Russian Involvement in 2016 Election
In the United States presidential election of 2016, there were claims that Russia meddled in the elections to disrupt them. However, the Central Intelligence Agency reported that the intention of the Russians was specifically to help the now president Trump in his win. Moreover, the intelligence agencies concluded with confidence that Russia also covertly acted in the final stages of the campaigns with the aim of promoting Trump's chances and harming those of Hillary. Essentially, the report indicated the hacking of the Republican National Committee’s computer systems by Russia before the elections.
By my analysis of the three reports from the Department of Homeland Security, the National Protection and Programs Directorate, Federal Bureau of Investigation, and other agencies, it is clear that the elections were interfered by the Russians and there is credible evidence to demonstrate the same. In fact, the Federal Bureau of Investigation and the Department of Homeland Security analyzed with the technical details. Pointedly in their report, both the infrastructure and the tools used by the Russian civilian and Military Intelligence Service in compromising and exploiting the elections.
Accused used the tools and infrastructure to compromise the endpoints of the elections, the networks, and sectors such as the political, the government and other private ones. Additionally, it is also shown that the intrusion was done by two different actors who are the Advance Persistent Threat 29 and Advance Persistent Threat 28. Notably, the first group entered the party’s system in the summer of 2015 while the second penetrated in spring of 2016. Evidently, the groups directed, authorized and supported by high profile people in the Russian government.
Covertly, the two groups have a history of targeting different yet several think tanks, government organizations, corporations and universities around the world. This fact makes the groups highly suspected of tampering with the election of last year. Unmistakably, an observation has been made of group 29 as it crafts spearphishing campaigns that are targeted and leverage website links to a malicious Dropper. Once the links are executed, there is the delivery of Remote Access Tools and evasion of detection that enables the group compromises the targeted systems.
On the flip side, group 28 leverages domains that closely mimic those of targeted organizations and mostly trick victims into giving their legitimate credentials. Therefore, this second group relied much on the short URLs to aid its spearphishing email campaign. Unfortunately, the two malicious groups analyze and exfiltrate information to gain any intelligence value which they then use in crafting of their targeted campaigns. Worse, they set up the operational infrastructure for the obfuscation of their source infrastructure, host malware and domains for the target firms, establish control and command nodes, and finally harvest information of value from their gadget like the credentials.
Further, the analysis shows that group 29 campaign directed emails that a malicious link to several recipients including government victims. The group is in question used legitimate domains including those associated with the government educational institutions and organizations for sending the spearphishing emails and hosting the malware. It is through this action that the group received links and compromised a political party. Next, the group had a malware delivered to the political party’s systems, escalated privileges, established persistence, and enumerated some active directory accounts. Also, they had exfiltration of email from many accounts through encrypted connections back through the operational infrastructure.
Inopportunely, the same political party, was comprised of the second group via the targeted spearphishing. However, this time it treacherously emailed recipients to change their passwords through a counterfeit webmail domain that was hosted on the group's operational infrastructure. Stealthily, the team used the harvested credentials to steal content that similarly led to exfiltration of some information from many senior party members. Undoubtedly, the two groups continued their campaigns and compromised the elections. Moreover, the Russian teams are also known for several cyber-attacks including that of Moscow.
The relationship between Trump and Russian president also has a role in the compromise. Besides, more questions arise due to Trump’s decision to hinder the FBI from investigating Russia. The two are also are against the NATO’s existence and are of the same opinion of signing to break up the same. Again, Trump automatically gained favor in the eyes of Putin because he supports Russia in taking over the Crimea in Ukraine. Trump is also willing to consider the lifting of sanctions against Russia. Therefore, with all these evidence of Russian group cyber attacking the United States and the closeness of the president of the country to the favored Trump, it's clear that Russian actors comprised the election systems in America in favor of Trump.
The state should vigorously condemn the growing cyber-attacks by Russia and issue a stern warning. Moreover, an intense state-supported investigation should be done to Russia to demonstrate their malicious acts. Further, both the state and local election officials should increase their vigilance and seek cybersecurity assistance from trustworthy experts. The state should also address cybersecurity challenges that are faced by the electoral body. Finally, awareness should be created so that any slight detected malware or attempted access is taken care of by the experts.