on
Italy
- Get link
- Other Apps
A report by Reuters suggests that the
FBI was aware of a possibly Russian-sponsored intrusion into the network
of the Democratic National Committee as early as last fall. But
investigators from the FBI only initially told DNC staff that they
should be on the lookout for strange activity on their network—and the
feds didn't mention a potential state-sponsored attack until they
informed the Clinton campaign in March about a phishing campaign.
Unnamed DNC staffers told Reuters' Mark Hosenball and John Walcott
that the FBI had been investigating a potential intrusion into the
DNC's network since the fall of 2015. After the initial warning to look
for anything suspicious, DNC IT staff checked network logs and scanned
files, finding nothing suspicious. When asked to provide more
information to help identify a problem, the FBI "declined to provide
it," according to the Reuters report.
It was not until March that the DNC IT team
realized the severity of the intrusion of their systems, though Reuters
did not report what triggered their realization. At about the same time,
the FBI reportedly warned the Clinton campaign of the attempted
attacks, according to a Yahoo News report. Spear-phishing attacks were
detected in March and April against the DNC and the presidential
campaign organization of Hillary Clinton by the security company
SecureWorks, as Ars has previously reported.
Part of the reason why the attack may have
persisted for so long was that the DNC may not have had much in the way
of a security team to begin with. Much of the technology work for the
websites, fundraising, and field support for the DNC (as well as the
Clinton campaign and the Democratic Congressional Campaign Committee) is
provided by outside organizations, including NGP VAN and ActBlue.
Several sources Ars has spoken to have said that there was little in
the way of an internal information security team at DNC prior to the
intrusion.
Despite being aware of the possible breach in
March, the degree of access that the attackers had wasn't clear until
June, after the DNC brought in the security firm CrowdStrike and other
experts to assist. For more than two more months, the alleged "Fancy
Bear" and "Cozy Bear" threat groups, purportedly associated with Russian
intelligence agencies, were allowed to continue to siphon data out of
the network and spread. After detection, the "Fancy Bear" group
apparently re-established its intrusion on the systems of the Democratic
Congressional Campaign Committee, hacking a Web server and redirecting
would-be donors to a malicious website as Ars reported last month.
It's not clear how widely the DNC IT staff
warned the rest of the committee's staff once the breach was discovered;
it's also not clear if anyone understood what was going on. A May
e-mail from one DNC staffer noted warning messages of a possible "state
actor" hack of her Yahoo e-mail account despite frequently changing passwords.
An FBI spokesperson refused to comment on the Reuters report because of the ongoing investigation into the case.
Comments
Post a Comment