Posted on

Microsoft’s secret weapon in ongoing struggle against Fancy Bear? Trademark law

Enlarge (credit: Harald Deischinger)

On Friday, representatives of the notorious hacking entity known as Fancy Bear failed to appear in a federal court in Virginia to defend themselves against a civil lawsuit brought by Microsoft.

As the Daily Beast first reported on Friday, Microsoft has been waging a quiet battle in court against the threat group, which is believed to be affiliated with the GRU, Russia's foreign intelligence agency. For now, the company has managed to seize control of 70 domain names, but it's going after many more.

The idea of the lawsuit, which was filed in August 2016, is to use various federal laws—including the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and American trademark law—as a way to seize command-and-control domain names used by the group, which goes by various monikers, including APT28 and Strontium. Many of the domain names used by Fancy Bear contain Microsoft trademarks, like microsoftinfo365.com and hundreds of others.

Read 5 remaining paragraphs | Comments

Posted on

Macron campaign team used honeypot accounts to fake out Fancy Bear

Enlarge / Newly elected French president Emmanuel Macron poses with a woman for a selfie. (credit: PATRICK KOVARIK / Getty Images)

The failed effort by Russian attackers to influence the outcome of the French presidential campaign in its final hours was in part a forced error, thanks to an active defense by the digital team of French president-elect Emmanuel Macron's campaign organization, the digital director of the campaign has claimed. Campaign team members told the New York Times that as the phishing attacks mounted, they created a collection of fake e-mail accounts seeded with false information.

"We created false accounts, with false content, as traps," Macron campaign digital director Mounir Mahjoubi told the Times. "We did this massively, to create the obligation for them to verify, to determine whether it was a real account."

The move was a delaying tactic aimed at increasing the attacker's workload. The "honeypot" accounts were filled with large volumes of fake documents. "That forced them to waste time, by the quantity of the documents we put in and documents that might interest them,” Mahjoubi said. "Even if it made them lose one minute, we’re happy.”

Read 2 remaining paragraphs | Comments

Posted on

Evidence suggests Russia behind hack of French president-elect

Enlarge / A last-minute information operation against French presidential candidate Emmanuel Macron did not stop him from winning Sunday's run-off election. But it did have the fingerprints of Russia all over it. (credit: Getty Images/ Chesnot )

Late on May 5 as the two final candidates for the French presidency were about to enter a press blackout in advance of the May 7 election, nine gigabytes of data allegedly from the campaign of Emmanuel Macron were posted on the Internet in torrents and archives. The files, which were initially distributed via links posted on 4Chan and then by WikiLeaks, had forensic metadata suggesting that Russians were behind the breach—and that a Russian government contract employee may have falsified some of the dumped documents.

Even WikiLeaks, which initially publicized the breach and defended its integrity on the organization's Twitter account, has since acknowledged that some of the metadata pointed directly to a Russian company with ties to the government:

Evrika ("Eureka") ZAO is a large information technology company in St. Petersburg that does some work for the Russian government, and the group includes the Federal Security Service of the Russian Federation (FSB) among its acknowledged customers (as noted in this job listing). The company is a systems integrator, and it builds its own computer equipment and provides "integrated information security systems." The metadata in some Microsoft Office files shows the last person to have edited the files to be "Roshka Georgiy Petrovich," a current or former Evrika ZAO employee.

Read 5 remaining paragraphs | Comments

Posted on

Obama asks intel community to conduct “full review” of election-related hacks

(credit: Tom Lohdan)

At an event today hosted by the Christian Science Monitor, White House terrorism and homeland security advisor Lisa Monaco announced that President Barack Obama had ordered a "full review" of the campaign of cyber-attacks against the Democratic Party, the campaign organization of Hillary Clinton, and other politicians and state election officials' websites during the 2016 presidential campaign. Monaco said that the results of the review would be released to Congress before President Obama left office.

"The president has directed the intelligence community to conduct a full review of what happened during the 2016 election process," Monaco said, "and to capture lessons learned from that and to report to a range of stakeholders, to include the Congress."

The announcement comes after a call from both Republicans and Democrats on December 7. At a Heritage Foundation event on Wednesday, House Homeland Security Chairman Michael McCaul, (R-Texas) called for "consequences" for Russia's interference in the election. “If we don’t respond and show them that there are consequences," he said, "the bad behavior will continue… our democracy itself is being targeted.”

Read 3 remaining paragraphs | Comments