Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

7/20/2018
10:40 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

DOJ Will Now Alert US Public to Foreign Interference, Attacks

This week, the Justice Department released a new report on cyber attacks targeting US companies and institutions, and officials now plan to issue alerts to the American public.

In the wake of indictments earlier this month that charged a dozen Russian nationals with trying to interfere with the US election process, the Justice Department is now planning to alert the American public and institutions to cyber threats from outside the country.

At the Aspen Security Forum on July 19, Deputy Attorney General Rod Rosenstein announced the updated policy while unveiling a report commissioned by the DOJ on the threats that cyber attacks pose to US citizens and institutions.

The report was developed by the DOJ's Cyber-Digital Task Force.

In the report, officials describe six different types of cyber attacks that represent the greatest threats to the US. These include:

  • Direct threats to computer systems and networks, including Distributed Denial of Service Attacks (DDoS) and ransomware
  • Data theft, including stealing personal identification and intellectual property
  • Cyber-enabled fraud schemes
  • Threats to personal privacy, including blackmail and harassment
  • Attacks on critical infrastructure, such as nuclear power plants and the nation's electrical grid
  • Finally, what the task force refers to as "malign foreign influence operations"

"Elections provide an attractive opportunity for foreign influence campaigns to undermine our political processes," Rosenstein said on Thursday. "According to the intelligence community assessment, foreign interference in the 2016 election 'demonstrated a significant escalation in directness, level of activity, and scope of effort compared to previous operations.'"

The report and Rosenstein's remarks follow a week of announcements surrounding what appears to be Russia's desire to interfere in and influence the 2016 presidential election.

On July 13, the DOJ announced the indictment of 12 Russian nationals, charging them with hacking into the Hillary Clinton campaign, as well as the Democratic National Committee, and stealing information that was later made public. (See 12 Russian Nationals Indicted in 2016 Hacking of DNC, Clinton Campaign.)

The topic of Russian interference and hacking was part of the talks between President Donald Trump and Vladimir Putin in Finland. When Trump was first asked whether Russian interfered, he appeared to say it was unlikely that it happened. He then appeared to agree with assessments from US intelligence agencies that Russian spies did play a part.


Boost your understanding of new cybersecurity approaches at Light Reading's Automating Seamless Security event on October 17 in Chicago! Service providers and enterprise receive FREE passes. All others can save 20% off passes using the code LR20 today!

Finally, the DOJ arrested and indicted a woman who is accused of working for Russian intelligence and trying to influence groups such as the National Rifle Association.

With this as the backdrop, the DOJ now plans to better notify individual citizens, US institutions, as well as enterprises, if a foreign government is targeting them as part of a cyber attack. The Justice Department is also considering whether to implement new statutes to help prosecute the people behind the attacks.

"The policy reflects an effort to articulate neutral principles so that when the issue the government confronted in 2016 arises again -- as it surely will -- there will be a framework to address it," Rosenstein said.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4931
PUBLISHED: 2021-02-24
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.
CVE-2020-11987
PUBLISHED: 2021-02-24
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
CVE-2020-11988
PUBLISHED: 2021-02-24
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
CVE-2021-21974
PUBLISHED: 2021-02-24
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in...
CVE-2021-22667
PUBLISHED: 2021-02-24
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).