Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Wednesday, 30 September 2020 09:19

Russians using ransomware to attack US elections, claims NYT

By
Russians using ransomware to attack US elections, claims NYT Image by jacqueline macou from Pixabay

With the US presidential elections just 35 days away, mentions of Russia in the American mainstream media have, expectedly, reached a feverish pitch, with every Tom, Dick and Harry — not to mention every Sarah, Holly and Nicole — raising the alarm about the possibility of forces from Moscow poking their noses into the election.

Last time, in 2016, the Democrat candidate Hillary Clinton found a convenient scapegoat in Russia after a poor campaign, in which she was overly confident of romping home, saw her lose to Donald Trump. Her campaign manager, Robby Mook, was the person to start the Russian myth.

This time, every organisation and individual who tilts left or towards the centre is trying to lend a hand to prevent a repeat that would ensure another four years in the White House for Trump.

Of course, none of these worthies ever undertakes a comprehensive study of the clumsy system that is used for elections in the US, with no central authority to mandate methods of voting and each state free to conduct the ballot in the way it wants. In many cases, this involves the use of voting machines — either models on which one votes directly or else devices which read a voter's choice from a sheet of paper — which have been shown to be extremely dodgy in the past.

I will write about these aspects of the system another day. Today is reserved for pointing out how the so-called paper of record, The New York Times, whips up fear through the use of misinformation and sloppy writing.

On 27 September, the newspaper ran an article titled Ransomware Attacks Take On New Urgency Ahead of Vote which contains so much misinformation that anyone who lent their names to it would have also come away not exactly covered in glory.

The takeoff for this yarn, written by Nicole Perlroth and David Sanger, was a ransomware attack on US technology services provider Tyler Technologies, a company that provides services to a number of local governments. iTWire reported the attack as we do with most newsworthy ransomware incidents.

Initially, Sanger and Perlroth write that this firm sells software that cities and states use to display results on election night. But two paragraphs later, comes the clarifier: "While Tyler does not actually tally votes, it is used by election officials to aggregate and report them in at least 20 places around the country..." Then why not say so at the start? I'm guessing that it would have diluted the story and all the subsequent hyperbole in which the pair indulge.

There is another very broad statement before this, with no source quoted, either anonymously or by name: "Many of the attacks are conducted by Russian criminal groups, some with shady ties to President Vladimir V. Putin’s intelligence services. (Don't miss the use of Putin's middle initial, an American obsession)." So where do the enterprising duo get this information? One is left scratching one's head.

The Times continues: "But the attack on Tyler Technologies, which continued on Friday night with efforts by outsiders to log into its clients’ systems around the country, was particularly rattling less than 40 days before the election." How so? Ransomware attacks take place every day and the number of groups is growing as enterprising people, noting that it is an easy way for skilled hackers to make money, take the code of some existing ransomware package, modify it a bit and market it under a new name.

Before I go any further, let me point out that I report on ransomware attacks a fair bit. Some say excessively. The geographical region in which the target is located doesn't really matter as long as the incident is newsworthy. All attacks within Australia are, of course, reported.

But back to the NYT. There is a really stupid statement, that "Tyler would not describe the attack in detail. It initially appeared to be an ordinary ransomware attack, in which data is made inaccessible unless the victim pays the ransom, usually in harder-to-trace cryptocurrencies." Nobody, not even grandma in her winter woollies, gives out details of a ransomware attack while an investigation is in progress.

And what is an "ordinary ransomware attack?" Is there then some category called extraordinary attacks? Ninety percent of attacks nowadays are carried out using malware that also has scripts written in PowerShell to exfiltrate data before the encryption happens on-site. This gives the criminals a second way of forcing the victim to accede to a ransom demand.

It does not take much effort to gain some kind of education about these things before committing finger to keyboard. But Perlroth and Sanger, no doubt both highly paid professionals, were too busy to find out even the basics.

Ransomware has been used to attack Windows systems for years. Were the US federal officials unaware of this? Why is it necessary to run election-related software on Windows? There are more than enough qualified professionals who can be given a contract to write secure (to the extent possible) software.

Why is it necessary to connect these machines to the public Internet? Neither Perlroth nor Sanger asked these basic questions of federal officials for their piece which appears to have been written in haste. (But I'm sure the two will claim that they have been "researching" (another word for searching with Google) for at least a few months).

The pair then write: "With only 37 days before the election, federal investigators still do not have a clear picture of whether the ransomware attacks clobbering American networks are purely criminal acts, seeking a quick payday, or Trojan horses for more nefarious Russian interference. But they have not had much success in stopping them. In just the first two weeks of September, another seven American government entities have been hit with ransomware and their data stolen."

Of course, the myth that Russia played a role in bringing Trump to power is now an accepted fact among certain classes, especially on the left. Denying it is something like a man going to church and denying the existence of God. Thankfully, there are some worthy exceptions in journalistic ranks, people like the Rolling Stone's Matt Taibbi, The Gray Zone's Aaron Maté and The Intercept's Glenn Greenwald.

How did these officials try to stop ransomware attacks? No detail about that at all. What are the seven American government entities that have been hit? Again, one draws a blank.

Then there is another blanket claim: "The proliferation of ransomware attacks that result in data theft is an evolution in Russian tactics, beyond the kind of 'hack and leak' events engineered against the Democratic National Committee and Hillary Clinton’s campaign chairman, John Podesta, in 2016."

Data theft became a part of ransomware attacks in December 2019. That's nearly a year ago. The data that was exfiltrated from the DNC was taken away internally – my authority for that is former NSA technical director William Binney and CIA veteran Ray McGovern. Who is the source for what Perlroth and Sanger claim? Again, in the best traditions of reporting "all the news that's fit to print", no sources are cited.

Further down the article, one comes across this gem: "Part of the problem is that the full scale of ransomware attacks is not always disclosed." Why exactly would a commercial or government entity confess? So that their IT people can be mocked as idiots? So that they lose their jobs? Show me one incident in which the victim has fully disclosed the details.

I'm not going to detail all the remaining stupidity in this article but would just observe that the US Government — the richest and best resourced in the world — seems to be adopting a policy of simply sitting back and waiting to be attacked.

The report says: "A record 966 ransomware attacks hit the American public sector last year – two-thirds of them targeting state or local governments." This is incorrect. As a report from New Zealand-headquartered Emsisoft, a security firm that follows ransomware attacks very closely, said, at least 948 government agencies, healthcare providers and educational establishments had been hit in 2019 at a cost estimated to be about US$7.5 billion (A$10.5 billion).

And for this year, the number of attacks on US public sector bodies fell during the period from January to April month-on-month even as the COVID-19 crisis intensified, but appeared to be reversing in July. Once again, the source is Emsisoft.

Ending the piece is another biased quote. "There is a pax mafiosa between the Russian regime and its cyber cartels,” said Tom Kellermann, the head of cyber security strategy at VMware, who sits on the Secret Service’s cyber investigations advisory board.

“Russia’s cyber criminals are treated as a national asset who provide the regime free access to victims of ransomware and financial crime. And in exchange, they get untouchable status.”

“It’s a protection racket,” Mr. Kellermann said. “And it works both ways.” Kellermann, it appears, has a direct link to the Russian mafia – else how could he be so damn certain?

The NYT seems to be getting the public geared up for another Democrat loss and a convenient scapegoat: Russians, and what's more, people who are armed with ransomware. Not the ordinary variety either. Truly, this article is a sorry mess from a newspaper that claims to be among the best in the world. Standards have really fallen. Why are we surprised that a man like Trump has ascended to the White House?


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments