back to article When the bits hit the FAN: US military accused of knackering Russian trolls, news org's IT gear amid midterm elections

A Russian news service is claiming that US attacks on it and an organisation accused of state-sponsored trolling has left storage systems damaged and international servers wiped after multiple malware attacks. The Russian Federal News Agency (FAN) alleged earlier this week that US Cyber Command conducted an online attack …

  1. Walter Bishop Silver badge
    Big Brother

    NSA attacks Russian infrastructure then accuses Russia of same

    “an organization based in St. Petersburg that US officials blame for spreading misinformation through social media to sow discord and interfere with elections.”

    And that's our job :]

    “The report lends support to claims that the US military conducted offensive cyber operations in Russia last year to prevent interference with the 2018 midterm elections.”

    What is Cambridge Analytica? The firm at the centre of Facebook's data breach

    1. sprograms

      Re: NSA attacks Russian infrastructure then accuses Russia of same

      There has been so much talk about Cambridge Analytica. Little gets rehashed, though, about Facebook providing its entire social graph to the Clinton campaign for free (but not to the Trump campaign), nor about Eric Schmidt's/Google's wild enthusiasm and aid (financial as well as individual preferences info) to the campaign. The voluntary aid provided directly to Hillary's (and only Hillary's) campaign far outweighed any foreign meddling.

      1. Anonymous Coward
        Anonymous Coward

        Re: NSA attacks Russian infrastructure then accuses Russia of same

        If you want to start naming names, how long before Peter Thiel's name comes up. (Might even be on the other side, who knows).

      2. Stevie Silver badge

        Re: NSA attacks Russian infrastructure then accuses Russia of same

        Assuming what you say is true, sprograms, I have a much more likely scenario for why "nobody talks": Big Z doesn't want anyone asking why, with all that "meaningful information" in their hands, someone couldn't win an election.

  2. DougS Silver badge

    Ban connecting iPhones to their PCs?

    As if there's no way they couldn't carry out exactly the same attack with Android. Or with a hardware hacked USB key they could secretly swap one of the employees when he's traveling? Or one of a dozen different methods.

    1. Anonymous Coward
      Anonymous Coward

      Re: Ban connecting iPhones to their PCs?

      "As if there's no way they couldn't carry out exactly the same attack with Android. Or with a hardware hacked USB key they could secretly swap one of the employees when he's traveling? Or one of a dozen different methods."

      Indeed.

      And you don't have to plug an infected phone into a computer for it to attack athe internal network either.

      There are several Android apps available on Github for example that use programs ported from Linux that can scan the internal network, perform arp poisoning attacks, steal session cookies, MiTM attacks, DDoS, SSL stripping, DNS spoofing etc.

      This is a major concern with apps that have permission to download and install other apps without user intervention.

      Once a malicious app exploits a vulnerability and jailbreaks or gets root anything is possible.

      I have seen several low budget Android devices that install unwanted apps and games without user intervention.

      Can you magine in an all out cyberwar where the supply chain for these unwanted apps and games are taken over to push malicious apps on to millions of these devices at once?

      1. Korev Silver badge
        Joke

        Re: Ban connecting iPhones to their PCs?

        >I have seen several low budget Android devices that install unwanted apps and games without user intervention.

        My Moto G6 came with LinkedIn and Outlook which you can't remove...

        Only half joking though -->

      2. Is It Me
        Stop

        Re: Ban connecting iPhones to their PCs?

        This is why your mobile/guest devices aren't allowed on the same network as your corporate servers etc.

        Ideally in fact the mobile devices should all be isolated from everything else (an option I have seen on all decent corporate aimed WiFi access points and controllers).

      3. Anonymous Coward
        Anonymous Coward

        Re: Ban connecting iPhones to their PCs?

        "Can you magine in an all out cyberwar where the supply chain for these unwanted apps and games are taken over to push malicious apps on to millions of these devices at once?"

        Why bother imagining? Just look at the havoc that Windows Update already creates on Windows boxes.

  3. Florida1920 Silver badge
    Pint

    Why "trumpet"?

    When your adversary does it for you? Glad to see the U.S. getting proactive against Putin.

    1. Mark 85 Silver badge

      Re: Why "trumpet"?

      I'll upvote that just on principle. Russia... a good start (if we actually did it) though it could be admin or hardware screwup in reality.

      I'm still waiting to hear we've (the US) has hacked the crap out of China though.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why "trumpet"?

        It's alright. Your tax money is being spent in any case. No matter how much you fap about it.

    2. macjules Silver badge

      Re: Why "trumpet"?

      Me too. Some good news for once. Let's just hope that Dobby gets the message.

  4. Hardrada

    That saddest thing about Russiagate...

    ...is that I'm not sure whether the FSB or my own (Yank) government lies to me more often.

    For example, when Maria Butina was arrested in Washington D.C., the initial coverage in the Washington Post (which was based on court documents) used blurbs like this one to portray her as a serious Russian spy:

    "In a note in March 2017, Torshin wrote, 'You have upstaged Anna Chapman,' a reference to a Russian spy who had lived freely in the United States for years before her 2010 arrest."

    The average dolt who reads the Post would take that as a smoking gun - in short, Torshin admitting that Butina was a spy and complimenting her performance.

    Anyone smarter than the average Post reader would remember that Chapman was a failed spy (making it a dubious compliment). They would also wonder why an FSB agent stationed in an unfriendly place would make purposeless self-incriminating statements by e-mail, encrypted or not. (Any communication with Russians makes you a statistical anomaly among US residents, and the NSA tends to notice those things.)

    The full quote from Torshin - which the FBI had in-hand - was "You have upstaged Anna Chapman. She poses with toy pistols, while you are being published with real ones."

    It had exactly nothing to do with spying, and was a reference to Chapman's publicity stunts since she returned to Russia.

    I'm not sure whether the FBI tried to mislead the judge, or whether the Post tried to mislead its own readers, but at least one of those two institutions cynically lied to the public.

    1. DavCrav Silver badge

      Re: That saddest thing about Russiagate...

      What's quite impressive is that your example of not being able to decide whether Russia or the US lies more is some really small half-quote in a newspaper once. Whereas an example of Russia lying is pretending that their soldiers are all on holiday when really they are invading a foreign country.

      I mean, if you are going to say that the US lies, at least go with the fact that Trump, who I remind you is inexplicably the actual President right now, has lied more than 8000 times since taking office.

    2. veti Silver badge

      Re: That saddest thing about Russiagate...

      The mere fact that someone like Torshin even emailed her at all is enough to cast serious doubt on her "innocent student trying to form bonds with Americans" story.

      It's like a random American student in Russia receiving an email from John Bolton. Wouldn't that look kinda suspicious?

      If you were really interested in critiquing the WaPo story, you could have linked directly to it. Among other things, that would have told your readers who the heck this 'Torshin' guy is, which is something I doubt more than one American in a thousand would know off the top of their head.

  5. Anonymous Coward
    Anonymous Coward

    I wouldn't say it was a failure. Depending on what you believe they destroyed evidence.

    Though an IPhone hijacking a windows machine from iTunes to destroy a raid array and two disks is some next level spy stuff, if I was a suspicious fellow I would say Apple are seriously in bed with the government here despite their many protestations. Maybe that's why they kept this a bit quiet.

    1. paulll Bronze badge

      "if I was a suspicious fellow I would say Apple are seriously in bed with the government here despite their many protestations. "

      Having a firm line on their users' privacy isn't incompatible with assisting the government with,"cyber-warfare."

    2. Roo
      Windows

      "Though an IPhone hijacking a windows machine from iTunes to destroy a raid array and two disks is some next level spy stuff"

      There are published Intel hardware vulns that allow full system pwnage (including the Management Engine) via USB. Furthermore there are also published privilege escalation attacks to break into the System Management Mode as well that would permit a server's firmware to get walloped. Bricking RAID adapters is pretty low end vandalism given what could have been done...

    3. PJ_moi
      Devil

      iTunes on Windows? Spawn of the devil...

      You've obviously never used the Windows version of iTunes. How attaching my old iPhone 6 to my Windows PC hasn't launched a nuclear armageddon is a mystery to me.

      1. Rich 11 Silver badge

        Re: iTunes on Windows? Spawn of the devil...

        Fortunately they changed the launch codes when Trump took office. As long as no-one realises that it's now 0000-0000-00 then Strategic Command is safe.

        1. Ochib

          Re: iTunes on Windows? Spawn of the devil...

          " As long as no-one realises that it's now 0000-0000-00 then Strategic Command is safe."

          Thats the same code as my luggage

  6. Anonymous Coward
    Anonymous Coward

    What we need is a good cyberwar.

    That should end well :/

    1. Anonymous Coward
      Anonymous Coward

      Re: What we need is a good cyberwar.

      I don't mind Russian ladies talking to me on the phone.

      1. Loatesy

        Re: What we need is a good cyberwar.

        I used to have many contacts in Russia who emailed me on a regular basis.

        Ivana from Salsk, who loved me and wanted to meet up,

        Roxsanna, from Belovo, who saw my photo and wanted to meet up,

        Mellina, from Azov, who saw my photo and wanted to have sex,

        Tatiana, from Klin, who misses me so much and wants to get married.

        . . . and many, many more.

    2. Twanky
      Alert

      Re: What we need is a good cyberwar.

      'That should end well :/'

      Hmm. Certainly it won't be pleasant or do the economy much good while it is going on and if it escalates to a proper shooting war then it will be far worse than unpleasant.

      However, if the world engages in overt cyberwar it will become part of *your* nation's security interest to get rid of insecure IoT tat - and that may actually be a good result.

    3. Anonymous Coward
      Anonymous Coward

      Re: What we need is a good cyberwar.

      Russian economy goes back to the 1980s.

      Western economy collapses.

      Who thinks that's a great idea? Ah yes, our technically illiterate and incompetent leaders.

      Australia gets to go first...

  7. cb7

    Why do I feel happy when an Apple device is implicated in a security breach? Am I a bad person?

    1. BebopWeBop Silver badge

      Well shaudenfreude might have a part to play but it is unclear that it was an Apple device that was required - reading the story implies that any windows update would have had the same effect, and Android based infections would have been easier to introduce and more likely to succeed based on the relative number of devices.

      I'm not clear why the US would waste a precious Apple exploit in damaging something apparently so (relatively) insignificant.

  8. Anonymous Coward
    Anonymous Coward

    WW3, anybody?

    That's ALL we need, on top of Trump's crackpot posturing with Kim Whatsisface and Putin threatening missiles launched from submarines off the Yankee coast. Just what the hell is wrong with everybody, these days? Why is everyone so guarded and defensive?

  9. Fabrizio

    Never do any pre-emptive strike! Never invade first!

    If all nations would uphold both of the above, there would be no more war. I'm just saddened that one of our NATO allies is striking first having had military training to _defend_ against Russia...

    I've travelled extensively across the world and all people everywhere just want the same thing:

    * To have a good life...

    * To have a better life for their children.

    * For the government to leave them the hell alone!

    True for Australia, Africa, Europe, Russia, the US, ...

    1. Anonymous Coward
      Anonymous Coward

      Re: Never do any pre-emptive strike! Never invade first!

      What NATO country is striking first against Russia?

      If you are talking about this action from the US, then it's arguably a response to previous Russian attacks taking place during the previous large US election.

  10. johnrobyclayton

    The IRA in news is dead, Long live the IRA

    Irish Republican Army

    Internet Research Agency

    Isn't it nice when the current affairs torch gets passed on.

  11. RichardB

    So... how long do TLA's reserve their meaning?

    I rather thought that IRA one was taken; being a famously popular, and well funded by US interests, charitable organisation.

    1. GrapeBunch Bronze badge

      It's our turn now.

      Khell, I am waiting for Rossian computer at door with Front-Side Bus. And Rossian friend to do for me what no man should ever ask woman to do. For I am khery kapitalisticheski animal. And friend of oppressed.

  12. ratfox Silver badge
    Paris Hilton

    an employee's iPhone automatically launched iTunes when connected to a USB cable, prompting synchronization and Windows updates on the host PC, which apparently allowed the takeover of the connected computer.

    Naive question here: Can an iPhone really force Windows to update?

    1. Korev Silver badge
      Big Brother

      If the iPhone pushed some malware with a privilege escalation payload then yes.

    2. I ain't Spartacus Gold badge

      I suppose nastyware on the iPhone might infect the PC and send it to a fake Windows Update server? But then why do that, and not just put all the nastyware on the iPhone in the first place?

      Who knows. And given the source aren't all that trustworthy, perhaps they've missed some major points from their account.

  13. Andy The Hat Silver badge

    Hmm

    "The US Defense Department declined to comment. "We do not discuss classified cyberspace operations" "

    Can't that also be read as "The DoD declined to comment. "It was a classified DoD operation so we can't take all the credit for it.""?

  14. Amentheist
    Trollface

    IRA

    Maybe FAN said they have nothing to do with the IRA because they really have nothing to do with the Irish Republican Army, they /are/ trolls after all

  15. Ian Emery Silver badge
    Pint

    prompting synchronization and Windows updates on the host PC

    Sounds like the result of a typical Win10 update to me.

  16. SVV Silver badge

    Walk round any office anywhere these days

    and what do you see? Neary every PC has an iPhone or Android phone plugged into it for charging purposes (or worse, for "convenient" synhronisation).

    Likelihood of security team within an organisation being able to ban this as a result of reading this story? Nil.

    Cause of ban not being approved? Big Manager wants to charge iPhone at work. Security be damned.

  17. Frank Bitterlich

    Not sure if I get this...

    From a technical point of view, I don't understand the (claimed) attack vector.

    "... automatically launched iTunes when connected to a USB cable, prompting synchronization and Windows updates on the host PC, which apparently allowed the takeover of the connected computer."

    What does the (automatic) launching of iTunes have to do with "prompting [...] Windows updates", and how does that create/activate a vulnerability?

    Of course the iPhone could have malware that attempts to take over the Windows PC it is connected to, but this doesn't sound like what is described here...

    1. diodesign (Written by Reg staff) Silver badge

      Re: Not sure if I get this...

      FAN is being vague about the means - but it sounds as though the updates were intercepted or meddled with to allow the news org to be infected.

      Here's verbatim from the news article - take with a pinch of salt.

      "After connecting the Apple iPhone 7 Plus mobile device to the personal computer, not only the automatic launch of iTunes and the synchronization of user data were performed, but also Internet access was obtained from the Windows operating system and some system update files were downloaded that were installed automatically.

      After that, the computer was actually managed remotely and all the necessary procedures were carried out to fully invade the local area network. It is worth noting that the intrusion into the local network was carried out from IP addresses controlled by American companies, including Amazon servers, which are usually used by hackers to sweep their tracks and hide the real source of attack."

      C.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019