The Hacker and the State by Ben Buchanan

Author:Ben Buchanan
Language: eng
Format: epub
Publisher: Harvard University Press

Going Public

Once it had penetrated its targets, the GRU was ready to put its access to use. It already had numerous emails from Podesta and other Democratic staffers, but it wanted to mine the political organizations’ files, too. Working within the DNC and DCCC networks, the GRU took thousands of screenshots and recorded large quantities of keystrokes. The GRU, studying the two committees from the inside, learned how they collaborated in boosting Democrats’ chances in the coming elections. From their privileged perch, the hackers could view wide expanses of normally hidden information.

But, just as their information-gathering operation was hitting full stride, the hackers made a curious move: on April 12, they tried to register the web domain name electionleaks.com, paying $37 in cryptocurrency to a Romanian company to do so. But, having somehow botched the registration and lost the right to that domain, they came back a week later, on April 19, to register a second choice, DCLeaks.com.22 DCLeaks remained dormant throughout April and May of 2016, but in hindsight, the registration was an early clue that the GRU had aims beyond simple espionage.

The second clue to the GRU’s ambitions is that it sought certain kinds of information in the Democratic networks. The hackers weren’t after the sort of intelligence gathered in traditional cyber espionage operations against candidates. They did not seem to care much about predicting how Hillary Clinton would act as president or understanding her policy priorities, perhaps because they already perceived her to be hostile toward Russia. Instead, the GRU’s focus was on content that was politically explosive, even if it offered little forward-looking insight.

The GRU hackers sifted through the networks using search terms like “Hillary,” “Trump,” and “Cruz.” They copied entire folders related to the Benghazi investigations, a politically hot topic that had little relevance to substantive foreign policy matters. They snapped up opposition research on Republican candidates and plans for field operations to increase Democratic turnout in the fall. The finances of the Democratic organizations also seemed particularly interesting to them.23

The documents of interest to the GRU hackers amounted to many gigabytes of information. Moving that much data out of the network at once might have attracted the attention of network defenders and revealed the GRU’s illicit presence. To better hide their activities, the hackers used a technique called file compression to reduce the size of the documents they wanted to exfiltrate. They then deployed encryption to obscure the true contents of the files before copying them en masse off the Democratic organizations’ networks and back to Russia.24

The GRU was also after the DNC’s messages. In May, the hackers targeted the organization’s email servers housing many thousands of employee messages. With their privileged access to DNC systems, the hackers were able to access many emails at once, without having to compromise the passwords of individual employees. They vacuumed up these messages, exfiltrated them via their command-and-control system, and stored them for later use.25 They also found their way into the DNC’s cloud-based systems, and copied information from them, as well.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.