U.S. Cyber Attacks Against Russia’s Federal News Agency
The United States military has publicly disclosed that it launched a cyber attack against Russia’s Federal News Agency (FAN), the news website arm of the Russian Internet Research Agency (IRA). The U.S. instigate the cyber attacks against what it considered as an alleged Russian-hosted “troll farm” which the U.S. accused of mass producing fake news. The cyber attacks were designed to over utilize the hardware of the target systems, which resulted in failed hard disks and RAID controllers used in the IRA network.
The cyber attacks were made specifically by the U.S. Cyber Command (USCC), a unit directly under the Department of Defense on November 5, 2018. The goal is to prevent any possibility of interference of Russian writers of swaying U.S. voters for the duration of the midterm elections. FAN upon detection of the cyber attacks downplayed the damages absorbed by the IRA’s IT infrastructure, claiming that the attacks were not as successful, contrary to the claim of USCC that their operations were very successful.
“Such an operation would be more of a pinprick that is more annoying than deterring in the long run,” emphasized Thomas Rid, Johns Hopkins University’s Strategic-Studies Professor.
A defense official admitted that the attack was not for the total shutdown of IRA or any Russian facilities, but rather to just “infect a little friction, sow confusion.” The Russian government was not surprised at all with the cyber attacks, as Kremlin was a recipient of many U.S. made cyber attacks in the past, including against computers not connected with Russia’s government like the private companies, legal firms and even private Russian citizens.President Putin’s spokesperson, Dmitry Peskov even stressed that cyber attacks of a nation against another nation is “the reality now in which we live”.
“The US authorities and US Cyber Command personnel showed their incompetence – using all the capabilities of the US National Security Agency, which Snowden mentioned, they are attacking law-abiding legal Russian media, FAN and USA. Really. That is, trying to destroy the freedom of speech. Americans believe that “there is their opinion, but there is a wrong,” explained a FAN IT team member.
The IRA has become a favorite whipping boy every time the U.S. wants to accuse Russia of interfering with its internal affairs. There are lots of claims of Russian operatives using social media and other communication platforms in order to persuade American voters to vote or not to vote for particular candidates. But these accusations remain as accusations, as there was no solid evidence that these operations actually happened. The Internet is an open communication tool for everyone regardless of nationality, and with the growth of social media: Facebook, Twitter, Instagram, and Youtube became venues for people to air their concerns for free and without restrictive feds banning them.
Apparently, the weakest link in the IT security policy of IRA was an employee’s compromised iPhone 7 Plus, with the U.S. military able to infiltrate the internal network of the news organization using the smartphone as a backdoor. For many years, the growth of BYOD (Bring Your Own Devices) in an enterprise environment has been singled out as one of the easiest ways for a 3rd party to penetrate an otherwise restricted internal corporate network. With the BYOD infiltration technique, the USCC was able to crawl its way to IRA’s central server, as the employee with the compromised phone connected his iPhone to his work computer through a USB connection.
The incident triggered the specially-crafted malware to infect the workstation used by the unnamed IRA employee, which coincidentally had admin privilege in the machine (malware usually inherits the access rights of the logged-in user.). With a higher privilege than before, the USCC were also able to capture the user credentials of IRA’s rented Amazon servers located in Estonia and Sweden.
Kevin Jones743 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.