Iran and Russia Seek to Influence Election in Final Days, U.S. Officials Warn

“But they have gone from propaganda to deliberate interference in this election,” John Hultquist, the senior director of FireEye, a Silicon Valley security firm, said after Wednesday’s announcement.“Their focus here is to prey on existing fears that election infrastructure will be subverted and hacked, as well as fears of voter intimidation,” he said.Iran may not have had to hack the data it used for the emails, instead it simply may have bought the information. In recent days, Trustwave, a cybersecurity firm, discovered voter databases for sale on the dark web and alerted the F.B.I. The databases would be “highly desirable to U.S. adversaries,” said Mark Whitehead, a global vice president at the firm. Hackers, he said, are merging public information with material stolen in data breaches and selling the result.“The consumer and voter databases that we discovered hackers are currently selling significantly lowers the barrier to entry for nation-states to execute sophisticated phishing, disinformation and intimidation campaigns,” Mr. Whitehead said.Mr. Ratcliffe and Mr. Wray said little about Russia, but until the wave of fake emails, Moscow had been the No. 1 concern of the National Security Agency, the United States Cyber Command and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which has responsibility for helping states secure their voting systems.Two weeks ago, Cyber Command, a part of the military, helped paralyze a complex network developed by Russian-speaking hackers and used in ransomware attacks on cities and towns across the United States, along with on many companies. Microsoft led a team of firms doing the same, armed with court orders that enabled them to take down the command-and-control servers used to distribute the tools, which are called TrickBot. The move was made to disrupt the system so that it could not be used to lock up voter registration systems.In recent days, another Russian hacking group called Energetic Bear, often linked to the F.S.B. — one of the successors to the Soviet Union’s K.G.B. — appears to have focused its attentions on gaining access to state and local government networks. That has caught the attention of federal investigators because, until now, the group had largely targeted energy firms, including public utilities.

Source link