author photo
By Bruce Sussman
Thu | Apr 25, 2019 | 3:17 AM PDT

The Mueller Report is more than 400 pages long.

However, our team focused on the dozen or so pages that revealed more information on Russian hacking efforts.

Keeping in mind our SecureWorld conference theme this year is "Knowledge Is Power," we wanted to pass along any knowledge the Mueller Report offers about nation-state hackers.

5 Russian hacking details in Mueller Report 

The report confirms that Russia's GRU unit started its 2016 hack of the Democratic National Committee (DNC) by spearphishing an employee at the Democratic Congressional Campaign Committee (DCCC).

1. Now we know Russians took advantage of IT admin credentials:

"Over the ensuing weeks, the GRU traversed the network identifying different computers connected to the DCCC network. By stealing network credentials along the way (including those of IT administrators with unrestricted access to the system) the GRU compromised approximately 29 different computers on the DCCC network."

2. Now we know they took advantage of a VPN:

"Approximately six days after first hacking into the DCCC network... GRU officers gained access to the DNC Network via a virtual private network (VPN) connection between the DCCC and DNC Networks." The report does not offer additional details on this point.

3. Now we know a Trump speech reportedly inspired the Russians to hack Hillary directly:

"Earlier that day, candidate Trump made public statements that included the following: 'Russia, if you're listening, I hope you're able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press.'

Within approximately five hours of Trump's statement, GRU officers targeted for the first time Clinton's personal office."

[Note: the GRU started targeting Clinton campaign employees, volunteers, and Chairman Podesta in March 2016.]

4. Now we know the Russian GRU accessed a voting technology company:

"... also sent spearphishing emails to... personnel at companies involved in voting technology. In August 2016, GRU officers targeted employees of [redacted], a voting technology company that developed software used by numerous U.S.counties to manage voter rolls, and installed malware on the network."

5. Now we know that SQL injection is a method of attack the Russians also used:

"In one instance, in approximately June 2016, the GRU compromised the computer network of the Illinois State Board of Elections by exploiting a vulnerability in the SBOE's website. The GRU then gained access to a database containing information on millions of registered Illinois voters, and extracted data related to thousands of U.S. voters before the malicious activity was identified."

The report also dives into the social media side of Russia's election meddling efforts. It's somewhere in the Mueller Report.

Related stories:
20 Tricks Russia Used to Hack the DNC
How Russians Traveled the Globe  to Hack Olympic Enemies

Comments