Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Wednesday, 30 September 2020 09:19

Russians using ransomware to attack US elections, claims NYT

By
Russians using ransomware to attack US elections, claims NYT Image by jacqueline macou from Pixabay

With the US presidential elections just 35 days away, mentions of Russia in the American mainstream media have, expectedly, reached a feverish pitch, with every Tom, Dick and Harry — not to mention every Sarah, Holly and Nicole — raising the alarm about the possibility of forces from Moscow poking their noses into the election.

Last time, in 2016, the Democrat candidate Hillary Clinton found a convenient scapegoat in Russia after a poor campaign, in which she was overly confident of romping home, saw her lose to Donald Trump. Her campaign manager, Robby Mook, was the person to start the Russian myth.

This time, every organisation and individual who tilts left or towards the centre is trying to lend a hand to prevent a repeat that would ensure another four years in the White House for Trump.

Of course, none of these worthies ever undertakes a comprehensive study of the clumsy system that is used for elections in the US, with no central authority to mandate methods of voting and each state free to conduct the ballot in the way it wants. In many cases, this involves the use of voting machines — either models on which one votes directly or else devices which read a voter's choice from a sheet of paper — which have been shown to be extremely dodgy in the past.

I will write about these aspects of the system another day. Today is reserved for pointing out how the so-called paper of record, The New York Times, whips up fear through the use of misinformation and sloppy writing.

On 27 September, the newspaper ran an article titled Ransomware Attacks Take On New Urgency Ahead of Vote which contains so much misinformation that anyone who lent their names to it would have also come away not exactly covered in glory.

The takeoff for this yarn, written by Nicole Perlroth and David Sanger, was a ransomware attack on US technology services provider Tyler Technologies, a company that provides services to a number of local governments. iTWire reported the attack as we do with most newsworthy ransomware incidents.

Initially, Sanger and Perlroth write that this firm sells software that cities and states use to display results on election night. But two paragraphs later, comes the clarifier: "While Tyler does not actually tally votes, it is used by election officials to aggregate and report them in at least 20 places around the country..." Then why not say so at the start? I'm guessing that it would have diluted the story and all the subsequent hyperbole in which the pair indulge.

There is another very broad statement before this, with no source quoted, either anonymously or by name: "Many of the attacks are conducted by Russian criminal groups, some with shady ties to President Vladimir V. Putin’s intelligence services. (Don't miss the use of Putin's middle initial, an American obsession)." So where do the enterprising duo get this information? One is left scratching one's head.

The Times continues: "But the attack on Tyler Technologies, which continued on Friday night with efforts by outsiders to log into its clients’ systems around the country, was particularly rattling less than 40 days before the election." How so? Ransomware attacks take place every day and the number of groups is growing as enterprising people, noting that it is an easy way for skilled hackers to make money: take the code of some existing ransomware package, modify it a bit and market it under a new name.

Before I go any further, let me point out that I report on ransomware attacks a fair bit. Some say excessively. The geographical region in which the target is located doesn't really matter as long as the incident is newsworthy. All attacks within Australia are, of course, reported.

But back to the NYT. There is a really stupid statement, that "Tyler would not describe the attack in detail. It initially appeared to be an ordinary ransomware attack, in which data is made inaccessible unless the victim pays the ransom, usually in harder-to-trace cryptocurrencies." Nobody, not even grandma in her winter woollies, gives out details of a ransomware attack while an investigation is in progress.

And what is an "ordinary ransomware attack?" Is there then some category called extraordinary attacks? Ninety percent of attacks nowadays are carried out using malware that also has scripts written in PowerShell to exfiltrate data before the encryption happens on-site. This gives the criminals a second way of forcing the victim to accede to a ransom demand.

It does not take much effort to gain some kind of education about these things before committing finger to keyboard. But Perlroth and Sanger, no doubt both highly paid professionals, were too busy to find out even the basics.

Ransomware has been used to attack Windows systems for years. Were the US federal officials unaware of this? Why is it necessary to run election-related software on Windows? There are more than enough qualified professionals who can be given a contract to write secure (to the extent possible) software.

Why is it necessary to connect these machines to the public Internet? Neither Perlroth nor Sanger asked these basic questions of federal officials for their piece which appears to have been written in haste. (But I'm sure the two will claim that they have been "researching" (another word for searching with Google) for at least a few months).

The pair then write: "With only 37 days before the election, federal investigators still do not have a clear picture of whether the ransomware attacks clobbering American networks are purely criminal acts, seeking a quick payday, or Trojan horses for more nefarious Russian interference. But they have not had much success in stopping them. In just the first two weeks of September, another seven American government entities have been hit with ransomware and their data stolen."

Of course, the myth that Russia played a role in bringing Trump to power is now an accepted fact among certain classes, especially on the left. Denying it is something like a man going to church and denying the existence of God. Thankfully, there are some worthy exceptions in journalistic ranks, people like the Rolling Stone's Matt Taibbi, The Gray Zone's Aaron Maté and The Intercept's Glenn Greenwald.

How did these officials try to stop ransomware attacks? No detail about that at all. What are the seven American government entities that have been hit? Again, one draws a blank.

Then there is another blanket claim: "The proliferation of ransomware attacks that result in data theft is an evolution in Russian tactics, beyond the kind of 'hack and leak' events engineered against the Democratic National Committee and Hillary Clinton’s campaign chairman, John Podesta, in 2016."

Data theft became a part of ransomware attacks in December 2019. That's nearly a year ago. The data that was exfiltrated from the DNC was taken away internally – my authority for that is former NSA technical director William Binney and CIA veteran Ray McGovern. Who is the source for what Perlroth and Sanger claim? Again, in the best traditions of reporting "all the news that's fit to print", no sources are cited.

Further down the article, one comes across this gem: "Part of the problem is that the full scale of ransomware attacks is not always disclosed." Why exactly would a commercial or government entity confess? So that their IT people can be mocked as idiots? So that they lose their jobs? Show me one incident in which the victim has fully disclosed the details.

I'm not going to detail all the remaining stupidity in this article but would just observe that the US Government — the richest and best resourced in the world — seems to be adopting a policy of simply sitting back and waiting to be attacked.

The report says: "A record 966 ransomware attacks hit the American public sector last year – two-thirds of them targeting state or local governments." This is incorrect. As a report from New Zealand-headquartered Emsisoft, a security firm that follows ransomware attacks very closely, said, at least 948 government agencies, healthcare providers and educational establishments had been hit in 2019 at a cost estimated to be about US$7.5 billion (A$10.5 billion).

And for this year, the number of attacks on US public sector bodies fell during the period from January to April month-on-month even as the COVID-19 crisis intensified, but appeared to be reversing in July. Once again, the source is Emsisoft.

Ending the piece is another biased quote. "There is a pax mafiosa between the Russian regime and its cyber cartels,” said Tom Kellermann, the head of cyber security strategy at VMware, who sits on the Secret Service’s cyber investigations advisory board.

“Russia’s cyber criminals are treated as a national asset who provide the regime free access to victims of ransomware and financial crime. And in exchange, they get untouchable status.”

“It’s a protection racket,” Mr. Kellermann said. “And it works both ways.” Kellermann, it appears, has a direct link to the Russian mafia – else how could he be so damn certain?

The NYT seems to be getting the public geared up for another Democrat loss and a convenient scapegoat: Russians, and what's more, people who are armed with ransomware. Not the ordinary variety either. Truly, this article is a sorry mess from a newspaper that claims to be among the best in the world. Standards have really fallen. Why are we surprised that a man like Trump has ascended to the White House?


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments