National Security

Growing evidence suggest recent hacks the work of Russian-backed cyber militias

Chief intelligence correspondent Catherine Herridge reports from Washington

 

Growing evidence suggests the recent cyber-attacks on top Democratic Party groups and the possible breach of Clinton Foundation computers are connected to Russian-backed cyber militias, say a former Defense Department official and other security experts.

"This clearly has all indications of a larger strategic intelligence gathering operation," Bob Gourley, a former IT specialist at the Defense Intelligence Agency, told Fox News.

Tom Kellerman, CEO of the next-generation technology group Strategic Cyber Ventures, also thinks the attacks are linked, based on circumstantial evidence such as the sequence of events.  

"It's not surprising to me," said Kellerman, arguing that as of last summer 2,600 of Washington’s most influential people and their spouses were targeted by cyber-attacks from Russia in what was called “Operation Pawn Storm."

Based on available data and what's known of the time line on the recent attacks, the first was on the Democratic National Committee.

Then hackers "island hopped" to other computer networks after staffers at the Democratic Congressional Campaign Committee and perhaps elsewhere opened phishing emails from which their user IDs, passwords and other credentials were stolen.

The FBI is investigating the breaches at the DNC, made public in late July, and the DCCC, announced earlier this month. It is not clear whether that work has expanded with the apparent targeting of the Clinton Foundation.

Gourley, now a partner at the strategic consulting and engineering firm Cognitio, also told Fox News about a new hacking method known as “malvertising,” which takes advantage of how the internet is now designed to deliver targeted ads to visitors.

"People are deceived into clicking a link,” Gourley explained. “After that foothold is established, the malicious code, the real hackers get to work and grow out from there."

Russian President Vladimir Putin's government denies direct involvement, but Russian intelligence is thought to routinely use cyber gangs to do its bidding and to create plausible deniability.

"Within the former Soviet bloc, Russian-speaking hackers pay homage as cyber-militia members to the regime in Russia,” Kellerman said. “They act as proxies … when called upon to leverage their sophisticated tool sets and attack against victims in the U.S.”

He also warned about the NSA earlier this week posting for auction some of its most powerful spying tools -- considered electronic lock picks with code names such as "buzzdirection" and "epicbanana."

"The distribution of that cyber arsenal to the wild allows for literally a cyber forest fire to occur against U.S. corporations and government agencies," Kellerman said.

The codes -- created by a group of elite NSA hackers -- were believed stolen in 2013, at the same time former contractor Edward Snowden was copying thousands of NSA surveillance documents.

Snowden is still in Russia, and experts are not ruling out a DNC connection.

"The only links are circumstantial," Gourley said. “It's a very interesting timing that would occur right now after someone sat on that code for over three years."

Catherine Herridge is an award-winning Chief Intelligence correspondent for FOX News Channel (FNC) based in Washington, D.C. She covers intelligence, the Justice Department and the Department of Homeland Security. Herridge joined FNC in 1996 as a London-based correspondent.