US ex­perts: Gas firm key to impeachmen­t hacked

Rus­sians blamed in email breach of Ukraine’s Burisma

Orlando Sentinel - - NATION & WORLD - BY FRANK BAJAK

BOS­TON — A U.S. cy­ber­se­cu­rity com­pany says Rus­sian mil­i­tary agents have suc­cess­fully hacked the Ukrainian gas com­pany at the cen­ter of the scan­dal that led to Pres­i­dent Donald Trump’s impeachmen­t.

Rus­sian agents launched a phish­ing cam­paign in early Novem­ber to steal the lo­gin cre­den­tials of em­ploy­ees of Burisma Hold­ings, the gas com­pany, ac­cord­ing to Area 1 Se­cu­rity, a Sil­i­con Val­ley com­pany that spe­cial­izes in email se­cu­rity.

Hunter Bi­den, son of for­mer vice pres­i­dent and Demo­cratic pres­i­den­tial hope­ful Joe Bi­den, pre­vi­ously served on Burisma’s board.

It was not clear what the hackers were look­ing for or may have ob­tained, said Area 1’s CEO, Oren Falkowitz, who called the find­ings “in­con­tro­vert­ible” and posted an eight-page re­port. The tim­ing of the op­er­a­tion raises the pos­si­bil­ity that Rus­sian agents could be search­ing for ma­te­rial dam­ag­ing to the Bi­dens or schem­ing to plant forged data and sow mis­in­for­ma­tion on­line.

The House of Rep­re­sen­ta­tives im­peached Trump in De­cem­ber for abus­ing the power of his of­fice by en­list­ing the Ukrainian govern­ment to in­ves­ti­gate Bi­den, a po­lit­i­cal ri­val, ahead of the 2020 elec­tion. A sec­ond charge ac­cused Trump of ob­struct­ing a con­gres­sional in­ves­ti­ga­tion into the mat­ter.

“Our re­port doesn’t make any claims as to what the in­tent of the hackers were, what they might have been look­ing for, what they are go­ing to do with their suc­cess. We just point out that this is a cam­paign that’s go­ing on,” said Falkowitz, a for­mer Na­tional Se­cu­rity Agency of­fen­sive hacker whose com­pany’s clients in­clude can­di­dates for U.S. fed­eral elected of­fices.

In an ear­lier in­ter­view, he said the cam­paigns of top can­di­dates for the U.S. pres­i­dency and House and Se­nate races in 2020 have in the past few months each been tar­geted by about a thou­sand phish­ing emails. Falkowitz did not name the can­di­dates. Nor would he name any of his com­pany’s clients.

Burisma did not re­spond to a re­quest for com­ment. A spokesman for Bi­den said in a state­ment that the in­ci­dent shows that not just Trump but also Rus­sian Pres­i­dent Vladimir Putin “sees Joe Bi­den as a threat.”

Some cy­ber­se­cu­rity ex­perts cau­tioned against blam­ing Rus­sian mil­i­tary agents with­out more ev­i­dence, how­ever, say­ing the re­port in­di­cates Area 1 investigat­ors didn’t have ac­cess to Burisma’s in­ter­nal logs and com­pro­mised email ac­counts in making the de­ter­mi­na­tion.

“That’s prob­lem­atic,” tweeted Thomas Rid of Johns Hop­kins. “Cau­tion ad­vised based on what we cur­rently know.”

And while many ex­perts said it’s a good bet the phish­ing amounts to a Krem­lin at­tempt to smear the Bi­dens, there are other pos­si­bil­i­ties.

Michael Con­nell, a for­mer Army in­tel­li­gence of­fi­cer and re­searcher at the govern­ment-funded Cen­ter for Naval Analy­ses, notes that Rus­sian agents have pre­vi­ously at­tacked en­er­gyre­lated com­puter sys­tems in other coun­tries, most no­tably Ger­many.

“The goal of the hackers was prob­a­bly in­for­ma­tion gath­er­ing, but it also likely in­cluded cre­at­ing back­doors to al­low fu­ture ac­cess (for in­tel or de­struc­tive cy­ber­at­tacks),” he wrote in an email.

Rus­sian hackers from the GRU, the same mil­i­tary unit that Area 1 said was be­hind the op­er­a­tion tar­get­ing Burisma, have been in­dicted on a charge of hack­ing emails from the Demo­cratic Na­tional Com­mit­tee and the chair­man of Hil­lary Clin­ton’s cam­paign dur­ing the 2016 pres­i­den­tial race.

Stolen emails were re­leased on­line at the time by Rus­sian agents and Wik­iLeaks in an ef­fort to fa­vor Trump, spe­cial coun­sel Robert Mueller de­ter­mined in his in­ves­ti­ga­tion.

Area 1 dis­cov­ered the phish­ing cam­paign by the Rus­sian mil­i­tary in­tel­li­gence unit on New Year’s Eve, said Falkowitz, who would not dis­cuss whom he no­ti­fied be­fore go­ing pub­lic or whether Burisma shared in­for­ma­tion with his com­pany. He said he fol­lowed the in­dus­try stan­dard process of re­spon­si­ble dis­clo­sure, which would in­clude no­ti­fy­ing Burisma.

Joan Dono­van, a Har­vard Univer­sity dis­in­for­ma­tion ex­pert, said one of the most dan­ger­ous pos­si­bil­i­ties would be data theft spiced with forg­eries — and sub­se­quently leaked. That re­port­edly hap­pened in 2017 when emails re­lated to the cam­paign of Pres­i­dent Emanuel Macron of France were stolen and pub­lished on­line — with some fakes in­cluded— just ahead of his elec­tion.

She called the Burisma in­ci­dent “tes­ta­ment to the fact that we have not paid enough at­ten­tion to email se­cu­rity” when the con­se­quences of a leak are so high for busi­nesses, politi­cians and jour­nal­ists in par­tic­u­lar.

“Email is un­for­tu­nately the way that we’ve come to do busi­ness but email has be­come a se­ri­ous, se­ri­ous vul­ner­a­bil­ity,” she said.

In phish­ing, an at­tacker uses a tar­geted email to lure a tar­get to a fake site that re­sem­bles a fa­mil­iar one. There, un­wit­ting vic­tims en­ter their user­names and pass­words, which the hackers then har­vest. Phished cre­den­tials al­low at­tack­ers both to ri­fle through a vic­tim’s stored email and mas­quer­ade as that per­son.

In the re­port, Falkowitz said the GRU agents used fake, look-alike do­mains that were de­signed to mimic the sites of real Burisma sub­sidiaries.

SEAN GALLUP/GETTY 2019

Hackers at­tacked Burisma Hold­ings, which owns this build­ing in Kyiv, Ukraine. Hunter Bi­den, son of pres­i­den­tial con­tender Joe Bi­den, pre­vi­ously served on Burisma’s board.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.