Cyberwarfare and Defense

Subterms

    Latest story

    150 Shares169 Views

    Iran Hackers Sought to Send Stolen Trump Campaign Information to Biden Camp

    by

    The emails were part of a sweeping effort by Iran to steal and disseminate sensitive internal communications between aides working for former President Donald J. Trump.Iranian hackers seeking to influence the 2024 election sent excerpts from pilfered Trump campaign documents to people associated with President Biden’s re-election campaign this summer, but the recipients did not respond, law enforcement officials said on Wednesday.The emails, sent in late June and early July, were part of a sweeping effort by Iran to steal and disseminate sensitive internal communications between aides working for former President Donald J. Trump after it gained access to the email accounts of a longtime political adviser, Roger J. Stone.“Iranian malicious cyberactors” sent unsolicited emails that contained “an excerpt taken from stolen, nonpublic material from former President Trump’s campaign,” officials at the Office of the Director of National Intelligence, the F.B.I. and the Cybersecurity and Infrastructure Security Agency wrote in a joint statement.The intended recipients, who were not identified in the statement, did not appear to have replied. Even as federal officials have suggested that the hackers also targeted the Biden and Harris campaigns, they believe that the emails including the stolen Trump material were sent to be disseminated to his political enemies.“This is further proof the Iranians are actively interfering in the election to help Kamala Harris and Joe Biden because they know President Trump will restore his tough sanctions and stand against their reign of terror,” said Karoline Leavitt, a spokeswoman for the Trump campaign.A spokeswoman for the Harris campaign, Morgan Finkelstein, noted that a few people were “targeted on their personal emails with what looked like a spam or phishing attempt,” though she added that she was not aware that any material had been sent to campaign accounts.“We have cooperated with the appropriate law enforcement authorities since we were made aware that individuals associated with the then-Biden campaign were among the intended victims of this foreign influence operation,” she added.The Justice Department’s national security division has been investigating the Stone attack and could charge some of those responsible as early as this week, according to several officials familiar with the situation.In a speech last week, the senior Justice Department official responsible for investigating overseas election interference and the head of the department’s national security division, Matthew G. Olsen, accused Russia of seeking to undermine Mr. Biden and Vice President Kamala Harris to bolster Mr. Trump’s re-election chances.He also cited Iran’s recent hacking of the Trump campaign as evidence that some adversaries were also seeking to damage Mr. Trump’s chances of victory.In August, the Justice Department indicted a Pakistani citizen with ties to Iran for plotting assassination attempts against top political figures, including the former president. More

    More stories

    • 113 Shares149 Views

      in Elections

      Trump Dislikes Ukraine for the Most MAGA of Reasons

      by

      It’s certainly understandable that many millions of Americans have focused on Springfield, Ohio, after the debate between Donald Trump and Kamala Harris. When Trump repeated the ridiculous rumor that Haitian immigrants in Springfield were killing and eating household pets, he not only highlighted once again his own vulnerability to conspiracy theories, it put the immigrant community in Springfield in serious danger. Bomb threats have forced two consecutive days of school closings and some Haitian immigrants are now “scared for their lives.”That’s dreadful. It’s inexcusable. But it’s not Trump’s only terrible moment in the debate. Most notably, he refused to say — in the face of repeated questions — that he wanted Ukraine to win its war with Russia. Trump emphasized ending the war over winning the war, a position that can seem reasonable, right until you realize that attempting to force peace at this stage of the conflict would almost certainly cement a Russian triumph. Russia would hold an immense amount of Ukrainian territory and Putin would rightly believe he bested both Ukraine and the United States. He would have rolled the “iron dice” of war and he would have won.There is no scenario in which a Russian triumph is in America’s best interest. A Russian victory would not only expand Russia’s sphere of influence, it would represent a human rights catastrophe (Russia has engaged in war crimes against Ukraine’s civilian population since the beginning of the war) and threaten the extinction of Ukrainian national identity. It would reset the global balance of power.In addition, a Russian victory would make World War III more, not less, likely. It would teach Vladimir Putin that aggression pays, that the West’s will is weak and that military conquest is preferable to diplomatic engagement. China would learn a similar lesson as it peers across the strait at Taiwan.If Vladimir Putin is stopped now — while Ukraine and the West are imposing immense costs in Russian men and matériel — it will send the opposite message, making it far more likely that the invasion of Ukraine is Putin’s last war, not merely his latest.But that’s not how Trump thinks about Ukraine. He exhibits deep bitterness toward the country, and it was that bitterness that helped expose how dangerous he was well before the Big Lie and Jan. 6.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 150 Shares159 Views

      in Elections

      Iran Is to Blame for Hacking Into Trump’s Campaign, Intelligence Officials Say

      by

      American intelligence agencies also confirmed that the effort extended to the Biden-Harris campaign, though that bid was unsuccessful.American intelligence agencies said on Monday that Iran was responsible for hacking into former President Donald J. Trump’s campaign and trying to breach the Biden-Harris campaign.The finding, which was widely expected, came days after a longtime Trump adviser, Roger J. Stone, revealed that his Hotmail and Gmail accounts had been compromised. That intrusion evidently allowed Iranian hackers to impersonate him and gain access to the emails of campaign aides.The announcement was the starkest indication to date that foreign intelligence organizations have mobilized to interfere in the 2024 election at a moment of heightened partisan polarization at home and escalating tensions abroad between Iran and Israel, along with its international allies, including the United States.“Iran seeks to stoke discord and undermine confidence in our democratic institutions,” intelligence officials wrote in a joint statement from the F.B.I., the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency.The Islamic Republic has “demonstrated a longstanding interest in exploiting societal tensions through various means,” the officials added.The joint statement provided no new details about the attacks, nor did it specify how the agencies knew Iran was responsible.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 150 Shares199 Views

      in Elections

      Trump Campaign Says It Was Hacked by Iranians, but Details Are Murky

      by

      For the third presidential election in a row, the foreign hacking of the campaigns has begun in earnest. But this time, it’s the Iranians, not the Russians, making the first significant move.On Friday, Microsoft released a report declaring that a hacking group run by the intelligence unit of Iran’s Islamic Revolutionary Guard Corps had successfully breached the account of a “former senior adviser” to a presidential campaign. From that account, Microsoft said, the group sent fake email messages, known as “spear phishing,” to “a high-ranking official of a presidential campaign” in an effort to break into the campaign’s own accounts and databases.By Saturday night, former President Donald J. Trump was declaring that Microsoft had informed his campaign “that one of our many websites was hacked by the Iranian Government — Never a nice thing to do!” but that the hackers had obtained only “publicly available information.” He attributed it all to what he called, in his signature selective capitalization, a “Weak and Ineffective” Biden administration.The facts were murkier, and it is unclear what, if anything, the Iranian group, which Microsoft called Mint Sandstorm, was able to achieve.Mr. Trump’s campaign was already blaming “foreign sources hostile to the United States” for a leak of internal documents that Politico reported on Saturday that it had received, though it is unclear whether those documents indeed emerged from the Iranian efforts or were part of an unrelated leak from inside the campaign.The New York Times received what appears to be a similar if not identical trove of data from an anonymous tipster purporting to be the same person who emailed the documents to Politico.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 113 Shares109 Views

      in Elections

      South Korea Reports Leak From a Top Intelligence Agency

      by

      It’s highly unusual for the nation’s authorities to publicly acknowledge a leak from the command​, which is one of South Korea’s top two spy agencies.South Korea was investigating a leak from its top military intelligence command​ that ​local news media said had caused a large amount of sensitive information, including personal data on the command’s agents abroad, to end up in North Korea, its military said Saturday.The military said in a brief statement that it planned to “deal sternly with” those responsible for the leak. But it declined to confirm the local media reports, pending its investigation of the Korea ​Defense Intelligence Command,​ where the leak took place.The command, a secretive arm of the South Korean military, specializes in gathering intelligence on North Korea, a heavily militarized country that often threatens ​its southern neighbor with nuclear weapons.It’s highly unusual for the South Korean authorities to publicly acknowledge a leak from the command​, which is one of South Korea’s top two spy agencies, along with the National Intelligence Service.The intelligence command runs a network of agents, including those disguised ​as South Korean diplomats or using other undercover identities, in China and other parts of Asia.The agents often spend years recruiting North Koreans overseas as their contacts. The information they collect augments the intelligence that the United States and its allies collect on North Korea through spy satellites or by intercepting electronic communications.If personal data about the agents ended up in North Korea, that could seriously damage South Korea’s ability to gather intelligence on the North.The last time a major breach of security was reported at the command was in 2018, when an active-duty military officer affiliated with the command was found to have sold classified information to foreign agents in China and Japan through a retired ​South Korean intelligence officer. The information he sold reportedly included data on the command’s agents in China or data on North Korean weaponry.North and South Korea run vigorous intelligence and counterintelligence operations against each other. South Korea still occasionally ​arrests people accused of spying for North Korea. In recent years, North Korea has also used an army of hackers to attack computer networks in the United States, South Korea and elsewhere to steal information or cryptocurrency.On Thursday, the United States, Britain and South Korea issued a joint advisory warning that North Korea​’s hackers have conducted a global cyber espionage campaign to steal classified military secrets to support​ its nuclear weapons program​.The U.S. Justice Department said ​on Thursday that a North Korean military intelligence operative had been indicted in​ a conspiracy to hack into American health care providers, NASA, U.S. military bases and international entities, stealing sensitive information and installing ransomware to fund more attacks​. A reward of up to $10 million has been offered for information that could lead to ​the arrest of the alleged North Korean operative, Rim Jong Hyok​. More

    • 100 Shares119 Views

      in Elections

      After CrowdStrike Causes Outage, Are U.S. Networks Safe?

      by

      With each cascade of digital disaster, new vulnerabilities emerge. The latest chaos wasn’t caused by an adversary, but it provided a road map of American vulnerabilities at a critical moment.In the worst-case scenarios that the Biden administration has quietly simulated over the past year or so, Russian hackers working on behalf of Vladimir V. Putin bring down hospital systems across the United States. In others, China’s military hackers trigger chaos, shutting down water systems and electric grids to distract Americans from an invasion of Taiwan.As it turned out, none of those grim situations caused Friday’s national digital meltdown. It was, by all appearances, purely human error — a few bad keystrokes that demonstrated the fragility of a vast set of interconnected networks in which one mistake can cause a cascade of unintended consequences. Since no one really understands what is connected to what, it is no surprise that such episodes keep happening, each incident just a few degrees different from the last.Among Washington’s cyberwarriors, the first reaction on Friday morning was relief that this wasn’t a nation-state attack. For two years now, the White House, the Pentagon and the nation’s cyberdefenders have been trying to come to terms with “Volt Typhoon,” a particularly elusive form of malware that China has put into American critical infrastructure. It is hard to find, even harder to evict from vital computer networks and designed to sow far greater fear and chaos than the country saw on Friday.Yet as the “blue screen of death” popped up from the operating rooms of Massachusetts General Hospital to the airline management systems that keep planes flying, America got another reminder of the halting progress of “cyber resilience.” It was a particularly bitter discovery then that a flawed update to a trusted tool in that effort — CrowdStrike’s software to find and neutralize cyberattacks — was the cause of the problem, not the savior.Only in recent years has the United States gotten serious about the problem. Government partnerships with private industry were put together to share lessons. The F.B.I. and the National Security Agency, along with the Cybersecurity and Infrastructure Security Agency at the Homeland Security Department, issue bulletins outlining vulnerabilities or blowing the whistle on hackers.President Biden even created a Cyber Safety Review Board that looks at major incidents. It is modeled on the National Transportation Safety Board, which reviews airplane and train accidents, among other disasters, and publishes “lessons learned.”We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 138 Shares169 Views

      in Elections

      The Aftermath of a U.K. Cyberattack: Blood Shortages and Delayed Operations

      by

      Several London hospitals, still reeling from a cyberattack last week, have made an urgent plea to medical students to help stem the disruption.Several London hospitals, still under significant strain more than a week after a cyberattack crippled services, have asked medical students to volunteer to help minimize disruption, as thousands of blood samples have had to be discarded and operations postponed.The ransomware attack on Synnovis, a private firm that analyzes blood tests, has crippled services at two major National Health Service hospital trusts, Guy’s and St. Thomas’ and King’s College, which described the situation as “critical.”According to a memo leaked in recent days, several London hospitals asked medical students to volunteer for 10- to 12-hour shifts. “We urgently need volunteers to step forward and support our pathology services,” said the message, which was reported earlier by the BBC. “The ripple effect of this extremely serious incident is felt across various hospital, community and mental health services in our region.”The attack also disrupted blood transfusions, and the N.H.S. appealed to the public this week for blood donors with O-negative blood types, which can be used in transfusions for any blood type, and O-positive blood types, which is the most frequently occurring blood type, saying it could not match patients’ blood at the same frequency as usual.While the N.H.S. has declined to comment on which group was suspected of carrying out the attack, Ciaran Martin, a former head of British cybersecurity, told the BBC last week that a Russian cybercriminal group known as Qilin was most likely the perpetrator. Synnovis said last week in a statement that it was working with the British government’s National Cyber Security Center to understand what had happened.Synnovis, in an email sent Monday to primary health providers, said that thousands of blood test samples would probably have to be destroyed because of the lack of connectivity to electronic health records. In a statement on Wednesday, Synnovis said that the I.T. system had been down for too long for samples taken last week to be processed.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 113 Shares179 Views

      in Elections

      A New Diplomatic Strategy Emerges as Artificial Intelligence Grows

      by

      The new U.S. approach to cyberthreats comes as early optimism about a “global internet” connecting the world has been shattered.American and Chinese diplomats plan to meet later this month to begin what amounts to the first, tentative arms control talks over the use of artificial intelligence.A year in the making, the talks in Geneva are an attempt to find some common ground on how A.I. will be used and in which situations it could be banned — for example, in the command and control of each country’s nuclear arsenals.The fact that Beijing agreed to the discussion at all was something of a surprise, since it has refused any discussion of limiting the size of nuclear arsenals themselves.But for the Biden administration, the conversation represents the first serious foray into a new realm of diplomacy, which Secretary of State Antony J. Blinken spoke about on Monday in a speech in San Francisco at the RSA Conference, Silicon Valley’s annual convention on both the technology and the politics of securing cyberspace.The Biden administration’s strategy goes beyond the rules of managing cyberconflict and focuses on American efforts to assure control over physical technologies like undersea cables, which connect countries, companies and individual users to cloud services.Yuri Gripas for The New York Times“It’s true that ‘move fast and break things’ is literally the exact opposite of what we try to do at the State Department,” Mr. Blinken told the thousands of cyberexperts, coders and entrepreneurs, a reference to the Silicon Valley mantra about technological disruption.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 138 Shares169 Views

      in Elections

      U.K. to Accuse China of Cyberattacks Targeting Voter Data and Lawmakers

      by

      The British government believes China has overseen two separate hacking campaigns, including one that yielded information from 40 million voters.The British government is expected to publicly link China to cyberattacks that compromised the voting records of tens of millions of people, another notable hardening of Britain’s stance toward China since its leaders heralded a “golden era” in British-Chinese relations nearly a decade ago.The deputy prime minister, Oliver Dowden, will make a statement about the matter in Parliament on Monday afternoon, and is expected to announce sanctions against state-affiliated individuals and entities implicated in the attacks.The government disclosed the attack on the Electoral Commission last year but did not identify those behind it. It is believed to have begun in 2021 and lasted several months, with the personal details of 40 million voters being hacked.The Electoral Commission, which oversees elections in the United Kingdom, said that the names and addresses of anyone registered to vote in Britain and Northern Ireland between 2014 and 2022 had been accessed, as well as those of overseas voters.The commission previously said that the data contained in the electoral registers was limited and noted that much of it was already in the public domain. However, it added that it was possible the data “could be combined with other data in the public domain, such as that which individuals choose to share themselves, to infer patterns of behavior or to identify and profile individuals.”In addition to the infiltration of the Electoral Commission, Mr. Dowden is expected to confirm that the Chinese targeted several members of Parliament with a record of hawkish statements about China. They include Iain Duncan-Smith, a former leader of the Conservative Party; Tim Loughton, a former Conservative education minister; and Stewart McDonald, a member of the Scottish National Party.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More