The Digital Edge Security Team sees it necessary to comment on the current Russian Hacking news.
The situation has been primarily discussed from the political aspect so we wanted to bring awareness to the information technology part of the situation.
On October 7, 2016, the Department of Homeland Security (DHS) and the Office of the Director of National Intelligence (DNI) issued a joint statement on election security compromises. DHS has released a Joint Analysis Report (JAR) attributing to the compromises made to the Russian malicious cyber activity, designated as GRIZZLY STEPPE.
From the information technology stand point – the story isn’t new. The techniques used are the same ones that we’ve see over and over again since the beginning of hacking. The same exact techniques were used by Digital Edge’s team when we were assessing the security of one of our clients. However, the client was not tricked into the same trap that was used to compromise U.S. political party. This demonstrated their great Information Security Policies but most importantly – users’ security awareness.
The tricks are as old as the world. The techniques hackers use are basic, common and easily identified however most do not know what they are. In this day and age it has become almost impossible for hackers to attack a security perimeter form the outside due to advanced firewalls and detection technology. Hackers reserve to a method in which they try to trick users into assisting them and attacking from within the security perimeter; tricking users to work for them. This is why we compiled a small list of the most frequently used methods of hackers and how to depict them. Most will be recognizable except now you will know to avoid them instead of falling into their trap. Digital Edge’s Security Team wants to explain it again with except in simple terms.
Hackers like to send emails to people convincing them to do one of the 3 possible things:
- Open an attachment that contains a virus. This attachment could be an MS Office document, executable, script, Adobe file or any other one that would “carry” a malicious script.
- Click on a link that would bring you to a website that would infect your computer through vulnerability in your web browser. Basically any java script on the site would make the browser do things that it is not supposed to do. Such as downloading and installing a malicious code.
- Click on a link that would look like a legitimate web page and convince you to login. For example, the email would look exactly like AOL email and suggest that the user must change the password. The link in the email would look like aol.com. When clicked, it would redirect you to ao1.com but the page would look exactly like AOL. When the user logs in, the hackers would grab your password and redirect you to the legitimate AOL web site. The user thinks that he mistyped the password, login again and would not even consider that he or she just left her credentials with the malicious web site ao1.com (notice 1 instead of L).
Do any of these sound familiar? Our biggest tip to anyone would be to ignore or delete any suspicious emails that came from an unknown source and now that you know what they usually consist of, you can be aware of any hackers. However, these 3 methods aren’t the only ones out there so we advise you to be cautious either way.
In addition, we suggest using one of online verification websites that can verify an attachment or a link to make sure it is not infected. The Digital Edge Security Team uses:
There are also 3 very important points that The Digital Edge Security Team wants to make:
- There is nothing new or “military grade” or advanced by today’s security standards in the methods and techniques that was used to attack. As stated before, they are all the same methods that have been going on for a while and haven’t changed.
- Hackers do not hack from their own computers. They would “jump” from one computer to another to hide their origination. There will be 3-4 jumps before the attack. This makes it harder to track the hacker. For examples, if an attack is originated from China, it does not necessarily mean that the attacker is Chinese.
- The signatures in the code used to attack the U.S. Political Party that are pointing to Russian hackers do not mean anything as well because:
a. There are many malicious codes available on the black market for free or a small amount of money. This code could be written by a Russian hacker but used by a high school student from Norway. The Black Hat market today is very advanced and is its own huge industry. For example you can rent an environment to launch a criminal act against anybody. You can pay in bit coins to rent thousands of zombies (infected end users’ computers that don’t even know that their machines can be totally controlled by someone else remotely) and launch an attack on the scheduled bases against anybody in the world. Zombies can be note conventional computers. Today zombies can be video cameras, house hold products, car computers and GPS devices, gadgets etc.
b. An author can forge those signatures pretending that he is Russian. And this goes with all hackers not just the ones that hacked the U.S. Political Party.
Digital Edge has worked hard to create the most information secure system for our clients but we stress the awareness of these hackers and their methods as well. As we demonstrated – regardless political association – user’s information security policies and awareness becomes a crucial component that sometimes is even more important that an antivirus or a firewall. Also, a big point we wanted to make was that nowadays anyone can be a hacker, a person of any age, race and ethnicity; this person could as well be in any part of the world despite where the attack came from. We want to keep our clients and their information as safe as possible this being the purpose of this newsletter.
For the full version of joint DHS and FBI report can be found here: https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf