19 Dec 16. US Fails to Renegotiate Arms Control Rule for Hacking Tools. The Obama administration has failed to renegotiate portions of an international arms control arrangement so that it’s simpler to export tools related to hacking and surveillance software — technologies that can be exploited by bad actors, but are also used to secure computer networks. The rare reconsideration of a rule agreed to in 2013 by 41 countries was derailed at the plenary’s annual December meeting in Vienna, leaving it up to President-elect Donald Trump’s administration whether the U.S. pushes for revisions again next year. The U.S. had pushed for more precise language to control the spread of such hacking tools without the unintended negative consequences for national cybersecurity and research that industry groups and lawmakers have complained about for months. They argue that the current language, while well meaning, broadly sweeps up research tools and technologies used to create or otherwise support hacking and surveillance software. (Source: glstrade.com/Defense News)
22 Dec 16. Moscow’s cyber warriors in Ukraine linked to US election.
Security firm accuses Russian intelligence’s ‘Fancy Bear’ hackers. CrowdStrike, a cyber security firm, has found evidence of alleged Russian government hacking in Ukraine that boosts its confidence that Russia orchestrated the hacking of Democratic National Committee servers in the US before the presidential election.
The firm, which was hired by the DNC to rebuild its cyber defences after the attack, said Fancy Bear — a code name it assigned to hackers that it believes are associated with Russian military intelligence, the GRU — had implanted malware in an Android mobile phone application used by anti-Russian forces operating in eastern Ukraine.
Dmitri Alperovitch, the co-founder and chief technology officer of CrowdStrike, said it had concluded that the hackers who installed the malware were the same perpetrators of the hack that siphoned the DNC emails and penetrated the personal email account of John Podesta, who was the campaign manager for Hillary Clinton.
Identifying the perpetrators of cyber intrusions is notoriously difficult as sophisticated attackers can conceal their identity or make it appear that other parties are behind the activity. But Mr Alperovitch said his confidence level that the DNC hack was the work of the GRU had risen from “medium” to “high” because of the actions that appeared to occur in eastern Ukraine from 2014 to 2016.
The emergence of more evidence pointing to Russian hacking in the US comes as Donald Trump, the president-elect, continues to dismiss as “ridiculous” suggestions from the CIA and other US intelligence agencies that the Kremlin orchestrated cyber attacks in the US to interfere with the US election.
Several US congressional committees are probing the attacks, which President Barack Obama has blamed on the Russians. “My hope is that the president-elect is going to similarly be concerned with making sure that we don’t have potential foreign influence in our election process,” Mr Obama said last week in his final press conference of 2016.
Mr Obama has also ordered an investigation, which will be finished before he leaves office, into the hacks. Asked whether he believed Mr Putin had personally authorised the hacking, the president responded: “I’d make a larger point, which is, not much happens in Russia without Vladimir Putin. This is a pretty hierarchical operation.”
According to CrowdStrike, the hackers installed malware in an Android-based mobile phone application, which a Ukrainian officer had developed to improve the targeting of Soviet-era D-30 Howitzer artillery guns. The firm said the deployment of the Fancy Bear malware may have helped reconnaissance against Ukrainian forces.
“The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Uk