Sources: IRS believes massive data theft originated in Russia

Washington (CNN) The IRS believes that a major cyber breach that allowed criminals to steal the tax returns of more than 100,000 people originated in Russia, two sources briefed on the data theft tell CNN.

On Tuesday, the Internal Revenue Service announced that organized crime syndicates used personal data obtained elsewhere to access tax information, which they then used to file $50 million in fraudulent tax refunds.

An IRS spokeswoman said the agency does not discuss ongoing investigations.

Continue reading

Russian cyber group seen preparing to attack banks

As described earlier in a previous post, these are essentially proxy groups with state backing. They create a group that allows for plausible deniability, showing no attributable activity.

 

A security firm is warning that a group of Russian hackers known for targeting military, government and media organizations is now preparing to attack banks in the U.S. and elsewhere.

The group’s preparations, which have included writing new malware, registering domain names similar to those of intended targets, and setting up command-and-control servers, were discovered by analysts from security firm Root9B.

Continue reading

Russian hack of White House ‘far more worrisome than has been publicly acknowledged’

The United States has not officially confirmed reports that Russia was responsible for the attack. Continue reading

Pentagon Says Evicted Russian Hackers, Global Cyber Threat Grows

PALO ALTO, California (Reuters) – The United States on Thursday disclosed a cyber intrusion this year by Russian hackers who accessed an unclassified U.S. military network, in a episode Defense Secretary Ash Carter said showed the growing threat and the improving U.S. ability to respond.

Carter cited the newly declassified incident during an address at Stanford University, in which he also warned the Pentagon was ready to help defend America’s networks and to use cyber weaponry, if needed. Continue reading

Russia’s Invasion of White House Computers: The Story Still Has Not Been Told

CNN has made news with this headline: “How the U.S. thinks Russians hacked the White House.”

Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

This is the story that we reported on last October, just before the election, here, here, here, here and here. We got the story due to a tip from a reader. Virtually no one else reported on it.

Continue reading

Russian Hackers Have Been in White House System for Months, Officials Say

Russian hackers penetrated the White House non-public, non-classified computer system for several months last year, forcing the White House to shut down the system for several days, U.S. officials said.

The hacked system is not used for classified information, but is used by the White House advance and press office, the general counsel’s office, and officials in the budget and legislative liaison offices.

Continue reading

How the U.S. thinks Russians hacked the White House

When the Department of Homeland Security mentions the Russians have infected critical industrial control systems with malware, it’s nearly over for America.

They are able to do this through SCADA systems which has been mentioned here as early as 2013 in the following previous posts:

UPDATE 3: U.S. probes cyber attack on water system

Exclusive: Cyberattack leaves natural gas pipelines vulnerable to sabotage

The threat is real, now in motion and eerily resembles ‘grey terror’ as described in Viktor Suvorov’s book, “Spetsnaz: the story behind the Soviet SAS” during the ‘oveture’ phase in chapter 15, titled Spetsnaz’s First World War.

The sword draws closer to America every day.

Please see the source link for the video.

 

Washington (CNN) Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only ever affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

Continue reading

Russia Infiltrates Vital U.S. Computer Networks

Hundreds of thousands of Americans may be at the mercy of Russia.

Hackers successfully breached the unclassified Executive Office of the President (eop) network in October.

“Any such activity is something we take very seriously. In this case, we took immediate measures to evaluate and mitigate the activity,” a White House official said. “Our actions are ongoing, and some have resulted in some temporary outages and loss of connectivity for our users.” Continue reading

Hackers breach some White House computers

Hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks, sources said, resulting in temporary disruptions to some services while cybersecurity teams worked to contain the intrusion.

White House officials, speaking on the condition of anonymity to discuss an ongoing investigation, said that the intruders did not damage any of the systems and that, to date, there is no evidence the classified network was hacked. Continue reading

Russian hackers used flaw in Microsoft Windows to spy on NATO, a new report says

WASHINGTON — A Russian hacking group probably working for the government has been exploiting a previously unknown flaw in Microsoft’s Windows operating system to spy on NATO, the Ukrainian government, a U.S. university researcher and other national security targets, according to a new report.

The group has been active since at least 2009, according to research by iSight Partners, a cybersecurity firm. Its targets in the recent campaign also included a Polish energy firm, a Western European government agency and a French telecommunications firm.

“This is consistent with espionage activity,” said iSight senior director Stephen Ward. “All indicators from a targeting and lures perspective would indicate espionage with Russian national interests.” Continue reading

Hackers’ Attack Cracked 10 Financial Firms in Major Assault

The huge cyberattack on JPMorgan Chase that touched more than 83 million households and businesses was one of the most serious computer intrusions into an American corporation. But it could have been much worse.

Questions over who the hackers are and the approach of their attack concern government and industry officials. Also troubling is that about nine other financial institutions — a number that has not been previously reported — were also infiltrated by the same group of overseas hackers, according to people briefed on the matter. The hackers are thought to be operating from Russia and appear to have at least loose connections with officials of the Russian government, the people briefed on the matter said.

It is unclear whether the other intrusions, at banks and brokerage firms, were as deep as the one that JPMorgan disclosed on Thursday. The identities of the other institutions could not be immediately learned.

The breadth of the attacks — and the lack of clarity about whether it was an effort to steal from accounts or to demonstrate that the hackers could penetrate even the best-protected American financial institutions — has left Washington intelligence officials and policy makers far more concerned than they have let on publicly. Some American officials speculate that the breach was intended to send a message to Wall Street and the United States about the vulnerability of the digital network of one of the world’s most important banking institutions.

“It could be in retaliation for the sanctions” placed on Russia, one senior official briefed on the intelligence said. “But it could be mixed motives — to steal if they can, or to sell whatever information they could glean.” Continue reading

JPMorgan data ‘sent to Russia’ by computers for hire

JPMorgan’s own investigators have found clues that a global network of computers available for hire by sophisticated criminals was used to reroute data stolen from the bank to a major Russian city, according to people familiar with the probe.

Like street magicians using sleight of hand, the hackers tapped computers from Latin America to Asia to send commands and obscure their identity while ferrying malicious traffic past one of the most heavily guarded networks on Wall Street.

Bank investigators working nearly around the clock have identified what they believe to be the assault’s staging ground, called a “bulletproof” hosting platform because of its resilience to other attackers and to law enforcement, according to one of the people, who requested anonymity because of the continuing investigation. The constellation of computers was used in previous hacking attacks and is now being tapped by professional cybercriminals operating out of Eastern Europe to target banks. Continue reading

FBI Examining Whether Russia Is Tied to JPMorgan Hacking

Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe.

The attack resulted in the loss of gigabytes of sensitive data, said the people, who asked not to be identified because the probe is still preliminary. Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are also linked to the attack, one of the people said.

In one case, the hackers used a software flaw known as a zero-day vulnerability in one of the banks’ websites. They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers. The incidents occurred at a low point in relations between Russia and the West. Russian troops continue to mass on the Ukrainian border and the West tightens sanctions aimed at crippling Russian companies, including some of the country’s most important banks. Continue reading

Five unanswered questions about massive Russian hacker database

 There’s still much that’s unclear about Tuesday’s revelation that a small group of hackers in Russia have amassed a database of 1.2 billion stolen user IDs and passwords. The company that disclosed the incident, Hold Security, didn’t offer any fresh information Wednesday, but here are five questions we’d like to see answered (and a bonus one that we already know the answer to).

What are the hackers going to do with them?

The answer to this depends partly on the previous two questions. If they are fresh credentials for important services like online banking, they are ripe to be used to siphon money from online accounts. If they are older or from little-used services, they might be used to send spam by email or post it in online forums. Continue reading

US experts warn of cyberattack risk over further sanctions on Russia

US officials security specialists warn that Russian hackers may answer new sanctions by attacking computer networks of US banks and large companies.

Officials involved in a White House review of the effects of further penalties on Russia did not respond to questions about whether the study explored the risk of cyberattacks. Even so, two sources said it included revisiting previous classified exercises in which small numbers of computer experts showed they were able to cripple the United States economy in a few days.

Cybersecurity specialists consider Russian hackers among the world’s best at infiltrating networks and say evidence exists that they have already inserted malicious software on computers in the US. Continue reading