadraNet in Chicago, but it’s possible that the IP address had been masked by a proxy or VPN service. Unocoin is working with police to recover the money and, hopefully, catch the hacker.

Twelve models of remote-controlled video cameras from Shenzhen Foscam were announced to contain security flaws that could be leveraged in cyberattacks. Attackers could use the flaws to remotely take over cameras, live stream, download stored files or compromise other devices sharing a network with the camera, the company said, as well as enact distributed denial of service (DDoS) attacks.

Foscam said it is working on patching the security vulnerabilities, but until then, users are advised to disconnect their cameras from the internet.

Finally, the U.S. isn’t the only country under cyberattack. Al Jazeera, the pan-Arab satellite network and the major broadcaster for Qatar, fought off a large-scale cyberattack last Thursday (June 8). Qatar’s neighbors have launched a campaign to isolate the country diplomatically and economically due to alleged terrorist connections.

The FBI is once again pointing its fingers at Russia, though not the government this time. The investigation ended June 8 and concluded that freelance hackers were paid to send out fake messages from the Qatari government. Some are claiming that Saudi Arabia or the UAE may have commissioned the hackers, but so far there is no evidence to support this.