International Cyber Warfare: Still Escalating?

What a week it’s been. It may be wise to consider “unstoppable force, meet immovable object” as the proper description of cyber warfare as the forays get larger, the fallout wider and the defenses more public.

In just a few day’s time:

  • Technology behemoths Alphabet, Facebook and Twitter collectively removed hundreds of tainted accounts said to be tied to Iran and Russia;
  • Microsoft warned of attacks on U.S. political groups and launched a new, tailored security service; and
  • U.S. lawmakers vowed to deepen sanctions against Moscow were it not to behave itself.

As if that weren’t enough the Democratic National Committee said it had detected what it thought was an attempt to hack into its voter database. Fortunately, that turned out to be a false alarm, yet still pointed to fraying nerves as the midterm elections rapidly approach.

Here’s what you need to know...

Hundreds of deleted accounts.

Google parent Alphabet, Facebook and Twitter collectively dismantled hundreds of accounts said to be linked to an Iranian political propaganda scheme and a similar campaign with Russian ties. In total, Facebook removed 254 pages and 392 accounts, including those on its Instagram service. Twitter said it zapped 284 accounts. (via Reuters)

Facebook said the Iran account was traced to state-sponsored media and the Russian one linked to military intelligence services. Iran denied involvement, calling the claims “ridiculous,” and political. Russia also dismissed the accusations, contending that they looked like “carbon copies” of prior allegations.

Security provider FireEye first uncovered the bogus website activity. “This operation is leveraging a network of inauthentic news sites and clusters of associated accounts across multiple social media platforms to promote political narratives in line with Iranian interests,” FireEye said in a blog post. It couldn’t tie the accounts to a specific hacker group but warned that it confirms other bad actors besides Russia are using social media to “shape political discourse.”

Microsoft’s new security service

Microsoft said it has a new service called AccountGuard that's geared to bolster security for U.S. political parties, candidates, and campaigns that use its Office 365 platform. The tool alerts organizations when a user’s account is compromised by nation-state hackers.

On Monday, Microsoft said it had taken over six web domains used by cyber attackers to impersonate the legitimate websites of the U.S. Senate, the vendor’s OneDrive cloud storage service and two conservative policy institutes. Microsoft, which has tied the hacks to the Russian Fancy Bear gangsters, said it has shut down 84 fake websites in the past two years.

“We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” wrote Brad Smith, Microsoft president, in a blog post.

Russia said what amounts to “we don’t know what you’re talking about and neither do you.”

Legislators talk the talk. Do they walk the walk?

On Tuesday, in Banking and Foreign Relations committees and a Judiciary counter terrorism subcommittee, lawmakers pushed for more, harsher sanctions against Russia in part for cyber meddling in the 2016 elections and new hacks directed at the 2018 mid-terms. (via Reuters)

Lawmakers accused the Trump administration of going too easy on Russia. “America is under cyber attack. We’re beginning to act, but not quick enough and not forcefully enough,” Republican Senator Lindsey Graham reportedly said at the Judiciary subcommittee hearing. Still, the question remains, where's the beef?

DNC get hacked again?

On Tuesday, the Democratic National Committee reportedly contacted the FBI to report that a cloud service provider and a security research firm detected a fake login page trying to phish into a service called Votebuilder, which hosts the party’s database.

Turns out it was a false alarm. Rather than an attempted hack, it was a simulated attack conducted by white hat hackers hired by the Michigan Democratic Party, the Washington Post reported. The state party did not notify the national committee in advance of the test, the report said.

Whew...that’s enough for one week, wouldn’t you say?

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.