Episode 4—Which Russia hack? Part 1

Breach podcast - Episode 4A
 

Featured guests include:

Damon McCoy
Damon is an assistant professor of computer science and engineering at New York University's Tandon School of Engineering.
Website: http://damonmccoy.com/

Dennis Dayman
Dennis is chief privacy and security officer at Return Path. He has more than 20 years of experience combating spam, security/privacy issues and data governance issues.
Twitter: @ddayman

Amy Knight
Amy Knight is a historian of the Soviet Union and Russia. She has been described by The New York Times as "the West's foremost scholar" of the KGB. Her most recent book is "Orders to Kill: The Putin Regime and Political Murder."
Twitter: @aknight613

Michael R. Isikoff
Isikoff is an American investigative journalist who is currently the Chief Investigative Correspondent at Yahoo News.
Twitter: @Isikoff

Andrei Soldatov
Andrei is a Russian investigative journalist and co-author of "The Red Web: The Struggle Between Russia’s Digital Dictators and the New Online Revolutionaries."
Twitter: @andreisoldatov

Breach Episode 4 - Transcript

 

RONALD REAGAN:

The greatest evil is not done now in those sordid dens of crime that Dickens loved to paint.  It is not even done in concentration camps and labor camps, but it is conceived and ordered, moved seconded, carried and minuted in clear, carpeted, warmed, and well-lighted offices, by quiet men with white collars, and cut fingernails, and smooth shaven cheeks. 

 

BARACK OBAMA:

So these cyber threats are a challenge to our national security.

 

MARISSA MAYER:

We saw a Russian intrusion in our network. 

 

DONALD TRUMP:

I don’t think anybody knows it was Russia.  She’s saying Russia, Russia, Russia, but I don’t- Maybe it was.

 

ASSISTANT ATTORNEY GENERAL MARY MCCORD 

The defendants include two officers of the Russian Federal Security Service.

 

DONNA BRAZILE

The Russians did interfere and meddle in our election.

 

ASSISTANT ATTORNEY GENERAL MARY MCCORD 

FSB officers protected, directed, facilitated, and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere.

 

GEORGE BEEBE:

Russian hackers were the ones that hacked the DNC.

 

ASSISTANT ATTORNEY GENERAL MARY MCCORD:

They worked with co-conspirators.

 

GEORGE BEEBE:

They did it on the explicit order of President Putin.

 

SENATOR BILL NELSON

Would you expect a breach?  I assume the answer to that’s no, or you would have been doing something more? 

 

 

 

GEORGE BEEBE:

The objective behind all this was both to advantage Trump and to undermine our democracy and the broader liberal international order. 

 

MICHAEL CARPENTER:

We’ve learned so much in terms of the propaganda campaign, the disinformation the stuff on Twitter and Facebook.

 

SENATOR BILL NELSON:

Sadly, the question that millions of Americans are now asking is ‘what in the world do we do?’

 

BARACK OBAMA:

And it’s one of the great paradoxes of our time: that the very technologies that empower us to do great good can also be used to undermine us.

 

SENATOR ROY BLUNT:

The 45th President of the United States of America, Donald J Trump. 

(APPLAUSE)

 

ALIA:

This is Breach, a podcast investigating history's most notorious data breaches, brought to you by Carbonite, how businesses protect their data.  

I'm Alia Tavakolian, and I'm in this time-travelling DeLorean with cybersecurity journalist Bob Sullivan.  He's the cyber Doc Brown to my Marty McFly.  We’re here in part four.  If you haven't already listened to episodes one through three, how did you get here?  Find your nearest exit, turn around, and go back to episode one.  Don't worry, we’ll wait. 

In this final episode of Breach, we’re going to examine the far-reaching consequences of the Yahoo data breach.  They're not black-and-white.  Let's start by zooming out for a minute and review what we know for sure about the Yahoo hacks so far.  Here's what I know at least: and that is there were two hacks at Yahoo, one in 2013 that was 3 billion done by we don't know who, and then one in 2014 by these four people who were indicted. 

 

BOB:

So, we have an indictment with four people, two alleged FSB agents, one freelance hacker in Russia, and then one freelance hacker who was a Kazakh but was living in Canada at the time.  That's what we know about the Yahoo hacks at the moment, yeah.  And we know also that the Russian hack involved this deep dive into people's email accounts.

 

 

ALIA:

Oh, and we also know that it wasn't like a one time breach, it was a recurring relationship with this database that these hackers accessed. 

 

BOB:

They had several years to scan what they wanted, yeah. 

 

ALIA:

But when we say Russia hack, you probably don't think of Yahoo. You probably think of: 

 

BRIAN WILLIAMS:

The headline reads Russian government hackers penetrated DNC.

 

ALIA:

So, what do we know about the DNC hacks?

 

BOB:

The DNC hack is still out there, and as of this moment as we’re having this podcast discussion, there’s been no formal charges about that.  But what we know is that some actor who has been linked to Russia tricked his way into John Podesta's email, the DNC helping run Hillary Clinton's presidential campaign.  They stole a bunch of his emails.  They tricked him with a simple phishing email.  And then whoever stole those emails passed them along to Wikileaks and then dribbled the emails out in the most embarrassing way, to harm the Hillary Clinton campaign.  And it's up for grabs and always will be how much impact those emails had, but what's clear is that somebody illegally broke into the DNC servers, and then illegally leaked those emails with the intention of hurting the Hillary Clinton campaign.  And most folks think that the hacker group that is responsible for it is tied to Russia.

 

ALIA:

I remember hearing that John Podesta received a phishing email, and that that was sort of the beginning the tiny beginning of this.

 

BOB:

I’ve seen it.  Because that very phishing email is actually on Wikileaks.  So, we can- you can see the email that John Podesta fell for, if you like. 

 

ALIA:

Subject line: someone has your password ‘Hi John, someone just used your password and tried to sign into your Google account john.podesta@gmail.com.’

 

BOB:

And then it says click here to login and fix the problem.  And of course all that did was redirect him to a server that was controlled by the hackers, and then he had given them his credentials.

 

 

 

 

ALIA:

So I mean this is a prime example of a phishing email.  Can I tell you something else I notice about this?  The whole email address reads ‘noreply@accounts.googlemail.com.’  There's no googlemail.com, it's gmail.com. 

 

BOB:

That and many other things about it should have disrupted him.  But you know as we've said over and over again, I'm sure he was on a blackberry, at a moment of weakness, and it takes you know two and a half seconds to fall for this.  It takes two and half seconds to potentially change the outcome of a presidential election.

 

ALIA:

That’s the more famous Russia hack.  So, when we say Russia indictment, you also probably don't think of Yahoo anymore.  You probably think of-

I just saw it.  Holy shit.

So, it’s February 16th, we’re sitting in the studio, and I get a notification on my phone.

Yeah, I got a push notification.

And then our producer Jan got a notification, and then Stephen our associate producer got a notification, and then Bob got a notification.

 

BOB:

Holy shit.

 

ALIA:

Did you just get this push notification?

 

BOB:

I've literally read two sentences of the of the story. 

 

ALIA:

And it was all because of- 

Wait what okay can you just tell me the headline?

 

BOB:

Special Counsel investigating Russia's interference in the 2016 presidential election has charged 13 Russian nationals and three Russian organizations with illegally using social media platforms to sow political discord, including actions that supported the presidential candidacy of Donald Trump, and disparaged his opponent, Hillary Clinton.  So Bob Mueller says that the Russians sided with Trump.

 

 

 

ALIA:

In the indictment, Mueller charged that some of the Russians posing as Americans communicated with unwitting individuals associated with Trump's 2016 campaign, to seek to coordinate political activities.  This is crazy.  Can we- can we just like talk about that indictment for a second, because I feel like it’s relevant.

 

BOB:

I think we have to.

 

ALIA:

Right? 

 

BOB:

So, it's actually pretty specific and pretty narrow.  There are lots of different ways that people think the Russians meddled in the US election.  One of them was this propaganda campaign on social media, where they manipulated Facebook and Twitter and the way that ads are served and they played into conspiracy theories.  And as a result, colored people's social media experience, which as we know is basically how many people experience the world and specifically news now.  It's an open question whether it directly impacted the election, I think we'll never know.  But what we do know, is that there was this essentially a factory, where they were spending one and half million dollars a month, just churning out inflammatory comments, doing everything they could to stir the pot in American politics.  And that worked. 

 

ALIA:

I mean that's the thing right, like you said you know we don't know, we’ll never really know if it impacted the election, but the bottom line is they wanted it to impact the election.

 

BOB:

Well and also the Russians are smart enough, that I think they would’ve stopped spending a million and a half dollars a month, if it wasn't working.

 

ALIA:

For me, it feels like all of this Russia cyber hacking is happening at once, simultaneously, which leaves me with a burning question.  We know now that Russia hacked the DNC and the 2016 election.  We know as part of hacking the election, Russia made thousands of fake Facebook ads.  And we know that a few years before all of this, around 2014, Russia had access to 500 million Yahoo emails, which would include civilians, journalists, public officials, etc.  Can we get out the red yarn Bob, like can we connect the alleged Russian Yahoo hack to the alleged Russian DNC hack and election interference?  Can we do that?

 

BOB:

If this were a movie, the last scene of the movie would be one person was behind all of these things, all these allegations that seem to involve Russian hackers.  That's tempting to do, but extraordinary claims require extraordinary evidence, and we don't have that evidence.

 

 

ALIA:

Okay but I have a real-life scene, that would fit great in a movie, that might change your mind.  It's the very first hint that the DNC might've been hacked, and it starts with Alexandra Chalupa.

She is a consultant for the DNC, and she started doing opposition research into Paul Manafort’s connection to pro-Russian political leaders in Ukraine.  And then all of a sudden she gets this alert that her personal email had been hacked.  Her personal email was a Yahoo account.

 

BOB:

It it's really interesting. 

 

ALIA:

Interesting, true?

 

BOB:

No.  Extraordinary claims require extraordinary evidence.  Go-ahead, like make your Chalupa case. 

 

ALIA:

I mean my Chalupa case is that if Russians are hacking Yahoo to gather intelligence on Americans to undermine democracy, let's just say that is what they're doing with Yahoo right, then it would make sense that they would hack into the Yahoo account of a consultant for the DNC, as another way in to undermine democracy.  It's really kinda funny that the Yahoo! News investigative journalist is the one that reported this.  So she receives the alert, right, when logging into her Yahoo email account, like- 

 

BOB:

Oh wait, this isn’t a- This isn’t a Yahoo author who did the story, this is Michael Isikoff who did this story.  And anything, literally anything Michael writes is correct.  So, I mean no he’s like, that’s-

 

ALIA:

You have not said that about anyone. 

 

BOB:

It's a short list. 

 

MICHAEL:

I’m Michael Isikoff, the Chief Investigator Correspondent for Yahoo! News, and the co-author of the new book Russian Roulette: The Inside Story of Putin's War on America and the Election of Donald Trump.  One of the early stories I did on the Russian attack on the election, was about a woman named Ali Chalupa who had been working at the DNC as a consultant.  She's a Ukrainian American, and got quite energized when she learned that Paul Manafort joined the Trump campaign, because Manafort of course had been working for years for the Yanukovych  government in Kiev, the pro-Russian political party aligned with Vladimir Putin.  And the idea that somebody who was a consultant to the allies of Vladimir Putin would now be working for the Trump campaign, was a very big deal to Ali Chalupa, and she began trying to get the DNC to pay attention to this.  And then right in the middle of this, and this is the Spring of 2016, she gets a pop-up message from Yahoo security, saying that her email has been targeted by state-sponsored hackers. 

 

ALIA:

So, while Ali Chalupa’s Yahoo account was definitely hacked, we don’t know that it was connected to our specific Yahoo breach.

 

MICHAEL:

But I did verify from Yahoo security that this was a real message and that it was a serious matter, what happened to Ali Chalupa.

 

BOB:

I can't help but think looking back, are you afraid somebody was looking at your Yahoo emails?

 

MICHAEL:

Well, I had a Yahoo corporate email, and that was a question I asked right from the get go ‘did the did the Russian hackers who got in also get into our corporate emails?’ and I never got an answer to that question.

 

ALIA:

But as for my my tidy red string tying the DNC hack to the Yahoo hack via Ali Chalupa’s Yahoo account. 

 

BOB:

There are other plausible explanations, beginning with the fact that we now know that Yahoo was essentially a hacker’s playground this whole time.

 

ALIA:

So, there's no reason to believe these alleged Russian hacks are even under the same Russian mandate.

 

BOB:

I think we we run a great risk in thinking about Russian hackers as like a room full of people in Moscow, when in fact we’re talking about thousands, tens of thousands, maybe hundreds of thousands of people.  And it would be- imagine the situation in reverse.  Some American hackers hack a Chinese social media site and suddenly China says all Americans have hacked us.  So, there certainly are some pieces that lead you to say this needs some serious investigation.  The most persuasive one for me, which we’ve hinted at already, is the fact that Alexsey Belan’s name appears both on the indictment, where the US alleges that Russians hacked Yahoo, and on the list of sanctions imposed by Pres. Obama in December 2016, in retaliation for in general election hacking.  The fact that Alexsey Belan is on both of those documents, suggests to me that somebody in the state department has connected those two things. 

 

ALIA:

So, maybe it's not Alexandra Chalupa that is our connection between the DNC hack and the Yahoo hack.  You're saying it's Belan.

 

BOB:

I think Belan is the clearest piece of evidence we have that somebody has connected these dots.  But again to be as specific as we can, when the state department issued these sanctions, immediately after the election, the US sanctioned nine entities and two individuals.  The two individuals stand out.  One of them is a Evgeniy Bogachev, who is perhaps the world's most famous internet bank robber, and the other one is Belan.  And the paragraph says specifically the Department of the Treasury is designating two Russian individuals, Bogachev and Belan, under a pre-existing portion of the executive order, for using cyber enabled means to cause misappropriation of funds and personal identifying information.  So this is an unsatisfying connection, because that specifically says they committed ID theft and banking fraud.  If they wanted to, they could have said ‘and potentially meddling also in the election.’  However, I think it can't be ignored that this happened at- its its retaliation for the election.  So, to me this is statecraft, shot across the bow, we think we know what you're up to kind of thing.  But again, you know Belan hasn't been indicted in any formal way, or as far as we know even alleged by the US Government to have been involved in attacking our elections.  So, we have to avoid the sort of urge to homogeneity and our natural urge to make sense out of pieces of information that don't necessarily make sense and put them into one frame and our desire for a Hollywood ending.  We may not get that satisfying Hollywood ending here.

 

ALIA:

Breaking News: On March 22, The Daily Beast reported that it has been revealed that Guccifer 2.0, the lone hacker who took credit for providing Wikileaks with stolen emails from the DNC, was a Russian intelligence officer, working for the GRU.  So, maybe no Hollywood ending, but...

We’re gonna take a quick break, so I can go figure out some metaphors that are as good or better than Bob's.  I wanna be a metaphorist, like a florist, but like a metaphorist.  Is that real?  Don't give me that look Bob. 

 

So, we got hacked and it freaked out our entire team.

Do you think were were breached?

 

STEPHEN:

It’s been a constant worry of mine since we started this project.  I think it’s very much a possibility.

 

ALIA:

We decided we should probably do something other than write emails to the hackers who were probably in our inboxes, like maybe being a little more thorough with our backup system.

 

MEGAN:

Hello?

 

ALIA:

Hi, Megan.  How are you?

 

MEGAN:

Good.  How are you?

 

ALIA:

I’m fine.

So, I called up Megan Wittenberger from Carbonite.

 

MEGAN:

I’m Megan Wittenberger.  I’m the Senior Marketing Manager at Carbonite.

 

ALIA:

I explained our situation and all of the fears that were now plaguing us daily.

 

MEGAN:

I think that you’ve accidentally walked into a very precarious situation, unfortunately.

 

ALIA:

Precarious indeed.  In fact, the folks at Carbonite felt so bad that we got hacked while working on their show, that they gave us a year of free service.  Thanks, Carbonite.  And Megan was super helpful.  She gave us some tips on how to manage our backups, the 3-2-1 method.  She made it sound easy.

 

MEGAN:

So, one thing you can do is, there’s a thing that we in the data protection business call the 3-2-1 rule, and it’s a set of best practices for managing your data.  So, if you want I can run it down for you.

 

ALIA:

Yes, Megan.  Yes I would.  We need help.

 

MEGAN:

So the first one is keep at least three copies of your data, the original and at least two backups.  Next, is you want to keep the backups on two different storage sites, like a server, or Google Drive, or the cloud.  And finally, you need to keep at least one copy of your data off-site.  If you have multiple backups in the same location and something happens to it, it’ll be like you never had a backup at all.  So, this is when the cloud comes in handy, because you can tap into a provider’s global infrastructure, even if you have a smaller business.

 

ALIA:

So, thanks Megan.  And thanks to Carbonite.  They really live up to that tagline of helping businesses protect their data.  Yeah yeah, branded podcast, we know.  But in this case, we couldn’t be more grateful to them.

 

JAMES COMEY:

They were unusually loud in their intervention.  It's almost as if they didn't care that we knew. 

They’ll be back in 2020.  They may be back in 2018.  And one of the lessons they may draw from this is that they were successful, because they introduced chaos and division and discord, and sowed doubt about the nature of this amazing country of ours and our democratic process.

 

ALIA:

Maybe we can’t connect Yahoo hacks directly to DNC hacks.  Maybe we won't know their specific intent behind each of these hacks and how they're connected.  But I'm wondering if we can connect these hacks to a larger Russian playbook.  Do their continued significant malicious cyber enabled activities have a purpose?  What's the playbook here for hacks?  I mean how how does Yahoo fit into Russia's long-term cyber hacking playbook?  I mean, we don’t wanna just like make guesses and speculate or hypothesize, we really want to make educated guesses.  So we reached out to a bunch of experts, and we read them the super specific list of names, and they really didn't have much to say about it.  They really couldn't make sense of it better than we could.  However, they did help us contextualize the Yahoo hacks against Russia's long-term playbook, and I thought that was really helpful. 

One chapter in the playbook is blatant spying, letting us know they're here.

 

DAMON:

But I think it's an extension of what we've been seeing in the past, in perhaps even Cold War times right, of kind of espionage and spies and gathering intelligence.

 

ALIA:

That’s Damon McCoy.  He teaches computer science at NYU's Tandon School of Engineering, and focuses on, among other things, the economics of cybercrime. 

 

DAMON:

But instead of kind of doing it face-to-face like we used to, now everything is online.  And so now they're just simply moving their operations online.  And in the case of the Russians, it feels like they're not so worried about attribution.  And so they're kind of willing to do these kinds of large operations where there’s-  there's a high likelihood that they’re gonna get caught, like in Yahoo.  But they they almost feel emboldened at this point to say ‘yeah we’re we’re spies we’re gonna spy.’

 

ALIA:

I mean, do you agree with what he just said, with the fact that Russians like aren’t concerned about attribution.

 

BOB:

The Mueller indictment taught us a bunch of things, but one of the things that it taught us without saying it, is that the Russians clearly wanted to be caught.  There are so many ways they could have done that out of view, but they did it in plain sight.  They had ads for jobs they- they’ve allowed people who work there to talk to journalists, so-

 

ALIA:

They could have been sneakier.

 

BOB:

Much sneakier.  So much sneakier that it's obvious they wanted to be caught. 

 

ALIA:

So even if Russia didn't actually impact our election, they want us to think that they can.

 

BOB:

That is exactly the point of all this.  We forget because Donald Trump won the election, but all the talk before he won the election was how he thought the results would be illegitimate if he didn't win.  We didn't have to cross that bridge, but you know imagine an alternate universe, where instead we spent the last year talking about whether or not Hillary Clinton's win was legitimate, because all of the breadcrumbs had been left there, like the the alibi was set already.  So, yes, this is kind of an ingenious strategy where Russia either wins or it wins.

 

ALIA:

Another approach in Russia's cyber playbook is to gather basic intelligence, to disperse among a bunch of different agencies.

 

ANDREI:

And this might be not one operation, but many operations.

 

ALIA:

That's our Russian journalist, Andrei Soldatov.

 

ANDREI:

So, the usual way in this case is to say ‘look we have access to this particular data,’ and then to share this information with departments of the government.  And then they can define some intelligence request, like ‘wow all of a sudden this particular ministry or this particular department maybe said we need access or we need information about this particular guy.’  And then to channel this request for all these- well intermediaries.

 

ALIA:

And in this case, Andrei goes on to say, the guys running the operation wouldn’t know why they were accessing particular information for different accounts.

 

ANDREI:

It could be much more decentralized. 

 

ALIA:

So Dokuchaev or Sushchin sends out I don’t know a memo to the FSB ‘Hey, we got Yahoo, you need to peek into anyone's accounts?’  And then there’s some spreadsheet, a Google spreadsheet that they're all sharing.  Cool, so this department wants intel on a swiss Bitcoin firm they're interested in, then this department needs dirt on this one guy they’re spying on in another country, like just a generalized wealth of information, a search engine, by which to unlock accounts as they need them.  Is that like is that what Andrei’s sort of talking about, and is that like a real thing?

 

BOB:

Sure, without the Google Docs.

 

ALIA:

The shared spreadsheet.

 

BOB:

Yeah yeah, but it's it certainly is not unlike, and I don't mean to pick on the credit bureaus here, but the credit bureaus have this pile of data about Americans.  And different kinds of companies show up and say ‘hey we’d like to know whether this person is qualified to buy a car, hey we’d like to know if this person is moving, hey this person owes us a debt any chance they’ve gotten a raise recently?’  So, people get to peek at different kinds of data.  And what we know from the criminal underground is that - I'm sure that Russia did this with the Yahoo data - but lots of folks have done this, I've seen these databases, where they they are pulling stolen information from various sources, and they merge it altogether, so they have these detailed dossiers on all kinds of people. 

 

DAMON:

And they’re probably more interested in kind of high profile figures that have email accounts at Yahoo.  So, this is probably the exception to the rule, where they will try and extract value out of that more sensitive personal information.  So you can find who's having an affair with who, you can find very sensitive information that could potentially lead to blackmail and compromise of very high profile people.  When you're in the intelligence community, this is a classic way right to then collect more and more intelligence on more and more people. 

 

AMY:

Well, my reaction when you go through this list of names, is there probably were several purposes for singling out these people. 

 

ALIA:

That's Amy Knight.  She's a Russian geopolitical experts, who’s written six books and over 30 scholarly papers on the topic.

 

AMY:

First of all, just the simple process of gathering secret information.  You know, the FSB and the SVR, the Foreign Intelligence Service, they’re- they are not necessarily terribly discriminating.  And some of them probably are still have a little bit of the former KGB mindset, which is ‘well anything that's that's secret we can get it’s gonna mean something.’  But I think that particularly with the banking people, people who know about finance and so forth, I would imagine that blackmail would be something in the back of the minds of of the people who use this information.  And not just blackmail because of financial malfeasance, but also personal issues.  So if you could find somebody who was fairly high up in a bank or in a financial organization, for example, and you could hone in on some of their personal secrets that they wouldn't want people to know, that's always a very very good way of moving in to influence them.

 

ALIA:

So, basic blackmail is part of Russia’s playbook.  This feels pretty straightforward, when you look through the list of targets named in the Yahoo indictment.  Russian journalist and investigative reporter working for Kommersant Daily, Minister of Economic Development from a border country, his wife, employees of US cloud computing company, CEO of metals industry holding company.

 

BOB:

And you just never know what will be useful in the future.  That's at least half the story here, I suspect all of these things occurred. 

 

ALIA:

But you know, another thing that I kind of notice when I'm thinking about blackmail in relation to the Yahoo hack, is when you look at the list of characters whose accounts were compromised, you get a lot of ‘and their spouse and his wife.’  And that to me feels like prime blackmail material, right?

 

BOB:

Sure, it's also you’re casting a net to someone who very well may not be as tight-lipped as the professional.  I mean-

 

ALIA:

Right, they’re  talking to someone they lo- someone they’re close to, a personal connection.

 

BOB:

Yeah, and your your husband or your wife, who is not the intel officer, hopefully they live by the same strict never write anything down standards, but they're more likely to be loose-lipped.  And so that's a really obvious target.

 

ALIA:

Yeah yeah, ‘you staying late at work tonight working on that project on XYZ?’  They’re, like- they'll say it. 

 

BOB:

Right. ‘honey don't say that.’  It's too late. 

 

ALIA:

Delete the email, like that helped.  LOL. 

 

AMY:

Well, I think Russia's cyber hacking playbook is similar to its playbook for other operations, as I mentioned active measures.  Which means efforts to influence the political processes in democratic countries, countries that Russia feels threatened by, or would like to control.  If you listen carefully to what Pres.  Putin and his colleagues, particularly those in the security services say about the West, and if you listen to what they portray as their goals and so forth, it becomes very very clear that the mindset of the Kremlin right now is very similar to the mindset of the Politburo and the Kremlin in the Soviet period.  These people feel like they are encircled, they are threatened, the whole internet is hugely threatening to people who are actually presiding over totalitarian governments, which I'd say Russia is.  So, they they view the internet both as a threat and as an opportunity. 

 

BOB:

The open society that the US tries really hard to live in, is being used against us right now, as a hacking tool. 

 

ALIA:

Can you tell me what you mean by open society? 

 

BOB:

We can say whatever we want.  We thrive on conversation, and comment, and the First Amendment.  And people misuse the phrase First Amendment all the time, but it's because we all agree at this incredibly fundamental level that voices shouldn’t be suppressed.  Of all kinds, even voices we disagree with.  And when you don't live by that rule, all of this is a lot easier. 

 

ALIA:

Right. 

 

BOB:

It's a lot easier for Russia to conduct a propaganda attack on the US, than vice versa.

 

ALIA:

Yeah, sowing seeds of doubt is easy when no voices will be squelched, because we also don't know to squelch the voice of Russia. 

 

BOB:

Yeah, I mean if we had the great firewall of China over our internet, this would not be an issue, right.  So, I think what the real tragedy here is that democracy's greatest strength is right now being tested and being used against us.

 

ALIA:

Another page out of Russia’s playbook, is affecting the economy.

 

DENNIS:

There’s been some things happening right now in the underground.  There’s been some activity, some threats, some things that have been got people kind of going ‘ooh, okay this is getting really serious.’

 

ALIA:

That's Dennis Dayman, my cybersecurity spirit guide from our first episode.

 

DENNIS:

Part of the reason why Trump is in office to be honest, and sort of the other things that’s going on, is well Russia is affecting the economy and affecting how things are happening on purpose, because they need help.  They want, their market to change.  I think because for them, having that information allows them to to change the world in a sense.  It allows them to dictate where where certain things could be going if they had early information.  You know Russia has had a very interesting time in terms of their economy, where oil and gas prices are, how food you know comes in and out for them.  It's a very hard nation sometimes some places to live in.  And I think by having this ability to push things around a little bit, in the way that they want, is helping them.  Like you know getting better prices on food, getting better prices on gas, things for you know for citizens, and then getting the upper arm if you will on other sorts of things in the marketplace, how things are being priced out, what the the price of the dollar is.  If they want to invest in other markets.  I mean having the ability to say ‘you know what I'm gonna invest in this currency, and I'm gonna invest on it, because I'm going to short that currency,’ and then having the ability to then influence the market by putting false stories out there.  Or in some cases there's been a lot of talk about whether Trump is a part of that plan.  By putting Trump in, is the way that he is acting, and the way that he hasn’t really gone after you know Russia and Putin, you know is that a part of that plan?  Potentially.  But having a leader that they know is a little bit off, actually is helpful, because it causes disruption in other markets too.  So, yeah having a lot of access to information, if you know how to play the game, you can really control a lot of things. 

 

BOB:

If you want to hit Americans where it hurts, hit ‘em in the markets, right?  I mean, we've already seen some incredibly successful hacks, that involve the simplest of manipulations of the stock market, which is the most fragile of hackable systems.  And we have you know protections in place.  And I can tell you that a lot more has been invested in protecting the stock market, than invested in say protecting Yahoo email or in protecting our elections. 

 

ALIA:

Because it’s everybody's money?

 

BOB:

Because there's something to really lose, yeah yeah, and you invest money when you're gonna lose money.  You don’t invest money in democracy, because that’s sort of a vague idea.  So those accounts are safer, but-

 

ALIA:

But not unpenetrable. 

 

BOB:

Absolutely not.  Next in the playbook, is this idea of moving war online.  So these hacks as a way of training and getting ahead of the curve on cyber war.  So, one of the phrases we haven't said yet in this podcast is ‘asymmetrical warfare.’  It’s a really important concept. 

 

ALIA:

Talk me through it. 

 

BOB:

So, war in the past meant like you put men on this side, men on this side, if you had more men or bigger guns you won.  That meant being the largest power in the world gave you an advantage.  Asymmetrical warfare, is a situation where one party has a dominant position at least in some form.  The other party fights in any way to augment their power.  So, flying planes into a building is an example of asymmetrical warfare.  In the digital world, one of the important components of asymmetrical warfare, is that the bigger party is actually more vulnerable, because it's bigger; there are more targets.  So, in the digital world this is the very uncomfortable position that the United States finds itself in.  The country that relies the most on technology, stands to lose the most if technology is disrupted.  So, if somebody figures out how to knock the power out in the eastern seaboard, that would be crushing to the US economy; it would not be so crushing in a place where there is power outages all the time.  Because we rely so much on mobile phones, if somebody knocked off our mobile phone network, the 911 system, there are all of these ways.  We rely so much on technology.  And the more that we make our lives dependent on it, the more fragile we are, the more fragile we are to an asymmetrical warfare kind of attack.  So this is why this is such a smart play by Russia, or any of our adversaries.  Actually I- I’ve spoken with NATO experts over this, the agreement that if any one of the NATO members are attacked, we all have to defend each other.  You know what happens in a cyber attack?  Do we have to rush to the aid of Germany if Germany is cyber attacked?  And then the real dividing line that people talk about is, when does a digital war become a shooting war?  So if somebody knocks out the power grid in the US, would the US retaliate with a physical attack to that?

 

ALIA:

Right.  Oh my God, Bob.  I feel like I'm just like melting into the floor.  I feel so awful.  I'm good.  I'm good.  Move on, I'm good.

 

BOB:

So, people have been waiting for some big event like a cyber Pearl Harbor, a cyber 9/11, as a signal that the cyber war has actually begun, cyber World War III, or whatever you want to call it.  I think it's pretty clear that the war has already begun, and it’s begun quietly, it's begun on the dark web, and it's begun in an invisible way to most of us.  We won't know for years, maybe decades, maybe even longer. 

 

ALIA:

This is what’s so complicated about the Yahoo hacks, in the context of a larger Russian cyber playbook.  It's interesting to speculate, to draw connections.  But whatever Russia is doing, it’s happening live, right now, as we speak.  We’re releasing this podcast in March 2018, who knows what will come to light, that blows even the Yahoo hack out of the water?  Right now, we can only see the metaphorical screens right in front of us, watching each Russian cyber attack as it happens.  FYI, headline from our very own Nicole Perlroth, dated March 15: ‘Cyberattacks Put Russian Fingers on the Switch at Power Plants, US Says.’  We may not have the big picture for decades, but at least we’re starting to pay attention.

 

MICHAEL:

The warnings that the US Government was getting as early as 2014, about what the Russians were up to- 

 

ALIA:

Michael Isikoff again. 

 

MICHAEL:

The US government had a secret source inside the Kremlin, who was giving pretty explicit warnings about the information warfare plans that the Russians were mounting.  It's a reflection of Putin’s worldview, where he sees the US as his main adversary.  And he knows he can’t have a military confrontation with the United States, but he has other ways of poking at us, and I think the information warfare playbook was was front and center.  Gen.  Gerasimov, who was the chief of staff of the Russian military, had written this piece in 2013, in an obscure military journal, about how the nature of warfare was evolving, and it was now evolving into areas of information warfare, of where the most important battlefronts wouldn't be with tanks and physical armies, but in the cyber sphere.  And it was a pretty explicit game plan that was being laid out, and wasn't fully appreciated by the US government.  The US intelligence community saw it in Ukraine, they saw it elsewhere in certain places of eastern Europe, but this is a classic case of the dots not being connected.

 

ALIA:

It's not as if cyber attacks are new for the United States. 

 

MICHAEL:

After all, we’d had cyber espionage before.  They attacked the State Department computers, they attacked the White House computers.  These were very big deals in the world of cyber security, of government cybersecurity, but the government never went public with it.

 

ALIA:

If you look back at the timeline-

 

MICHAEL:

Remember, the Russians got into the computer networks of the US Central Command, they attacked the State Department computers, they attacked the White House computers, but the government never went public with it.  They never called out the Russians, because that was sort of the thinking at the time: ‘we’ll handle this quietly, we don't want to escalate it.’  There were people, even during the 2014 attack on the White House, that were suggesting this called for a response.

 

ALIA:

And even earlier- 

 

MICHAEL:

I mean, it was known that there'd been a hack of the Obama and the McCain campaigns, but the US Government had never publicly attributed it to the Chinese, because that's the way things were done back then.

 

ALIA:

But this hands-off approach stopped working towards the end of the Obama era. 

 

MICHAEL:

There was a substantial uptick in the tempo of foreign state-sponsored cyber attacks on the US, and the traditional cybersecurity methods and techniques that were being used by the Government just weren't working.

 

ALIA:

Because it stopped being simple espionage, when Russia began using cyber attacks to influence the American electorate, by dumping the DNC hack emails days before the Democratic National Convention. 

 

MICHAEL:

That was the first big shot across the bow, that told everybody this wasn't just standard cyber espionage.

 

ALIA:

So how do the Yahoo hacks fit into this timeline of escalating attacks? 

 

BOB:

I mean, as you do point out though, I think the remarkable thing is this public call out, as far as I know the first time FSB agents have been indicted by the US Government for computer hacking.  So, that that must mean, like what does that mean?

 

MICHAEL:

Well, you know it's it's at least a form of public attribution, it's calling them out.  We don't get access to these people, they’re not going to be extradited, there actually isn't even an extradition treaty between Russia and the United States.  So, the prospect that we’re going to get hold of these people, and and and try them in a US courtroom, and imprison them if they're found guilty, is highly highly unlikely, but it's a marker.  Look, Robert Mueller, the Special Counsel, just indicted 13 people from the Internet Research Agency, the troll farm in St.  Petersburg.  There's no expectation that those people are gonna get turned over by the Russians, but it's a it's a way of drawing down a line, and saying ‘we view this, what you did as a criminal act.’  Now we are still waiting for the indictment of those who perpetrated the DNC hack, or the Podesta email hack.  So are we going to indict Vladimir Putin?  Will he be an unindicted co-conspirator in the indictment of the perpetrators of the DNC hack?  It is interesting that in the Yahoo indictment, it says in addition to the FSB officers who are indicted by name, this was a conspiracy with others known and unknown to the grand jury.  And one of those known, was a senior official in charge of Center 18, at the FSB. 

 

BOB:

That indictment, much like the Yahoo hack indictment, is full of painstaking detail.  Bang, here we have a fact, here is amazing detail of the kind of lengths that Russia will go to, in an organized way, that comes very very close to Vladimir Putin’s doorstep, that they are involved in manipulating our election, that they have this incredible technology capability that that is refined, and it's professionalized. 

I mean, your mind wanders to how useful would it be, if you were trying to commit these larger nationstate hacks, to have access to every Yahoo email ever.

 

MICHAEL:

Oh, I mean- it would be an enormous intelligence trove. 

 

ALIA:

It's not unheard of for a country like Russia to gather intelligence, to read our emails, to whatever, right?  What is unheard of, is them weaponizing that information, that intelligence.  And now we have proof that that's what has happened.

 

BOB:

You know, I think you can imagine in your head a meter that suggests you know when does the cold war start to become hot.  And when you start using words like ‘well they weaponized the digital world to interfere with our election,’ well that's a cold war that's getting warm, and that's the seriousness of this issue.  I am less afraid of this digital cold war starting a shooting war, than I am afraid that we will lose it, without a single shot being fired. 

 

ALIA:

We’ll lose it, because it's happening under our noses, and we’re not taking it seriously.

 

BOB:

We just can't be bothered to pay attention to it, nor can we be bothered to examine the issues deeply enough to understand what's really happening to us. 

 

ALIA:

If the point of an indictment isn’t to actually prosecute the bad guys, but rather to send a message, raise a flag, then one day, when we’re looking back at Russia's cyber playbook throughout the 2010s, the Yahoo hack indictment may be remembered as the first instance the US Government says on paper, publicly, ‘Russian government, FSB, Center 18, this is not okay.  This is no longer standard spying.  This is a cyber war.’ 

So, what’s the fallout for the Yahoo indictment back in Russia?  What are the consequences for the Yahoo hackers, the FSB, for other tech giants?  And who makes amends for us, for me, the consumer?  This was supposed to be our final episode, but this thing keeps getting bigger and bigger, so we’re making this a two-part finale.  Next up, we’re going to reckon with the aftermath of the Yahoo breach, what we can demand for our data, and Bob will take us back to kindergarten.  That’s next time, on our final-final episode of Breach.

 

ALIA CREDITS:

Breach is a branded podcast, brought to you by Carbonite, in partnership with Midroll and Spoke Media.  You can find transcripts and show notes at carbonite.com/breach.  If cybersecurity reporting was basketball, Bob Sullivan would be Michael Jordan.  If cybersecurity reporting was Hollywood, Bob would be Michael B. Jordan.  Our show is produced by Alia Tavakolian - that's me - and Janielle Kastner, with associate producers Stephen Gardner and Carson McCain.  When Bob and I are in the studio, we’re recorded by Jared O'Connell.  Our  show is mixed and sound designed by Mark Moncrieff.  The songs you hear come from APM music.  Our executive producers are Alex DiPalma and Keith Reynolds, who is eternally grateful he has never had a Facebook account

 

BOB:

Sorry, again-

 

ALIA:

America.

 

BOB:

I take all, any and all cocktail party invitations

 

ALIA and BOB laughing throughout

 

ALIA:

The great, I just got-

 

BOB:

I’m a ball of laughs.

 

ALIA:

I got a fir-  Bob Sullivan, a ball of laughs.

 

BOB:

One of my other problems -I have a lot of cocktail party problems- so-

 

ALIA:

We can have cocktails later.

 

BOB:

Clearly I am hinting.

 

ALIA:

God...

When one thinks of the words "Russia hack," the Yahoo data breach is probably not what immediately comes to mind. Instead you probably conjure thoughts of the alleged Russia hack of the Democratic National Committee and the alleged Russian conspiracy to infiltrate social media sites and sew political discord in the months leading up to the 2016 U.S. presidential election.

But are all three of those crimes connected? There is certainly circumstantial evidence supporting the idea that they are connected. For example, Alexsey Belan, one of the Russian nationals named in the Yahoo data breach indictment, was also listed when President Obama announced sanctions against Russia for election meddling.

In this episode of Breach, we attempt to connect the dots between the Yahoo security breach, the DNC hack and efforts to undermine the U.S. presidential election on social media. And while we didn't find evidence of a direct link, it's clear that all three can be connected to the larger Russian cybersecurity playbook.


[ About this series ]