https://theintercept.com/2018/07/18/mueller-indictment-russian-hackers/
really interesting read covering the recent indictments announced
by Rosenstein.
it includes details on the DNC hack and counter-attack.
check yo VPN session, comrade!
seth rich, DNC server(s), wikileaks, Guccifer 2.0....
really interesting read covering the recent indictments announced
by Rosenstein.
it includes details on the DNC hack and counter-attack.
check yo VPN session, comrade!
To take over first the DCCC network and then the DNC network, GRU hackers, according to the indictment, used a spear-phishing email, which tricked the recipient into entering their password on a malicious site. They then used the victim’s credentials to access DCCC’s internal network and installed custom malware called X-Agent on “at least ten DCCC computers,” according to the indictment. Soon thereafter, the indictment states, the hackers pivoted to DNC’s network. From one of the DCCC computers, the Russian hackers allegedly “activated X-Agent’s keylog and screenshot functions to steal credentials of a DCCC employee who was authorized to access the DNC network.” Armed with DNC login credentials, they were able to access “approximately thirty-three DNC computers.” Once on the DNC network, they compromised DNC’s Microsoft Exchange Server, gaining access to thousands of emails.
On July 14, Guccifer 2.0 sent an email to WikiLeaks that included an encrypted attachment named “wk dnc link1.txt.gpg.” But the body of the email was plaintext — unencrypted and vulnerable to interception by third parties. The indictment says that the unencrypted body explained that “the encrypted file contained instructions on how to access an online archive of stolen DNC documents.” Four days later, WikiLeaks responded to this email in another plaintext email, saying that it had received “the 1Gb or so archive” and would release the documents that week.
On July 22, WikiLeaks published a database containing the hacked DNC emails.
...
Two and a half weeks after publishing the DNC emails, while being interviewed on a Dutch television show, WikiLeaks editor Julian Assange encouraged a conspiracy theory that DNC staffer Seth Rich, who had just recently been killed in what the D.C. police say was a botched robbery, was his source for the DNC emails.
...a top-secret document describing in detail a GRU plot to hack American election vendor VR Systems, and then target its customers — local election officials in swing states — with a spear-phishing campaign.
At least some state election officials learned about GRU’s spear-phishing attack from reading about it in the news, not from the federal government — prompting two of them, North Carolina and Virginia, both VR Systems customers, to begin searching their internal emails for evidence of being targeted by the spear-phishing campaign
The fact that the U.S. government had access to the keystrokes and screenshots collected by the C2 server, and even knew at what point in time the GRU agents deleted the activity logs and login history from the server, leads me to believe that the hosting provider likely started to cooperate with the investigation, including possibly sharing snapshots of the hard drive connected to the C2 server. This would allow the investigators to have access to this information.
It also appears that the hackers were unaware that the DNC was on to them until after CrowdStrike published their findings. They appeared to have deleted logs from their C2 server after U.S. investigators already had access to it.
seth rich, DNC server(s), wikileaks, Guccifer 2.0....