Russia, China, Iran Meddle in 2020 Election (Unsurprisingly)

It comes as no surprise to hear that Russia is up to its old tricks. The patterns of attacks on Joe Biden’s campaign are consistent with those of four years ago, we’re told.

China and Iran are also in on the game: Iran is attacking Trump’s campaign and China is attacking everyone. All this is according to Microsoft, anyway.

AppSec/API Security 2022

Situation normal: all ****ed up. In today’s SB Blogwatch, we Bowdlerize like we’ve never Bowdlerized before.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Blade Runner 2020.

Fancy Bear and Chums Dance on Democracy’s Grave

What’s the craic? Kevin Collier reports—“Russia, China and Iran launched cyberattacks on presidential campaigns”:

 The presidential campaigns are pushing into the final two months of the race — one that has national security officials as well as private companies on edge after Russia’s election manipulation efforts of 2016. … Russia had targeted over 200 organizations, many of which were in some way affiliated with the U.S. election or European policy, including consultants to both major U.S. parties and think tanks, [Microsoft] said.

The Russian government dismissed the allegations, with foreign ministry spokesperson Maria Zakharova saying that “the Russian Federation did not interfere, is not interfering, and will not in any way interfere in the electoral process of the United States.”

F’rinstance? Joel Schectman, Raphael Satter, Christopher Bing, Joseph Menn, Thomas Balmforth, and Jack Stubbs tag-team—“Microsoft believes Russians that hacked Clinton targeted Biden campaign firm”:

 The hacking attempts targeted staff at Washington-based SKDKnickerbocker, a campaign strategy and communications firm working with Biden and other prominent Democrats, over the past two months … according to four people briefed on the matter. … Microsoft Corp identified the suspected hacking group as the same set of spies blamed … for breaking into the campaign of … Hillary Clinton and leaking the emails of her staff, two of the sources said.

The attacks included phishing, a hacking method which seeks to trick users into disclosing passwords, as well as other efforts to infiltrate SKDK’s network … three sources said. … Microsoft believes Fancy Bear is behind the attacks based on an analysis of the group’s hacking techniques and network infrastructure, one of the sources said.

“Fancy Bear,” is controlled by the Russia’s military intelligence agency, according to reports from the U.S. intelligence community. … Former special counsel Robert Mueller … has warned that Russia was meddling in the current campaign.

The Biden campaign said it was aware Microsoft said a foreign actor had tried and failed to access “non-campaign email accounts of individuals affiliated with the campaign.” … Kremlin spokesman Dmitry Peskov dismissed the allegations as “nonsense.”

Horse’s mouth? Microsoft’s Tom Burt—“New cyberattacks targeting U.S. elections”:

 In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns. [It’s] clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported.

Strontium [APT28/Fancy Bear], operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants. Zirconium [APT31/Judgment Panda], operating from China, has attacked high-profile individuals associated with the election, including people associated with the [Biden] campaign and prominent leaders in the international affairs community. Phosphorus [APT35/Charming Kitten], operating from Iran, has continued to attack the personal accounts of people associated with the [Trump] campaign.

What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those they consult on key issues.

We disclose attacks like these because we believe it’s important the world knows about threats to democratic processes. … We also believe more federal funding is needed in the U.S. so states can better protect their election infrastructure … especially as resources are stretched to accommodate the shift in COVID-19-related voting.

I’m shocked—SHOCKED to hear that nation-states are hacking U.S. organizations. raymorris is not:

 This may shock you, but Russia, North Korea, China, and Iran each have small teams of people whose 9-5 job is to try to hack the US. And the US has teams that try to hack them.

They try to hack the White House, the Pentagon, defense contractors, and yes – the guy who will be in the White House next. That’s their job, it’s what they do all day, every day.

Guess what? Today is Friday. … Which means they’ll be sending more phishing emails and whatever else to the White House, the political parties, and the PR firms again today. Because it’s a work day.

But Russia denies it. H.G. Vaper blows smoke up … somewhere: [You’re fired—Ed.]

Putin is the master of plausible deniability. We need to learn how to compete in this field.

The World Economic Forum’s William Dixon riffs while his PR team handholds:

 The use of cyberspace to impact and influence democratic processes is one of the most significant issues that have emerged in recent years. What we might be seeing is the emergence of new strategic “red lines” been drawn in cyberspace. For some, attacks on the integrity of election processes might be a step too far.

The disclosures … indicate that the public outcry or the measures taken by authorities following the 2016 elections have not been sufficient to curb hostile activity. The reports indicate a significant uptick in targeted activity and more needs to be done.

Critically, an outstanding issue is how to identity and address inauthentic behaviour on social media platforms to stop them potentially been used by hostile actors. Ultimately though, these measures will only go so far. The fundamental challenge is how we foster better international cooperation in cyber space.

Time to cut bait? OtakuboyT has an immodest suggestion:

 At this point, why is any campaign still doing anything important on a machine connected to the internet? … Sure they can do email and web video to people and the press. But anything like strategy or any thing even remotely damaging needs to be handled in person.

Is there a silver lining? With a half-full glass, it’s dismuter:

 Maybe China + Iran, most likely to target Republicans to avoid another unfavorable 4 years of Trump, will level the playing field by balancing out Russia who has interests in Trump.

Meanwhile, Nalyd ideates an idea:

 Reverse polarity on internet connections from Russia, Iran, and China during [the] campaign timeframe. Fry their originating networks (that’s how it works, right?)

And Finally:

Red sky at morning—Deckard’s warning

Hat tip: msmash

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Internet Archive (public domain)

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Unlike commercial, or ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 385 posts and counting.See all posts by richi