Breakthrough Web Design - 515-897-1144 - Web sites for businesses
News & Entertainment for Mason City, Clear Lake & the Entire North Iowa Region

Founded October 1, 2010


Statement on Russian malicious cyber activity from U.S. government


This news story was published on December 29, 2016.
Advertise on NIT Subscribe to NIT

WASHINGTON, D.C. – The United States Department of Homeland Security released the following statement today, accusing the Russian government of a malicious cyber activity here and abroad the attempts to influence public opinion:

On October 7, 2016, Secretary Johnson and Director Clapper issued a joint statement that the intelligence community is confident the Russian Government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations, and that the disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks are consistent with the Russian-directed efforts. The statement also noted that the Russians have used similar tactics and techniques across Europe and Eurasia to influence public opinion there.

Today, DHS and FBI released a Joint Analysis Report (JAR) which further expands on that statement by providing details of the tools and infrastructure used by Russian intelligence services to compromise and exploit networks and infrastructure associated with the recent U.S. election, as well as a range of U.S. government, political and private sector entities.

This activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the U.S. Government and its citizens. These cyber operations have included spearphishing, campaigns targeting government organizations, critical infrastructure, think tanks, universities, political organizations, and corporations; theft of information from these organizations; and the recent public release of some of this stolen information. In other countries, Russian intelligence services have also undertaken damaging and disruptive cyber-attacks, including on critical infrastructure, in some cases masquerading as third parties or hiding behind false online personas designed to cause victim to misattribute the source of the attack. The Joint Analysis Report provides technical indicators related to many of these operations, recommended mitigations and information on how to report such incidents to the U.S. Government.

A great deal of analysis and forensic information related to Russian government activity has been published by a wide range of security companies. The U.S. Government can confirm that the Russian government, including Russia’s civilian and military intelligence services, conducted many of the activities generally described by a number of these security companies. The Joint Analysis Report recognizes the excellent work undertaken by security companies and private sector network owners and operators, and provides new indicators of compromise and malicious infrastructure identified during the course of investigations and incident response. The U.S. Government seeks to arm network defenders with the tools they need to identify,, detect and disrupt Russian malicious cyber activity that is targeting our country’s and our allies’ networks.

We encourage security companies and private sector owners and operators to look back within their network traffic for signs of the malicious activity described in the Joint Analysis Report. We also encourage such entities to utilize these indicators in their proactive defense efforts to block malicious cyber activity before it occurs. DHS has already added these indicators to its Automated Indicator Sharing service, which provides indicators of malicious cyber activity at machine speed. Entities that are participating in this service have already implemented these indicators for the network protection activities.

Entities that find signs of this malicious cyber activity should report it to the FBI through CyWatch or its local field offices or to DHS’s National Cybersecurity and Communications Integration Center (NCCIC).

WHITE HOUSE TO IMPOSE SANCTIONS ON RUSSIA IN RESPONSE TO HACKING:

FACT SHEET: Actions in Response to Russian Malicious Cyber Activity and Harassment

Today, President Obama authorized a number of actions in response to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election in 2016.  Russia’s cyber activities were intended to influence the election, erode faith in U.S. democratic institutions, sow doubt about the integrity of our electoral process, and undermine confidence in the institutions of the U.S. government.  These actions are unacceptable and will not be tolerated.

Sanctioning Malicious Russian Cyber Activity

In response to the threat to U.S. national security posed by Russian interference in our elections, the President has approved an amendment to Executive Order 13964.  As originally issued in April 2015, this Executive Order created a new, targeted authority for the U.S. government to respond more effectively to the most significant of cyber threats, particularly in situations where malicious cyber actors operate beyond the reach of existing authorities.  The original Executive Order focused on cyber-enabled malicious activities that:

  • Harm or significantly compromise the provision of services by entities in a critical infrastructure sector;
  • Significantly disrupt the availability of a computer or network of computers (for example, through a distributed denial-of-service attack); or
  • Cause a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain (for example, by stealing large quantities of credit card information, trade secrets, or sensitive information).

The increasing use of cyber-enabled means to undermine democratic processes at home and abroad, as exemplified by Russia’s recent activities, has made clear that a tool explicitly targeting attempts to interfere with elections is also warranted.  As such, the President has approved amending Executive Order 13964 to authorize sanctions on those who:

  • Tamper with, alter, or cause a misappropriation of information with the purpose or effect of interfering with or undermining election processes or institutions.

Using this new authority, the President has sanctioned nine entities and individuals:  two Russian intelligence services (the GRU and the FSB); four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations.

  • The Main Intelligence Directorate (a.k.a. Glavnoe Razvedyvatel’noe Upravlenie) (a.k.a. GRU) is involved in external collection using human intelligence officers and a variety of technical tools, and is designated for tampering, altering, or causing a misappropriation of information with the purpose or effect of interfering with the 2016 U.S. election processes.
  • The Federal Security Service (a.k.a. Federalnaya Sluzhba Bezopasnosti) (a.k.a FSB) assisted the GRU in conducting the activities described above.
  • The three other entities include the Special Technology Center (a.k.a. STLC, Ltd. Special Technology Center St. Petersburg) assisted the GRU in conducting signals intelligence operations; Zorsecurity (a.k.a. Esage Lab) provided the GRU with technical research and development; and the Autonomous Noncommercial Organization “Professional Association of Designers of Data Processing Systems” (a.k.a. ANO PO KSI) provided specialized training to the GRU.
  • Sanctioned individuals include Igor Valentinovich Korobov, the current Chief of the GRU; Sergey Aleksandrovich Gizunov, Deputy Chief of the GRU; Igor Olegovich Kostyukov, a First Deputy Chief of the GRU; and Vladimir Stepanovich Alexseyev, also a First Deputy Chief of the GRU.

In addition, the Department of the Treasury is designating two Russian individuals, Evgeniy Bogachev and Aleksey Belan, under a pre-existing portion of the Executive Order for using cyber-enabled means to cause misappropriation of funds and personal identifying information.

  • Evgeniy Mikhailovich Bogachev is designated today for having engaged in significant malicious cyber-enabled misappropriation of financial information for private financial gain.  Bogachev and his cybercriminal associates are responsible for the theft of over $100 million from U.S. financial institutions, Fortune 500 firms, universities, and government agencies.
  • Aleksey Alekseyevich Belan engaged in the significant malicious cyber-enabled misappropriation of personal identifiers for private financial gain.  Belan compromised the computer networks of at least three major United States-based e-commerce companies.

Responding to Russian Harassment of U.S. Personnel 

Over the past two years, harassment of our diplomatic personnel in Russia by security personnel and police has increased significantly and gone far beyond international diplomatic norms of behavior.  Other Western Embassies have reported similar concerns.  In response to this harassment, the President has authorized the following actions:

  • Today the State Department declared 35 Russian government officials from the Russian Embassy in Washington and the Russian Consulate in San Francisco “persona non grata.”  They were acting in a manner inconsistent with their diplomatic status. Those individuals and their families were given 72 hours to leave the United States.
  • In addition to this action, the Department of State has provided notice that as of noon on Friday, December 30, Russian access will be denied to two Russian government-owned compounds, one in Maryland and one in New York.

Raising Awareness About Russian Malicious Cyber Activity 

The Department of Homeland Security and Federal Bureau of Investigation are releasing a Joint Analysis Report (JAR) that contains declassified technical information on Russian civilian and military intelligence services’ malicious cyber activity, to better help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities.

  • The JAR includes information on computers around the world that Russian intelligence services have co-opted without the knowledge of their owners in order to conduct their malicious activity in a way that makes it difficult to trace back to Russia. In some cases, the cybersecurity community was aware of this infrastructure, in other cases, this information is newly declassified by the U.S. government.
  • The report also includes data that enables cybersecurity firms and other network defenders to identify certain malware that the Russian intelligence services use.  Network defenders can use this information to identify and block Russian malware, forcing the Russian intelligence services to re-engineer their malware.  This information is newly de-classified.
  • Finally, the JAR includes information on how Russian intelligence services typically conduct their activities.  This information can help network defenders better identify new tactics or techniques that a malicious actor might deploy or detect and disrupt an ongoing intrusion.

This information will allow network defenders to take specific steps that can often block new activity or disrupt on-going intrusions by Russian intelligence services.  DHS and FBI are encouraging security companies and private sector owners and operators to use this JAR and look back within their network traffic for signs of malicious activity. DHS and FBI are also encouraging security companies and private sector owners and operators to leverage these indicators in proactive defense efforts to block malicious cyber activity before it occurs. DHS has already added these indicators to their Automated Indicator Sharing service.

Cyber threats pose one of the most serious economic and national security challenges the United States faces today.  For the last eight years, this Administration has pursued a comprehensive strategy to confront these threats.  And as we have demonstrated by these actions today, we intend to continue to employ the full range of authorities and tools, including diplomatic engagement, trade policy tools, and law enforcement mechanisms, to counter the threat posed by malicious cyber actors, regardless of their country of origin, to protect the national security of the United States.

President Obama’s statement:

Today, I have ordered a number of actions in response to the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election. These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior.

All Americans should be alarmed by Russia’s actions. In October, my Administration publicized our assessment that Russia took actions intended to interfere with the U.S. election process. These data theft and disclosure activities could only have been directed by the highest levels of the Russian government. Moreover, our diplomats have experienced an unacceptable level of harassment in Moscow by Russian security services and police over the last year. Such activities have consequences. Today, I have ordered a number of actions in response.

I have issued an executive order that provides additional authority for responding to certain cyber activity that seeks to interfere with or undermine our election processes and institutions, or those of our allies or partners. Using this new authority, I have sanctioned nine entities and individuals: the GRU and the FSB, two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations. In addition, the Secretary of the Treasury is designating two Russian individuals for using cyber-enabled means to cause misappropriation of funds and personal identifying information. The State Department is also shutting down two Russian compounds, in Maryland and New York, used by Russian personnel for intelligence-related purposes, and is declaring “persona non grata” 35 Russian intelligence operatives. Finally, the Department of Homeland Security and the Federal Bureau of Investigation are releasing declassified technical information on Russian civilian and military intelligence service cyber activity, to help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities.

These actions are not the sum total of our response to Russia’s aggressive activities. We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized. In addition to holding Russia accountable for what it has done, the United States and friends and allies around the world must work together to oppose Russia’s efforts to undermine established international norms of behavior, and interfere with democratic governance. To that end, my Administration will be providing a report to Congress in the coming days about Russia’s efforts to interfere in our election, as well as malicious cyber activity related to our election cycle in previous elections.

Leave a Reply

Your email address will not be published.

 characters available

8 Responses to Statement on Russian malicious cyber activity from U.S. government

  1. Avatar

    Anonymous Reply Report comment

    December 31, 2016 at 9:34 am

    You demorats might want to step back and see who your friends are – Over half of Americans know your not for the good of America -2 you demorats are at war with Israel and Russia while the loyal Americans want peace with both – I would hate to be in your shoes when they send over some peace keepers.

  2. Avatar

    Lloyd Reply Report comment

    December 30, 2016 at 9:55 pm

    odummy did the samething to Israel and there elections last year but that’s ok . Mother Fakers !

  3. Avatar

    Anonymous Reply Report comment

    December 30, 2016 at 8:55 am

    Hey black bart we hope you choke on that 75 k you stole from the wcda – the poor people in Manly really don’t deserve do they ???

  4. Avatar

    Anonymous Reply Report comment

    December 30, 2016 at 8:51 am

    The 35 Russian diplomats are going to be transferred to a sanctuary city for 22 days till Trumps kicks obammmas azz out the White House BACK DOOR – Russia is not going to expel our US diplomats in Russia – Good By obama and the corrupt demorat party. Con Artists at their filthy best.

  5. Avatar

    Anonymous Reply Report comment

    December 30, 2016 at 8:46 am

    So says the demorats – if it were not for WiKi leaks and Assange the American public would not have known just how Corrupt our Government is. DRAIN THE SWAMP !

  6. Avatar

    Carly Reply Report comment

    December 30, 2016 at 7:25 am

    Where is the proof they hacked the “Election”. Come on main stream media get the facts right for a change. What got hacked was John podesta which gave us an insight into what goes on behind the scenes.

  7. Avatar

    Anonymous Reply Report comment

    December 30, 2016 at 7:02 am

    This is just a slap on the wrist for the Russians. It has been going on for years with the Russians, Chinese and North Koreans hacking us all the time and nothing has been done until it affected the Democrats. people should be more worried about what was exposed with the hacking. Democrats should be really pissed that they have been manipulated by their own party.