March 6, 2017
In the latest attempt to steer the political narrative away from Trump’s wiretapping accusations and back to Russian hackers, Bloomberg‘s Michael Riley is reporting this morning that at least a dozen liberal groups in the U.S. have been targeted in a new wave of new cyber attacks. Apparently those hackers are scouring the emails of left-leaning organizations for embarrassing details and attempting to extract hush money in the form of, drumroll, “evil, anti-establishment” bitcoin.
At least a dozen groups have faced extortion attempts since the U.S. presidential election, said the people, who provided broad outlines of the campaign. The ransom demands are accompanied by samples of sensitive data in the hackers’ possession.
In one case, a non-profit group and a prominent liberal donor discussed how to use grant money to cover some costs for anti-Trump protesters. The identities were not disclosed, and it’s unclear if the protesters were paid.
At least some groups have paid the ransoms even though there is little guarantee the documents won’t be made public anyway. Demands have ranged from about $30,000 to $150,000, payable in untraceable bitcoins, according to one of the people familiar with the probe.
Of course, in what has become a journalistic norm, all of the details from Bloomberg come from two anonymous people “familiar with probes being conducted by the FBI and private security firms.”
And while Bloomberg admits that “attribution is notoriously difficult in a computer attack,” they go ahead and assert that all cyber crimes are perpetrated by Russian based groups anyway.
The hackers have used some of the techniques that security experts consider hallmarks of Cozy Bear, one of the Russian government groups identified as behind last year’s attack on the Democratic National Committee during the presidential election and which is under continuing investigation. Cozy Bear has not been accused of using extortion in the past, though separating government and criminal actors in Russia can be murky as security experts say some people have a foot in both worlds.
Both the Center for American Progress and Arabella Advisors are among the groups that have been asked to pay ransoms.
The Center for American Progress, a Washington think tank with strong links to both the Clinton and Obama administrations, and Arabella Advisors, which guides liberal donors who want to invest in progressive causes, have been asked to pay ransoms, according to people familiar with the probes.
It’s unclear whether Arabella is part of the same campaign as the other dozen groups, according to one of the people familiar with the probes, but the tactics and approach are similar.
If the Arabella attack came from a different group, multiple criminals could be lifting a page from Russia’s hacking of the 2016 campaign, attempting to leverage the reputational damage that could be inflicted on political organizations by exposing their secrets.
“Arabella Advisors was affected by cyber crime,” said Steve Sampson, a spokesman for the firm, which lists 150 employees operating in four offices. ’’All facts indicate this was financially motivated.’’ Allison Preiss, a spokeswoman for the Center for American Progress, said the group had no comment.
Meanwhile, the FBI declined to comment on these latest accusations, at least officially, while John Hultquist, director of cyber espionage analysis at FireEye Inc., said he would be “cautious concluding that this has any sort of Russian government backing.”
The Federal Bureau of Investigation declined to comment when asked about the latest hacks. It is continuing to investigate Russia’s attempts to influence the election and any possible connections to Trump campaign aides. Russian officials have repeatedly denied any attempt to influence the election or any role in related computer break-ins.
“I would be cautious concluding that this has any sort of Russian government backing,” said John Hultquist, director of cyber espionage analysis at FireEye Inc., after the outline of the attacks was described to him. “Russian government hackers have aggressively targeted think tanks, and even masqueraded as ransomware operations, but it’s always possible it is just another shakedown.”
More Russian hacking or just more “fake news,” you decide.
This article was posted: Monday, March 6, 2017 at 10:49 am