Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Democrats Microsoft Politics

Biden Campaign Firm Hit By Suspected Kremlin Hacking Attack (thedailybeast.com) 177

Posted by BeauHD from the here-we-go-again dept.
Joe Biden's presidential campaign was hit by an attack that was caught by Microsoft, which reportedly gathered information identifying hackers linked to the Kremlin as the most likely suspects. The Daily Beast reports: Reuters reported Thursday morning that suspected Russian state-backed hackers have attempted to breach the systems at Washington-based SKDKnickerbocker, a strategy and communications firm working hand-in-glove with Joe Biden's campaign. The attacks, which took place over the past two months, were unsuccessful. The failed hacking attempt was brought to SKDK's attention by Microsoft, which reportedly gathered information identifying hackers linked to the Kremlin as the most likely suspects. The attacks are said to have mainly focussed on phishing -- a common hacking method which lures users into disclosing sensitive passwords. That was the method used by Russian hackers to access DNC emails, which were subsequently leaked online, ahead of the 2016 presidential election.

A person familiar with SKDK's repelling to the hacking attempts said the agents didn't get very far, telling Reuters: "They are well-defended, so there has been no breach." Another source said it was impossible to confirm if Biden's campaign was the target, or whether the Russians were trying to gather intel on the long list of other SKDK clients.
This discussion has been archived. No new comments can be posted.

Biden Campaign Firm Hit By Suspected Kremlin Hacking Attack More

Biden Campaign Firm Hit By Suspected Kremlin Hacking Attack

Comments Filter:
  • to protect our political campaigns from attack rather than, say, the US Government.

    • Re: I like that we have to rely on MicroSoft (Score:5, Insightful)

      by Your Father ( 6755166 ) on Thursday September 10, 2020 @05:25PM (#60493688)
      Why are you surprised that a company providing email hygiene services found an email based attack?

    • Re:I like that we have to rely on MicroSoft (Score:5, Funny)

      by chispito ( 1870390 ) on Thursday September 10, 2020 @05:27PM (#60493696)

      to protect our political campaigns from attack rather than, say, the US Government.

      You're suggesting the government would do a better job?

    • You would prefer that "the government" (the Trump administration) would be reading all.of the emails related to Biden's campaign, to check to see if any are phishing emails?

      I sure can't think of any way THAT could go wrong.

      Not people close to the President, you might say.
      Career law enforcement, like Peter Strzok and Lisa Page should be monitoring candidate's emails, right?

    • The government isn't allowed to spy on you like Microsoft.

      But, could be any of the Axis Powers, be that Microsoft, Google, Amazon, etc.

    • Re: (Score:1)

      by Anonymous Coward

      It's not the campaign numbnuts- it's a marketing firm the campaign hired.

      BTW Pennsylvania and Maryland are slashing the number of polling places this year by more than half. How's THAT for election interference?

    • to protect our political campaigns from attack rather than, say, the US Government.

      I like how they claim to have not been hacked, yet they're being told about the not-a-hacker by the manufacturer of their operating system.

      That "well-defended" excuse is about as strong as Biden's cognitive capability.

      • I like how they claim to have not been hacked, yet they're being told about the not-a-hacker by the manufacturer of their operating system.

        That "well-defended" excuse is about as strong as Biden's cognitive capability.

        Hey. It's Office 365, not the OS, they were monitoring. This was a phishing attempt. It actually makes perfect sense your email provider would alert you of a phishing campaign against you. Just saying.

    • Re:I like that we have to rely on MicroSoft (Score:4, Informative)

      by Jerac ( 7230392 ) on Friday September 11, 2020 @12:45AM (#60494786)

      1: the story is from daily beast which is extremely left biased http://www.allsides.com/ [allsides.com]

      2: the story points to an 7 month old story from bidens primary and was only a campaign worker that was mentioned

      3: this reuters link from uk is not biased https://uk.reuters.com/article [reuters.com]... Microsofts Tom Burt never said skdk or mentioned who was targeted other than democrats and republicans

      4: the original method used to gain access to DNC is false, if you read the security agency report it even mentions ..... CTU researchers do not have evidence that these spearphishing emails are connected to the DNC network compromise that was revealed on June 14.

      5: security works even said russian interests were targeted by the original method the article was pointing to.

      Could go on more but will stop

      A country divided against itself will surely fall.

      Good Luck, and read sources.

    • The US government outsourced the job to Microsoft.
    • I also like that we don't have to rely on government to get food in the grocery stores or gasoline to the filling stations.

      I remember how when I was a wee lad 30 years ago, Soviet grocery stores were empty and lines to gas stations lasted days.

      Freedom and capitalism are great.

    • to protect our political campaigns from attack rather than, say, the US Government.

      I feel like the government is not the most impartial person in this campaign. But the reality is the government are usually not the best people to do anything. The government is best only at distributing work for the commons. The private industry is almost universally better at carrying out said work.

  • How do they know who it was? (Score:4, Insightful)

    by beepsky ( 6008348 ) on Thursday September 10, 2020 @05:26PM (#60493694)
    Seriously, how on earth did they look at a couple phishing emails and *know* that they were sent not only by Russians, but by Russian intelligence agents?
    My bullshit detector is going off hard right now since using Tor or a VPN should be step 1 in every hacker's playbook, especially government hackers trying to cover their tracks.

    • If it was like last time, they found some Tor IPs and an old copy of Ukranian malware.

      Dunno why they bothered phishing, though. Everyone knows that Biden's password is 12345

      • 1, 2... erm what comes after 2?

        That would be more like Biden

    • I remember one of the NSA tools that was leaked which made it quite trivial to spoof country of hack origin.

    • Re:How do they know who it was? (Score:5, Informative)

      by Dan East ( 318230 ) on Thursday September 10, 2020 @05:49PM (#60493756) Journal

      Well here's one problem. Anyone who runs their own server, or manages a server, will see a constant stream of attacks originating from China and Russia. These are in the form of SSH connection attempts, HTTP requests to various WordPress and other exploits, and attempts to access various backdoors and malicious code dropped by other attacks.
      So anyone, for any website, can legitimately claim that they were the target of a hacking attack by China and / or Russia, on any given day.

      • Re: (Score:1)

        by Tablizer ( 95088 )

        While true, it could be from amateur hackers over there rather than gov't sponsers.

      • On top of that, anyone with an email account can click on their junk mail folder and see a constant stream of phishing attempts from China, Russia and elsewhere.

        Can anyone explain what they think Putin loses in a Biden presidency?

        • Re: (Score:2)

          by pereric ( 528017 )

          A partner? They probably have less of both business contacts and "business contacts" with Biden, and even less with Harris.
          Possibly, a president they have kompromat[1] on.

          [1] https://en.wikipedia.org/wiki/... [wikipedia.org]

          • Kind of disproves the whole Putin puppet angle. Killing that Iranian general who had close ties to Moscow should be the nail in the coffin. That guy worked with the highest ranks in the Kremlin. Putin for sure didn't like that. If he had anything on Trump, when exactly is he planning on using it?

    • Seriously, how on earth did they look at a couple phishing emails and *know* that they were sent not only by Russians, but by Russian intelligence agents? My bullshit detector is going off hard right now since using Tor or a VPN should be step 1 in every hacker's playbook, especially government hackers trying to cover their tracks.

      Many types of hacks don't work through VPNs. Timing attacks, for instance, and malformed TCP/IP records. VPNs are also less anonymous than many people imagine. Like any other ISP, if you start seriously overloading their services, rather than using it for anonymity, they'll shut things down.

    • I imagine a phishing attack would link to a server, maybe using a DNS record. Maybe the server is hosted somewhere. Maybe the webpage you visit uses a custom node.js And so on. Just imagine what you would look for if someone sent you a phishing email, then imagine you had better resources and training and gave a shit.

      Do you really find it implausible that the Russian government would try to help Trump? Or are you only skeptical this particular detective work? Before you answer, remember that the Preside

    • If it's anything like the CrowdStrike report we dissected years ago, they found Tor IPs and declared that a "signature" for Fancy Bear alongside some old, open source, Ukranian malware.

      If it's anything like the Bezos hack report, they assumed that based on a video file they couldn't analyze because they weren't able to decrypt it, then were called out on that claim [github.com] and never re-analyzed things to actually decrypt the file and check.

      So, yeah, if it's anything like all the other stories, they're total BS mean

    • Well, my brother works at a company used to track these kinds of patterns and YES, they can figure out if someone uses a Tor/VPN, takes over a bunch of random computers that anonymously and randomly try and hack a bunch of other servers out there to try and not expose the concerted effort.

      And, I'm pretty sure they can't reveal how they profiled that it was from a Russian group. I suppose you have to trust they are looking out for us -- the way you seem to Trust Russia isn't trying to hack us.

      Your idea of "s

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      Phishing emails will usually be trying to get the victim to load some malware or enter credentials into a fake site. Either way there is evidence to examine which can be linked back to the source, e.g. known Russian malware or hacking the fake site and finding log files being accessed from Russian IPs.

    • My bullshit detector is going off for a different reason: for some unexplained reason, you never hear about Iranian or Chinese or North Korean hacking attempts at industry or political targets anymore. Ever since the OPM hack on Obama's watch, seems like radio silence.

  • Campaign firm receives phishing email. Big fat hairy deal.

    I receive multiple phishing emails every week and some are probably from state actors. How is that newsworthy?

    • It becomes newsworthy when someone falls for it.

    • Re:Oh, Please. Campaign Firm Receives Phishing Ema (Score:4, Insightful)

      by raymorris ( 2726007 ) on Thursday September 10, 2020 @05:55PM (#60493794) Journal

      Indeed. I haven't looked at stats recently, but at the insurance company where I work we get plenty of phishing emails each day (mostly blocked by Mimecast).

      • Does your insurance company have large contests of public opinion by which it then hands over world-ending power to the winner?

        • Does one of the Biden campaign's vendors choose the president? Nope, neither my company nor SKDKnickerbocker chooses the president. Donna Brazile is doing that. :)

          What my company DOES have in common with SKDKnickerbocker, with Donna Brazile, with you, me, and everyone else is that we get phishing emails. All the time. If you don't see them, that's because Gmail or whoever is catching them, like Microsoft did this time.

          That's the point - everybody gets phishing emails, every week. You want a Slashdot stor

          • In other news, earlier this week Biden himself, not a company doing some work for his campaign, had a close call.

            He went to a state that's experiencing a covid pandemic. Social distancing and mask protected him from getting infected, much like Microsoft's email filter protected SKDKnickerbocker, so absolutely nothing happened. Where, two close calls in one week.

          • Does one of the Biden campaign's vendors choose the president? Nope

            Beyond that being moving the goalposts, sure, I'll go ahead and explain it to you.

            They sure don't, but information gleaned within can be used to influence popular opinion which then influences the popular opinion of said politician, leading to... ding ding ding. you guessed it! selection of the president.

            What my company DOES have in common with SKDKnickerbocker, with Donna Brazile, with you, me, and everyone else is that we get phishing emails. All the time. If you don't see them, that's because Gmail or whoever is catching them, like Microsoft did this time.

            That's like saying what you and a slug have in common is DNA, though with an argument like this, I'm beginning to wonder if it isn't more than that.

            That's the point - everybody gets phishing emails, every week. You want a Slashdot story every time anybody connected to anyone who might end up being important gets a phishing email? Lockheed, makers of the F-35 and other projects important to national security, got 500 phishing emails last month. Better post 500 stories to Slashdot.

            Yes, and guns are fired every day. But when you aim it a

            • Re:Oh, Please. Campaign Firm Receives Phishing Ema (Score:4, Insightful)

              by raymorris ( 2726007 ) on Friday September 11, 2020 @10:05AM (#60495602) Journal

              This may shock you, but Russia, North Korea, China, and Iran each have small teams of people whose 9-5 job is to try to hack the US. And the US has teams that try to hack them. Every day.

              They try to hack the White House, the Pentagon, defense contractors, and yes - the guy who will be in the White House next. That's their job, it's what they do all day every day.

              Wanna know why a company that did some work for Biden's campaign was targeted a few days ago? Because it was Tuesday. It was Tuesday, a work day rather than a weekend, so they were working.

              Guess what? Today is Friday. Which is a work day. Which means they'll be sending more phishing emails and whatever else to the White House, the political parties, and the PR firms again today. Because it's a work day.

              If that's interesting news to you, I can send you a message each day M-F to let you know "the spooks are working again today!"

              • Ps, the defenders are also working again today.
                The bad guys will be trying to peek at Biden's medical records and I'll be trying to make sure they don't.

                My boss started work by 6:30 this morning for aome reason, so we're here too.

      • Not all phishing emails are created equal. If I'm reading my work email and it tries to get me to log into my non-existent Paypal account, it's quite a different phishing attempt than when I get an email that pretends to be from my own internal finance department (actually happened in a targeted attack on myself and several people in my company).

        • > I get an email that pretends to be from my own internal finance department (actually happened in a targeted attack on myself and several people in my company).

          Yep, happens all the time. I set up a filter that blocks emails claiming to be from namea matching our CEO, CFO, etc - anyone on our "about us" page, but which comes in an external interface. It triggers pretty darn often.

          What the bad guys do is load up your web site, go to the "about us" page which lists your top executives, and fire off the p

    • Oh that's simple.
      Because if it is A) a state actor, directed at your private company- that's foreign espionage.
      if it is B) a state actor, directed at the election with the intent of putting their weight on the scale, then that's fucking regime change.
      Sure- I know it's a game we've played forever all over the world, but it is significant that it's happening to us.

      If you don't care about that, then you're one of those fucking morons at Trump rallies in "I'd Rather Be A Russian Than A Democrat".
      It's also

  • They are well-defended

    This was a phishing attack (which to me does not even qualify as "hacking"), so what they mean by "well-defended" is that their staff aren't complete and total idiots to give their credentials to someone who sent them an email. Also, how did Microsoft get involved? Are they reading everyone's emails?

    • Re: (Score:2)

      by mcl630 ( 1839996 )

      Microsoft is reading the emails of companies that use Microsoft's email hygiene services.

  • ... I don't think IT professionals are going to fall for this narrative.. but...

  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Thursday September 10, 2020 @05:52PM (#60493782)
    Comment removed based on user account deletion

    • Not relevant to this slashdot article, which is absurd claim without shred proof by left wing tin foil hatters.

  • This is news?! (Score:4, Insightful)

    by the_skywise ( 189793 ) on Thursday September 10, 2020 @06:01PM (#60493812)

    Name me ANY COMPANY that's not under a constant phishing attack by the "Kremlin" or "China" or "Ukraine" or "North Korea" these days.

    • Re:This is news?! (Score:4, Insightful)

      by StevenMaurer ( 115071 ) on Thursday September 10, 2020 @06:15PM (#60493874) Homepage

      Yup. This is the real truth, instead of the idiotic conspiracy theories running both ways (Trump directing the Russians vs it all being "fake" to smear poor innocent Putin). I'm sure it's happening, but that's just another Monday. The only reason this is a story at all is because people are hypersensitive right now.

      • And also because last time it worked. I feel like that part is important to keep in mind.

      • I'm sure it's happening, but that's just another Monday.

        The world's most powerful nation going through a democratic election being on the receiving end doesn't happen every Monday. No one gives a crap about some random companies because it's not relevant.

        You really need to re-evaluate how you distribute the fucks you give.

        • I'm sure it's happening, but that's just another Monday.

          The world's most powerful nation going through a democratic election being on the receiving end doesn't happen every Monday.

          I've been a principal engineer, senior software architect, and was enterprise architect for Dell SecureWorks for several years.

          Yes. Yes, it does. At least when the "receiving end" is script kiddie, phishing, and whaling, attacks.

    • Name me ANY COMPANY

      Why is a company relevant? I got a phishing email as well, that's also not relevant. Now if my email inbox was part of an upcoming democratic election of one of the world's most powerful companies, that better make the fucking news.

  • Really? Phishing usually isn't targeted (unless they have a list of people from inside the org), it's more towards the shotgun approach. Also, if you're STILL falling for this kind of hack, then you deserve it and should be fired.

  • Corruption (Score:2, Informative)

    by Anonymous Coward

    Remember, if DNC corruption is exposed, you're not supposed to be angry that the DNC is corrupt, you're supposed to be angry that the corruption was exposed.

  • The outfit making these outlandish claims has not offered up any proof.

    I thought making claims without providing proof wasn't allowed anymore.

  • All their software was written in Russia and backs up everything to the Kremlin.

  • anyone familiar with email knows EVERYONE gets hammered with automated phishing attempts daily.

    this looks to be another case of a run of the mill phishing attempt that sysadmins deal with daily.

    so we have the media making a big deal about what is absolutely nothing, to perpetuate the stupid narratives on Russia/China/Iran/(insert enemy here).

    can anyone on slashdot be stupid enough to not see through this? (other than the PR sockpuppets that is).

  • People are going to look back and say, "This is why he couldn't debate!"

    "This is why he lost in a landslide!"

    It's those Russians again!

    When last time it was just Pfieffer clicking on an email he shouldn't have and working for a terrible candidate.

Slashdot Top Deals

Old programmers never die, they just hit account block limit.

Close