Experts in autocracies have pointed out that it is, unfortunately, easy to slip into normalizing the tyrant, hence it is important to hang on to outrage. These incidents which seem to call for the efforts of the Greek Furies (Erinyes) to come and deal with them will, I hope, help with that. As a reminder, though no one really knows how many there were supposed to be, the three names we have are Alecto, Megaera, and Tisiphone. These roughly translate as “unceasing,” “grudging,” and “vengeful destruction.”
While we have all been concentrating on Kavanazi (and rightly so), and getting out the vote (also rightly so), Mother Jones (also rightly) decided that this week is the week to re-link to an article from the May-June issue … regarding hacking.
We had a taste in 2016 about what Russian hacking can do; not of course, that we really know what was actually done by Russian hacking, because there was so much more hanky-panky it hasn’t been sorted out yet (and I for one am happy not taking a look if keeping it quiet will result in convictions and imprisonments.) But that was 2016. If we take a look at what Russia has been doing in other nations since, we will definitely see that whatever they did then, they are definitely capable of more now.
[Ukraine, June, 2017] Across Ukraine that day, cash registers suddenly shut down. People trying to withdraw money saw ransom demands appear on ATM screens. Lawmakers in the country’s parliament could not access their laptops. Turnstiles in Kiev’s subway stopped working, and departure boards at the airport went down. Technicians at Chernobyl, the site of the deadly nuclear disaster in 1986, had to manually check radiation levels after their computers failed.
Does that scare you? It should. Because any kind of attack that Russia makes on any other nation could be used against the United States too.
Terrell Jermaine Starr, who wrote this article, The Russian Hacking of 2016 Was Just a Taste. Here’s What We Could Be In For., spent much time speaking with many experts – too much and too many for fair use to do it justice. There are descriptions of what our current regime is not doing to prepare for attack – despite the fact that money has been appropriated for preparation. There’s a brief but chilling introduction to the “NotPetya” tool, so named because it makes an older tool, “Petya,” look like “Pong.” Plus, there is a podcast embedded.
There is also a link to a newer Mother Jones article – The Midterm Elections Are in Serious Danger of Being Hacked, Thanks to Trump – which goes more deeply into what happened here in 2016, and it also has an embedded podcast.
To top off the scariness, Wired recently put up an article which describes a new tool that Fancy Bear (you remember that, right? The GRU code name for the international cyberwar project which spawned, among other things, all the troll farms?) has acquired.
THE FANCY BEAR hacking group has plenty of tools at its disposal, as evidenced by its attacks against the Democratic National Committee, the Pyeongchang Olympics, and plenty more. But cybersecurity firm ESET appears to have caught the elite Russian team using a technique so advanced, it hadn’t ever been seen in the wild until now.
ESET found what’s known as a UEFI rootkit, which is a way to gain persistent access to a computer that’s hard to detect and even harder to clean up, on an unidentified victim’s machine. The technique isn’t unheard of; researchers have explored proofs of concept in the past, and leaked files have indicated that both the CIA and the independent exploit-focused company Hacking Team have had the capability. But evidence that it has happened, in the form of malware called LoJax, represents a significant escalation in the Fancy Bear — which ESET calls Sednit — toolkit.
If that second quoted paragraph reads like mostly nonsense syllables to you, you’re not alone; I feel the same. But if there’s one thing I have learned, it’s that, if tech people say something is dangerous, it’s dangerous, and you don’t want to find out exactly how dangerous – through experience – if you can help it.
So what can we do? If we aren’t in the government and are just ordinary people? Besides scream our heads off (constructively, through letters and petitions)? Actually, i love to know what we can do. But there is one thing I do know that we can do, if we are volunteering on a campaign or know someone who is. We can find out who is in charge of IT for the campaign, and we can do whatever we have to do to make sure that person read this story from Daily Kos: Russian army hackers are attacking our elections now. Defend yourself with MFA. And that is true even if the only thing the candidate is running for is City Council. Or Dogcatcher, if that is still an elected position anywhere.
MFA stands for Multi-Factor Authentication, not that most of us need to know that, but of course IT people do. Not all the details are in the story, but there is some interesting, if scary, background on why it’s needed. And it’s not a cure-all, but it is a bare minimum security need for a campaign.
Dear Furies, I don’t know which Democratic campaigns are more protected and which are less protected. But I’ll bet you can find out which, and find out who is responsible for the IT. And then you can pursue them with all your strength and bedevil them until they put in the protection they need. And we will help where we can.
The Furies and I will be back.
Cross posted to Care2 HERE.
8 Responses to “Everyday Erinyes #139”
Sorry, the comment form is closed at this time.
The Dutch government has just thrown four Russians out of the country because they were caught red-handed when they attempted a hacking attack on the UN chemical weapons watchdog (OPCW) and were also linked to operations in Brazil, Switzerland and Malaysia. The Malaysia events were allegedly related to the investigation into the 2014 shooting down of flight MH17 over Ukraine.
So yes, it is quite believable that the Russians will attempt to hack into the midterm elections, or are already doing that now. And Drumpf wants it to be so, because he’s either denying it is happening or pretending to ignore it is happening.
Personally, if I don’t recognize a call I block it. I don’t click into my computer for unknown links as I’ve been hacked (a couple years ago), and since I’m not the brightest kernel of corn re: how ‘things’ work…I took it to a trusted source to get it remedied, but I’m super cautious even now. Call me old fashioned, but I only use paper, and it’s worked well for me. (Like writing postcards to a mailing list for early mid-elections.)
dt doesn’t care about any of our concerns, obviously, as evidenced by his lack of concern, and his alliance with Russia, which is scary in of itself.
The concern I have is the Fancy Bear proliferation, alongside with the frightening MJ article, and what the IT folks can do to remedy this.
Furies, hope that you can successfully fix this…Thanks, Joanne for a most insightful post.
DT is a piece of useless garbage, at best, on his best day, and does not care that the Russians may be targeting any country! On the other hand, THIS may be WWIII, just beginning. No weapons of mass destruction, in the common sense, thus no radiation to hurt the Kremlin! And at whom would one shoot, anyway? At your computer? We don’t need a space army, so Dumpy can fund the munitions industry still further, we need an IT army! Maybe we already have one, I don’t know. Perhaps I should not know. I don’t know.
Hacking has gotten to be a very serious problem, not just in USA but, around the world in many countries. Yes, the Russians are behind a majority of them.
Drumpf is blaming the Chinese rather than the Russians. Drumpf is appeasing Putin to help erase his debt by helping to tear down USA’s democracy. Bought Bitch Mitch McConnell is enabling Drumpf in every way he can. Yes, paper trails are very important. Electronic machines cannot be trusted at all as past history has already proven it all out.
.
JD, I know what a lot of that means, and I agree it’s scary as hell!
Great Job.
I actually figured you would know what a lot of that means, you having a server. Be sure you protect yourself (as if you didn’t!)
Now we need this terrible trio to go after all of the Senators who voted for Kava-nazi – especially that traitoress Collins! Show no mercy! Scourge their asses till they are bloody!
I actually trust the voters to do that – IF their votes can be accurately counted and certified. That’s what they need to be taking care of now and probably through November.