Another Failed Attempt to Attack Federal News Agency by US Cyber Command
Next Post

Press {{ keys }} + D to make this page bookmarked.


Another Failed Attempt to Attack Federal News Agency by US Cyber Command


USA – February 27, 2019

The details of the attack made by the US Cyber Command, obtained during a special investigation by the Federal News Agency (FAN), demonstrate that the staff of the US military department acts unprofessionally and unproductively.  At the same time, the US Cyber ​​Command personnel extensively use global surveillance in their work and the technical capabilities of big American companies, including Apple and Amazon.

On Tuesday, February 26, the Washington Post stated that the US Cyber ​​Command managed to disconnect the Internet Research Agency from the global network. The agency is also known as IRA in the Pentagon classification. As reported, the disconnection occurred on the eve of the US elections in November 2018, while no evidence of the attack, as well as official confirmation from the Cyber Command of the US Armed Forces was provided.

Note the Western press constantly links the IRA to the Federal News Agency (FAN) without any evidence given. What is well-known is that the Federal News Agency (FAN) is a legal public information commercial enterprise operating in full compliance with the laws of the Russian Federation.  FAN does not interfere in elections; FAN has never been engaged in any other illegal activities either.

However, the accusations against FAN and its subsidiary projects became the reason and basis for the illegal attacks on the news agency - both informational, discrediting the publication in the public sphere, and cyber attacks on the agency’s sites and servers.

In the fall of 2018, FAN reported that its employees were exposed to information attacks from the Cyber Command of the US Armed Forces, but back then it all looked simply like unprofessional “trolling.”  At that time FAN reporters were sent threatening SMS messages in broken Russian from Africa-registered mobile numbers and e-mails in broken Russian urging journalists to "think about their activities.”  

According to the information gained from the open sources, in 2018, the Cyber Command division requested the US government to increase its funding by 16%, so as to conduct operations against "US enemies."  This was stated by Admiral Michael Rogers, who also heads the Cyber Command, and the National Security Agency (NSA).  The annual budget of the NSA is a US state secret, but it’s known that back in 2014 (according to the Director of National Intelligence, James Clapper) it was about $45 billion. There is no doubt in our days, taking into account inflation and other objective macroeconomic processes, that the budget is much larger.

However, instead of spending the money of American taxpayers for its intended purpose, including the fight against international terrorism, the United States continues to conduct cyber attacks on the servers of legal, law-abiding Russian media.  It is noteworthy that the main goal of the US cyber attacks was the FAN subsidiary USA Really. Why the US military needed to attack the legal media, which tells the truth about what is happening in the United States, remains unclear. For instance, USA Really has published a series of articles devoted to fraud during the American midterm elections.

The FAN editorial office suggests that the reason for the attack was the content of USA Really publications. And the fact that USA Really sent its employees to the United States to observe the elections and to draw the conclusions about how honest, democratic and open these elections were wasn’t welcomed by the ruling class. So, what did the attack look like?

On November 5, 2018 at about 10 p.m. Moscow time, the RAID controller of the internal office of FAN was destroyed and two out of four server hard drives were disabled. The hard drives were also formatted on the servers leased in Sweden and Estonia that were used to store USA Really portal data. At the same time, the US Cyber Command attack failed completely, as the work of the FAN office was not “paralyzed,” as was reported in the American media, and USA Really continued its work as usual. But how did they get access to the servers?

Several days before the attack, a letter was sent to a FAN employee’s personal email. The title of the attachment indicated some important information about the US elections that were scheduled for November 6, 2018. Based on the text attached, it followed that documents were sent there regarding possible violations in the course of the American elections. The employee opened the letter and the attachments to it.

After unpacking the archive, nothing was found in it except some basic information about where and what kind of elections would be held in the USA.  As it turned out later, one of the files was a trojan which, without the knowledge of the user, used the hidden features of the Windows operating system and gained full remote control over the computer in the FAN editorial board. It was from this computer that the first attempt to gain access to the server was made.  However, due to well-tuned intranet security policies, the hacking attempt failed and the attackers did not gain control the infected computer.

After detecting the attack, the FAN IT-department conducted an analysis of Wi-Fi networks in the office. Unidentified connections were eventually identified, however, these connections did not allow the Cyber Command of the US military to access the local office network, since the local and Wi-Fi networks of the office are physically separated. Special agents of the US Cyber Command were content with the opportunity to access the internet from the IP-address of the office Wi-Fi network.  It is unclear why this was done--possibly, for the subsequent discrediting of FAN during the publication of prohibited content.

The attack was committed by a rarely used method, which required considerable time to identify the source of the “infection” and the final penetration into the local office network. The source of the “infection” was the mobile phone of an employee who was connected to the USB-connector of a computer that did not have access to the internet, but had access to a local network with fairly wide access rights. After the connection between the Apple iPhone 7 Plus mobile device and the personal computer occurred, the automatic launch of iTunes and the synchronization of user data were performed along with the special internet connection. During this connection some system update files were also downloaded and installed automatically.

After that, the computer was actually managed remotely and all the necessary procedures were carried out to fully invade the local area network.  It is worth noting that the intrusion of the local network was carried out from IP-addresses controlled by American companies, including Amazon servers, which are usually used by hackers to sweep their tracks and hide the real source of the attack.

Thus, the Cyber Command of the US Armed Forces took advantage of its administrative capabilities and used a commercial company to their advantage. This fact confirms once again that American companies always monitor their users and transmit all information to the American special services. FAN correspondents have already written about how Google transmits full access to personal information of Russian citizens to US law enforcement agencies. Also, it’s well-known that all data from Apple devices is transmitted to the company's servers in the United States, regardless of phone settings.  After this incident, the company's security policy prohibited the connection of Apple devices to personal computers.

Interestingly, the access to the servers in Europe was obtained in the most primitive way: It was in fact not even a cyber operation, but the fulfillment of the requirement of US Cyber ​​Command personnel to provide full access to manage certain servers in data centers. The servers for servicing the mirrors of the USA Really site were located in Sweden and Estonia, which were specially created in case the main server was blocked.

Soon after an unsuccessful attempt to block USA Really, which wrote about violations in the American elections, Russian citizen and editor-in-chief Alexander Malkevich was detained at the US airport on November 8, 2018.  He was later released due to the absence of any violations of American laws in his work. However, the US Cyber Command personnel also participated in his arrest, as more than 10 special agents armed with the most modern equipment tried to get secret information from Malkievich’s phone and computer, but even here, the US cyber warriors failed: They eventually found no interesting information.

It should also be noted that later attempts were made to suspend the site by revoking the https-security certificate issued to the domain. Nevertheless, despite the total information censorship imposed by the US authorities (FAN is preparing a separate article about it now), the Americans failed to suspend USA Really even for one day. In this regard, the project and its editor-in-chief were included in the US sanctions list in December 2018, which was designed to limit the development of the project in America.

So, to draw a conclusion, in spite of the fact that the Western media covers the US cyber-operation as a successful company to disconnect the “Troll Factory” from the internet, in fact it was an unsuccessful attempt of a hacker attack on the technical infrastructure of the Federal News Agency. FAN editors believe that the lack of official information and details of the operation from the US Cyber ​​Command suggests that they understand that the operation failed and the result desired by the Americans was not achieved.

“The US authorities and the US Cyber ​​Command personnel showed their incompetence, using all the capabilities of the US National Security Agency, which have been mentioned by Snowden; they have attacked the law-abiding legal Russian media, FAN and USA Really. That is, trying to destroy the freedom of speech, Americans believe that ‘there is their “right” opinion, and the other one is always wrong.’  As the FAN IT Department staff explained to me, the US attack did not attract attention at the first stage, since the actions taken by the US Cyber ​​Command were more similar to the work of self-taught hackers rather than professionals. Practically no damage was inflicted upon FAN, as the server parts that were disabled were promptly replaced, new mirrors were created for USA Really, and work was continued as usual.  The employees of both FAN and USA Really, thanks to the coordinated work of the IT department, did not stop their work for a minute. Apparently, the command of the US Cyber ​​Command is preparing to resign as a result of the attack that failed in such silly way,” said FAN General Director Evgeny Zubarev.

Author: USA Really