Tech Translation: Decoding GRIZZLY STEPPE | The Odyssey Online
Start writing a post
Lifestyle

Tech Translation: Decoding GRIZZLY STEPPE

How Russia influenced the election of the century.

50
Tech Translation: Decoding GRIZZLY STEPPE
Peter Mulroe

Russia hacked the 2016 presidential election.

It was made fact on December 29th by a Joint Analysis Report (JAR) released by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

This JAR elaborates on the strategies and tools used by Russian civilian and military intelligence services (RIS) to compromise the election. It's the explanation to the Joint Statement released on October 7th, 2016 from DHS and the Director of National Intelligence on Election Security.

It even has a pretty badass name: GRIZZLY STEPPE .

Shortly after being made publicly available an old friend of mine shared the link to Facebook. Obviously, I had to click.

Good news: It's only 13 pages.

Bad news: It reads like wet newspaper and is illustrated with fugly swimlane diagrams.

Thankfully this is Tech Translation, so let's explain it! I even took the liberty of making a cooler cover photo for the report.

Class is now in session.


The Short Explanation

Since the summer of 2015, two separate RIS groups did three major things:

1. Hack and control other legitimate sites, computers and accounts around the world. These machines did the dirty work while keeping their real identities and locations hidden.

2. Dupe targets with fake websites or bad links disguised with URL shorteners (like bit.ly) to steal login information or install remote access tools (RATs) for back doors into party systems.

3. Analyze initial information to craft even more convincing spearphishing messages to senior party members. This is the 'leaked' information we've been seeing on the news.

Phishing is the term for tricking people out of their information online. I actually cover it in more detail in another article. It becomes spearphishing when there's a list of specific targets.

According to the report, "at least one" regretful slob actually clicked to open Pandora's box. That's all it takes.

Imagine a virus that hides from your immune system and can make you sneeze on command to spread further. That's hacker malware; designed to operate and spread automatically while leaving no obvious digital evidence.

RIS groups successfully exploited both mechanical and human flaws to achieve their goal of disrupting our election.

So what if the election is over? There's no reason for them to just stop.

Everything Else In The JAR

This is obviously a complex, ongoing issue that deserves more than 13 pages. Not all security buffs are stoked on this report. There isn't much declassified data to sink their teeth into.

They do provide two lists of best practices and mitigation strategies. Let's see what professional security entails.

Best Practices (Translated)

1. Backups - Are there at least two copies of everything? No such thing as too much redundancy.

2. Risk Analysis - What are your digital assets? How critical to the business are they? How badly do others want to steal this? Things like that.

3. Staff training - This is critically important for any business, but especially government offices. Hackers prey on ignorance. In many cases, it really comes down to not clicking on that one link.

4. Vulnerability Scanning & Patching - As people have more time to poke around existing coding languages and software, backdoors and flaws are revealed. It's a game of cat and mouse. If White Hat (lawful) hackers find it first, a fix can be made and distributed. If Black Hat (criminal) hackers find it first... well we've seen the headlines.

5. Application Whitelist - this is a common security practice. Basically, only software that is specifically approved can be used. All other programs are automatically blocked.

6. Incident Response - Misleading because 95% of the work is in the preparation. Being able to quickly detect and eliminate criminal software or users is key. The stealthiest can exist undetected for years like barnacles, quietly siphoning out information.

7. Business Continuity - If the plug has to get pulled on key business infrastructure or information, can things continue on as normal? Having backups makes this easier.

8. Penetration Testing - Calm down boys. This just means hiring White Hat hackers to try and break in. These skills are in high demand right now to keep the good guys one step ahead.

Mitigation Strategies (Translated)

1. Software Patches - As I've explained in another article, a lot of updates are security fixes.

2. Application Whitelist - See above.

3. Restrict Admin Privileges - Don't give one person all the keys. A top goal for hackers is to take over an important account. Limit access privileges to only what is directly necessary for the job.

4. Network Security Zones - Like big digital doors that close to keep the fire contained.

5. Input Sanitation - Let's say a hacker types this (extremely fake) code command into the "Name" box of a contact form: C#:hack_the_world.exe. If the input is not "sanitized", the command could actually be run inside the system instead of being a name only C3-PO could love.

6. Firewalls - Not to be confused with antivirus, firewalls automatically block all internet traffic except what's permitted by specific rules. Kinda like whitelisting, it's easier to just block everything and have a short approval list.

That's all folks. The few remaining pages have response strategies for more specific corporate needs. I'm already over my word count here. Sorry Victoria.

Thanks for reading! Stay tuned for more #GRIZZLYSTEPPE coverage.

Leave a comment or reach out on social media to discuss with me.

@pjmulroe #MakeSecurityGreatAgain

Report this Content
This article has not been reviewed by Odyssey HQ and solely reflects the ideas and opinions of the creator.
Featured

15 Mind-Bending Riddles

Hopefully they will make you laugh.

184861
 Ilistrated image of the planet and images of questions
StableDiffusion

I've been super busy lately with school work, studying, etc. Besides the fact that I do nothing but AP chemistry and AP economics, I constantly think of stupid questions that are almost impossible to answer. So, maybe you could answer them for me, and if not then we can both wonder what the answers to these 15 questions could be.

Keep Reading...Show less
Entertainment

Most Epic Aurora Borealis Photos: October 2024

As if May wasn't enough, a truly spectacular Northern Lights show lit up the sky on Oct. 10, 2024

11190
stunning aurora borealis display over a forest of trees and lake
StableDiffusion

From sea to shining sea, the United States was uniquely positioned for an incredible Aurora Borealis display on Thursday, Oct. 10, 2024, going into Friday, Oct. 11.

It was the second time this year after an historic geomagnetic storm in May 2024. Those Northern Lights were visible in Europe and North America, just like this latest rendition.

Keep Reading...Show less
 silhouette of a woman on the beach at sunrise
StableDiffusion

Content warning: This article contains descriptions of suicide/suicidal thoughts.

When you are feeling down, please know that there are many reasons to keep living.

Keep Reading...Show less
Relationships

Power of Love Letters

I don't think I say it enough...

455235
Illistrated image of a letter with 2 red hearts
StableDiffusion

To My Loving Boyfriend,

  • Thank you for all that you do for me
  • Thank you for working through disagreements with me
  • Thank you for always supporting me
  • I appreciate you more than words can express
  • You have helped me grow and become a better person
  • I can't wait to see where life takes us next
  • I promise to cherish every moment with you
  • Thank you for being my best friend and confidante
  • I love you and everything you do

To start off, here's something I don't say nearly enough: thank you. Thank you, thank you, thank you from the bottom of my heart. You do so much for me that I can't even put into words how much I appreciate everything you do - and have done - for me over the course of our relationship so far. While every couple has their fair share of tiffs and disagreements, thank you for getting through all of them with me and making us a better couple at the other end. With any argument, we don't just throw in the towel and say we're done, but we work towards a solution that puts us in a greater place each day. Thank you for always working with me and never giving up on us.

Keep Reading...Show less
Lifestyle

11 Signs You Grew Up In Hauppauge, NY

Because no one ever really leaves.

24940
Map of Hauppauge, New York
Google

Ah, yes, good old Hauppauge. We are that town in the dead center of Long Island that barely anyone knows how to pronounce unless they're from the town itself or live in a nearby area. Hauppauge is home to people of all kinds. We always have new families joining the community but honestly, the majority of the town is filled with people who never leave (high school alumni) and elders who have raised their kids here. Around the town, there are some just some landmarks and places that only the people of Hauppauge will ever understand the importance or even the annoyance of.

Keep Reading...Show less

Subscribe to Our Newsletter

Facebook Comments