Author: Sean Gallagher

Enlarge / Hillary Clinton's campaign acknowledged systems used by the campaign, hosted at the DNC, had been hacked, allegedly by a group tied to Russian intelligence agencies. (credit: Clinton campaign.)

An analytical system hosted by the Democratic National Committee and used by Hillary Clinton's presidential campaign team was accessed by hackers. In a statement issued by the Clinton campaign, a spokesperson said that a network intrusion had exposed data on the system maintained by the DNC, but that the campaign organizations's own systems did not appear to have been breached. No financial or personal identifying data other than voter information was stored on the analytical system.

In a separate statement, a spokesperson for the Democratic Congressional Campaign Committee acknowledged that its network and systems had been hacked. Upon discovering the breach, "we immediately took action and engaged with CrowdStrike, a leading forensic investigator, to assist us in addressing the incident," said Meredith Kelly, a spokeswoman for the DCCC.

The New York Times cited information from an unnamed federal law enforcement official that both the breach of the Clinton campaign system hosted at DNC and the DCCC hack—which redirected would-be donors to a lookalike site that collected their personal data—were executed by groups of hackers affiliated with Russia's intelligence services. Both the DNC and DCCC attacks were attributed to the group behind the "Fancy Bear" family of malware and intrusions, which the official identified as being tied to the Russian military intelligence agency known as Glavnoye Razvedyvatel'noye Upravleniye (GRU), or Main Intelligence Directorate. "It's the same adversary," the official told the Times.

This page redirected some would-be donors to a fake website controlled by hackers, Reuters reports. (credit: Democratic Congressional Campaign Committee)

Yet another cyber-attack has targeted a Democratic Party organization—or more specifically, the party's donors. Reuters reports that the FBI is investigating a breach of the systems of the Democratic Congressional Campaign Committee. While the details of the alleged intrusion were not revealed, visitors to the DCCC's site were apparently redirected to a malicious lookalike website mimicking the DCCC contribution page.

Visitors to the DCCC page who clicked a link to donate were directed to a look-alike domain name registered in June instead of the site of a donation processing contractor. The IP address of the fake site "resembled one used by Russian government-linked hackers suspected in the breach of the DNC," Reuters' Joseph Menn, Dustin Volz, and Mark Hosenball reported. Data collected included donor's contact information, e-mail addresses, and possibly credit card information.

It is not clear whether the attackers were after financial information for credit card fraud, or if they were collecting personal data for use in directed attacks against donors. But the attack's timing—or at least the registration of the domain used in the attack—matches up with the recent discovery of a Democratic National Committee breach. The DCCC shares office space with the DNC in Washington.

An attendee at the first day of the Democratic National Convention protests the DNC's treatment of Bernie Sanders, as hinted at by e-mails exposed by an alleged Russian hack. (credit: Chip Somodevilla , Getty News Images)

The well-timed leak of e-mails from the Democratic National Committee, following a long-running breach of the DNC's network, is a masterful piece of information warfare. The leak may only be the beginning of an effort to shape the US presidential election, or it may be a backup plan triggered by the exposure of the long-running breach. But the hacking of the DNC and the direct targeting of Hillary Clinton are only parts of a much larger operation by Russia-based hackers who have breached a number of US government networks.

Evidence collected by the security firm CrowdStrike and forensic work by Fidelis point to the breach being caused by two "threat groups" associated with Russian intelligence organizations. A pair of reports published in June by SecureWorks suggests that the same threat groups conducted phishing campaigns against the e-mail addresses of the DNC. The same attackers targeted the addresses of Clinton campaign staffers, political consultants, journalists, and current and former members of the military, among others.

At a minimum, this suggests that the DNC breach was part of a larger intelligence collection operation. The leaked data from the DNC breach, however, may have been intended to create chaos and uncertainty around the election. But why would the Russian government open that can of worms? It's possible that this fits into a larger Russian strategy aimed at splintering NATO and countering what Russia has seen over the past decade as encroachment by the West on Russia's national interests.

It may not be all about the tables anymore, but the DBA role is still essential—even if the person doing it doesn't have the title. (credit: Michael Mandiberg)

For those of us who have been in the information technology realm for too long, the title "database administrator" conjures up very specific images. We picture someone pulling hair out over issues with backups or snapshots not happening, schemas growing out of control, capacity plans blown up by new application demands, sluggish queries, and eternal performance tuning.

That old-school role of the DBA still exists in some places, particularly large enterprises where giant database clusters still rule the data center. But virtualization, cloud data storage, micro-services, the "DevOps" approach to building and running applications, and a number of other factors have significantly changed how organizations store and manage their data. Many of the traditional roles of the DBA seem to be moot in the shiny, happy world promised by the new generation of databases.

"NoSQL" databases don't require a pre-defined schema, and many have replication built in by default. Provisioning new servers can be reduced to clicking a few radio buttons and check boxes on a webpage. Development teams just point at a cloud data store such as Amazon Web Services' Simple Storage Service (S3) and roll. And even relational database vendors such as Oracle, Microsoft, and IBM are pushing customers toward data-as-a-service (DaaS) models that drastically simplify considerations about hardware and availability.

Facebook's Aquila drone takes off from its launch dolly. (credit: Facebook)

Facebook's Connectivity Lab announced today that the company has for the first time test-flown a full-scale version of Aquila, the solar-powered high-altitude drone that Facebook hopes to use to deliver Internet connectivity to the remotest populated corners of the Earth. The test flight took place June 28 but was only announced today by Facebook.

The low-altitude test flight was originally intended only as a 30-minute “functional check” flight. "It was so successful that we ended up flying Aquila for more than 90 minutes—three times longer than originally planned," wrote Jay Parikh, Facebook's vice president of infrastructure engineering, in a post to Facebook's Newsroom blog published today.

The initial test goals were simply to ensure that the huge Aquila drone—with a wingspan comparable to a Boeing 737 and mass more like an automobile—could even get airborne. To minimize its weight, Aquila doesn't have "traditional landing gear," according to Martin Gomez and Andy Cox of the Aquila team. "We attached the airplane to a dolly structure using four straps, then accelerated the dolly to takeoff speed. Once the autopilot sensed that the plane had reached the right speed, the straps were cut simultaneously by pyrotechnic cable cutters known as 'squibs.'"

(credit: JaviDex)

If you've visited the do-it-yourself project site of Dunlop Adhesives, the official tourism site for Guatemala, or a number of other legitimate (or in some cases, marginally legitimate) websites, you may have gotten more than the information you were looking for. These sites are redirecting visitors to a malicious website that attempts to install CryptXXX—a strain of cryptographic ransomware first discovered in April.

The sites were most likely exploited by a botnet called SoakSoak or a similar automated attack looking for vulnerable WordPress plugins and other unpatched content management tools, according to a report from researchers at the endpoint security software vendor Invincea. SoakSoak, named for the Russian domain it originally launched from, has been around for some time and has exploited thousands of websites. In December of 2014, Google was forced to blacklist over 11,000 domains in a single day after the botnet compromised their associated websites by going after the WordPress RevSlider plugin.

In this recent wave of compromises, SoakSoak planted code that redirects visitors to a website hosting the Neutrino Exploit Kit, a "commercial" malware dropping Web tool sold through underground marketplaces. The latest string of compromises appears to have begun in May. But since then, both the malware kit and the ransomware have been upgraded. The latest version of the exploit kit attempts to evade security software or virtual machines.

A failed coup attempt in Turkey, which began during the evening of July 15, was apparently coordinated using the WhatsApp mobile messaging service, according to reports from Turkish media. And among the apparent plotters was a Turkish Army colonel who was considered an expert in cyber-operations. Ahmet Zeki Gerehan, a Turkish infantry officer, was head of the operation and intelligence department at the Turkish Army War College and co-author of a number of articles on cyber-warfare.

According to video reports, officers involved in the coup gave moment-by-moment status reports in a WhatsApp group chat entitled "We are a country of peace" ("yurta suhl b iziz"), as the faction moved to shut down the bridge over the Bosporus connecting the Istanbul region to the rest of Turkey and conceal their operations from official communications channels.

Darbecilerin WhatsApp görüşmeleri deşifre edildi pic.twitter.com/9ShCgbm3nf

— ÇAPAMAG (@CAPAMAG) July 16, 2016

Gerehan was highly aware of how effective using technology like WhatsApp could be against a centralized command-and-control system. One of the papers he co-authored was presented in 2015 with one of his students at the Turkish Army War College during the Journal of National Security and Military Science's International Leadership Symposium entitled Security and the Environment of Future Military Operations. Speaking of the hybrid nature of conflicts in the 21st Century, he wrote, "Cyber Warfare might be the decisive factor in future wars."

Hillary Clinton, former secretary of state and presumptive Democratic nominee for the presidency, is facing a massive backlash after an FBI investigation found her to have been "extremely careless" in the handling of classified information. The scandal surrounding her use of a private e-mail server has only grown since the Justice Department's decision not to pursue criminal charges. Polls show that a majority of Americans believe she should have been indicted, and more recent polls place Clinton in a dead heat with the presumptive Republican nominee Donald Trump. Clinton led by a significant margin just weeks ago.

Regardless of the political games being played, the facts of Clinton's use of a private e-mail server and the related potential exposure of Top Secret information—including the names of covert intelligence personnel overseas and at home—are worth knowing and nailing down. At the core, these details raise a much broader question surrounding how national secrets are kept and shared and how broken the information infrastructure of the United States government really is.

In order to have an intelligent conversation about Clinton’s e-mails, here is a technical analysis of the evidence as it has been presented (think of it like a print version of Congressional hearings, minus screaming, finger-pointing, and grandstanding). A clearer picture has started emerging based on the testimony given by FBI Director James Comey and the Inspectors General of the State Department and the Intelligence Community (OIG), plus a portion of the 30,000-plus e-mails released thus far through FOIA requests by the State Department and other agencies. That picture, based on our assessment, is not a very pretty one.

A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief of staff, and general counsel of FDIC. But the incidents were never reported to the US Computer Emergency Response Team (US-CERT) or other authorities, and were only brought to light after an Inspector General investigation into another serious data breach at FDIC in October of 2015.

The FDIC failed at the time of the "advanced persistent threat" attacks to report the incidents. Then-Inspector General at FDIC, Jon Rymer, lambasted FDIC officials for failing to follow their own policies on breach reporting. Further investigation into those breaches led the committee to conclude that former FDIC CIO Russ Pittman misled auditors about the extent of those breaches, and told employees not to talk about the breaches by a foreign government so as not to ruin FDIC Chairman Martin Gruenberg's chances of confirmation.

The cascade of bad news began with an FDIC Office of the Inspector General (OIG) investigation into the October "Florida incident." On October 23, 2015, a member of the Federal Deposit Insurance Corporation's Information Security and Privacy Staff (ISPS) discovered evidence in the FDIC's data loss prevention system of a significant breach of sensitive data—over 1,200 documents, including Social Security numbers from bank data for over 44,000 individuals and 30,715 banks, were copied to a USB drive by a former employee of FDIC's Risk Management Supervision field office in Gainesville, Florida. The employee had copied the files prior to leaving his position at FDIC. Despite intercepting the employee, the actual data was not recovered from him until March 25, 2016. The former employee provided a sworn statement that he had not disseminated the information, and the matter was dropped.

When we reviewed the Blackphone 2 last September, the company behind the privacy-focused smartphone was in transition. Silent Circle had moved to bring the Blackphone joint venture with the Madrid-based Geeksphone back under its umbrella, hired a telecom industry veteran as CEO, and was fine-tuning its marketing to go after an enterprise audience. The phone’s Android-based operating system, rebranded as Silent OS, became simultaneously more user-friendly and more hardened, paving the way for features that would be incorporated into Android for Work.

Less than a year later, Silent Circle has substantially changed. For starters, that new CEO is gone. Bill Conner resigned June 27 after, as he put it, Silent Circle "extended its privacy leadership into the enterprise as a secure communications SAAS [Software as a Service] company." The company’s general counsel is now serving as interim CEO as it seeks new leadership.

Over the course of the last year, many more core security team members—including co-founder and Chief Technology Officer Jon Callas, Chief Architect Mike Kershaw (AKA "dragorn," creator of the Kismet wireless network security tool), and Chief Security Officer Dan Ford—left the company. Callas remains as an investor, but he now works for Apple. There have also been layoffs.