Of the NSA & Russian Election Hacks

Well, here is the NSA document that Reality Winner sent off to The Intercept.  A locally cached copied is here.  sacrificed her job and freedom for.  The document details a successful Russian hack back in in August of 2016.  Russia’s military intelligence agency, GRU, attacked a voter roll software company called VR Systems.  The information stolen from the company’s network was then used to launch targeted spear-phishing attacks against 122 local election officials on October 27.  And that’s it.  We don’t know what happened since.  It doesn’t seem to be a document worth sacrificing one’s career or freedom over.

Furthermore, this is but one document.  We don’t know what other Russian hacks were thwarted.  We certainly don’t know what other Russian hacks were successful during this campaign.  The funny thing about the document is the typical CYA, over-classification of information.  In this redacted version, there’s not much in there, except the source/entity names, that should be classified.  The distribution of Five Eyes (US, Canada, UK, Australia, New Zealand) seems a little over-restrictive.  France had the next big election after ours; this might have been of some use to them.

I’m curious as to whether DHS provided the malicious file checksum hashes to any antivirus manufacturers. It does seem to be in America’s best interest that US AntiMalware companies be advised of this information. I’ve sent off an Email to DHS for comment and will advise when/if I get a response.

The best part of the document is the color illustration on the last page.  This depicts the successful use of “Man-In-The-Middle” (MITM) attacks against 2-Factor Authentication (2FA).  Sadly, every company that uses Two-Factor or Multi-Factor Authentication MUST train users on how to detect MITM attacks.  This is something good that everybody should be able to take away from this document.

Don’t let 2FA/MFA schemes become useless buzzwords.