Tech Translation: Decoding GRIZZLY STEPPE | The Odyssey Online
Start writing a post
Lifestyle

Tech Translation: Decoding GRIZZLY STEPPE

How Russia influenced the election of the century.

Peter Mulroe
Jan 11, 2017
Caldwell, New Jersey
50
Tech Translation: Decoding GRIZZLY STEPPE
Peter Mulroe

Russia hacked the 2016 presidential election.

It was made fact on December 29th by a Joint Analysis Report (JAR) released by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

This JAR elaborates on the strategies and tools used by Russian civilian and military intelligence services (RIS) to compromise the election. It's the explanation to the Joint Statement released on October 7th, 2016 from DHS and the Director of National Intelligence on Election Security.

It even has a pretty badass name: GRIZZLY STEPPE .

Shortly after being made publicly available an old friend of mine shared the link to Facebook. Obviously, I had to click.

Good news: It's only 13 pages.

Bad news: It reads like wet newspaper and is illustrated with fugly swimlane diagrams.

Thankfully this is Tech Translation, so let's explain it! I even took the liberty of making a cooler cover photo for the report.

Class is now in session.

The Short Explanation

Since the summer of 2015, two separate RIS groups did three major things:

1. Hack and control other legitimate sites, computers and accounts around the world. These machines did the dirty work while keeping their real identities and locations hidden.

2. Dupe targets with fake websites or bad links disguised with URL shorteners (like bit.ly) to steal login information or install remote access tools (RATs) for back doors into party systems.

3. Analyze initial information to craft even more convincing spearphishing messages to senior party members. This is the 'leaked' information we've been seeing on the news.

Phishing is the term for tricking people out of their information online. I actually cover it in more detail in another article. It becomes spearphishing when there's a list of specific targets.

According to the report, "at least one" regretful slob actually clicked to open Pandora's box. That's all it takes.

Imagine a virus that hides from your immune system and can make you sneeze on command to spread further. That's hacker malware; designed to operate and spread automatically while leaving no obvious digital evidence.

RIS groups successfully exploited both mechanical and human flaws to achieve their goal of disrupting our election.

So what if the election is over? There's no reason for them to just stop.

Everything Else In The JAR

This is obviously a complex, ongoing issue that deserves more than 13 pages. Not all security buffs are stoked on this report. There isn't much declassified data to sink their teeth into.

They do provide two lists of best practices and mitigation strategies. Let's see what professional security entails.

Best Practices (Translated)

1. Backups - Are there at least two copies of everything? No such thing as too much redundancy.

2. Risk Analysis - What are your digital assets? How critical to the business are they? How badly do others want to steal this? Things like that.

3. Staff training - This is critically important for any business, but especially government offices. Hackers prey on ignorance. In many cases, it really comes down to not clicking on that one link.

4. Vulnerability Scanning & Patching - As people have more time to poke around existing coding languages and software, backdoors and flaws are revealed. It's a game of cat and mouse. If White Hat (lawful) hackers find it first, a fix can be made and distributed. If Black Hat (criminal) hackers find it first... well we've seen the headlines.

5. Application Whitelist - this is a common security practice. Basically, only software that is specifically approved can be used. All other programs are automatically blocked.

6. Incident Response - Misleading because 95% of the work is in the preparation. Being able to quickly detect and eliminate criminal software or users is key. The stealthiest can exist undetected for years like barnacles, quietly siphoning out information.

7. Business Continuity - If the plug has to get pulled on key business infrastructure or information, can things continue on as normal? Having backups makes this easier.

8. Penetration Testing - Calm down boys. This just means hiring White Hat hackers to try and break in. These skills are in high demand right now to keep the good guys one step ahead.

Mitigation Strategies (Translated)

1. Software Patches - As I've explained in another article, a lot of updates are security fixes.

2. Application Whitelist - See above.

3. Restrict Admin Privileges - Don't give one person all the keys. A top goal for hackers is to take over an important account. Limit access privileges to only what is directly necessary for the job.

4. Network Security Zones - Like big digital doors that close to keep the fire contained.

5. Input Sanitation - Let's say a hacker types this (extremely fake) code command into the "Name" box of a contact form: C#:hack_the_world.exe. If the input is not "sanitized", the command could actually be run inside the system instead of being a name only C3-PO could love.

6. Firewalls - Not to be confused with antivirus, firewalls automatically block all internet traffic except what's permitted by specific rules. Kinda like whitelisting, it's easier to just block everything and have a short approval list.

That's all folks. The few remaining pages have response strategies for more specific corporate needs. I'm already over my word count here. Sorry Victoria.

Thanks for reading! Stay tuned for more #GRIZZLYSTEPPE coverage.

Leave a comment or reach out on social media to discuss with me.

@pjmulroe #MakeSecurityGreatAgain

Report this Content
This article has not been reviewed by Odyssey HQ and solely reflects the ideas and opinions of the creator.
Student Life

11 College Misconceptions Every Incoming Freshman Needs To Know

Think of everything that you've heard about college... and completely forget it.

Ohio University
2348
Helen Horton and friends
Helen Horton

College is a crazy, beautiful, amazing whirlwind. It is highly popularized in television and movies, but not necessarily in the most accurate way. Yes, there's frats, dingy dorms, raging house parties—but there's also a lot that people fail to mention.

1. If you thought that you knew how to study, you're wrong.

All of your classes aren't taught every day, so professors aren't on your case constantly about reading and memorizing material. Once you get back that "questionable" first exam grade, you'll kick it into high gear and figure out what works for you

Keep Reading...Show less
freshman advice
Relationships

18 Things Your Mom Does

Moms: the only reason voicemail still exists.

Appalachian State University
1680
woman in black turtleneck shirt smiling beside woman in black shirt
Photo by leah hetteberg on Unsplash

Your mom: you can't live with her, but you can't live without her. You love your mom, but she is insanely predictable. Here is a list of things your mom has probably done.

Keep Reading...Show less
moms
Lifestyle

9 Things Only Girls With Bleached Hair Will Understand

Blonde hair, don't care!

Endicott College
1366
Girl With Bleached Hair
Tumblr

I've been a bleach blonde for over a year now, and let me tell you, it is a lifestyle. More hair appointments, longer showers, and special shampoo. But it is totally worth it!

1. Mentally preparing yourself to convince your hair dresser that white is the way to go.

2. Or the anxiety of what could go wrong by bleaching your hair at home.

3. You could either become a ginger

4. Or a pixie

5. The face you make in the mirror when you take off your towel to unveil the perfect white strands.

6. Taking a million selfies the day you bleached it, because you know your roots will be back in literally 2 days.

7. Having to get bangs or a big chop because your hair is so damaged.

8. Having orange highlights in between touch-ups.

9. Going out for a drink afterwards to debut your updated look.

Runway Model Sashay GIFfrom Runway Model GIFs

Despite the struggles, you love your platinum blonde hair! You make sure Instagram knows it, too. You don't need a filter, because the color is flawless by itself!

bleaching hair
Entertainment

10 Things About Finals Week

As told by "Parks and Recreation" GIFs.

University of Georgia
302
Parks and Recreation
The Playlist

Finals: just thinking about them gives you anxiety. Only two weeks separate you from summer, but they're the longest of the semester. There's a familiarity to this season, now that you have had so many testing cycles under your belt. But that doesn't quell the ever present stress to pass your finals and your classes. Even better, as a package deal during these wonderful weeks, you get to wake up early to study and you get to take exams that can begin anytime from 7 A.M. to 7 P.M. Now that we have established that this week is not fun, here are some super relatable moments that punctuate finals week.

Keep Reading...Show less
finals week
Student Life

10 Little White Lies You Tell Your Parents In College

"Uh? Eating? Am I Eating? Yeah..."

University of Utah
1482
girl partying
HeyMIkeyATL

I've been at this college thing for almost three and a half years, and while I thought that high school was truly the lowest point of my existence, I'm beginning to realize that it was a walk in the park. Like, I miss the days when the biggest white lie I told my parents was my made up excuse about being late for fourth period. These days, the white lies are a tad more complex, and as ashamed as I am to admit it, I've definitely told a few of these.

Keep Reading...Show less
white lies

Trending Topics

Subscribe to Our Newsletter

Facebook Comments