Tech Translation: Decoding GRIZZLY STEPPE | The Odyssey Online
Start writing a post
Lifestyle

Tech Translation: Decoding GRIZZLY STEPPE

How Russia influenced the election of the century.

50
Tech Translation: Decoding GRIZZLY STEPPE
Peter Mulroe

Russia hacked the 2016 presidential election.

It was made fact on December 29th by a Joint Analysis Report (JAR) released by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).

This JAR elaborates on the strategies and tools used by Russian civilian and military intelligence services (RIS) to compromise the election. It's the explanation to the Joint Statement released on October 7th, 2016 from DHS and the Director of National Intelligence on Election Security.

It even has a pretty badass name: GRIZZLY STEPPE .

Shortly after being made publicly available an old friend of mine shared the link to Facebook. Obviously, I had to click.

Good news: It's only 13 pages.

Bad news: It reads like wet newspaper and is illustrated with fugly swimlane diagrams.

Thankfully this is Tech Translation, so let's explain it! I even took the liberty of making a cooler cover photo for the report.

Class is now in session.


The Short Explanation

Since the summer of 2015, two separate RIS groups did three major things:

1. Hack and control other legitimate sites, computers and accounts around the world. These machines did the dirty work while keeping their real identities and locations hidden.

2. Dupe targets with fake websites or bad links disguised with URL shorteners (like bit.ly) to steal login information or install remote access tools (RATs) for back doors into party systems.

3. Analyze initial information to craft even more convincing spearphishing messages to senior party members. This is the 'leaked' information we've been seeing on the news.

Phishing is the term for tricking people out of their information online. I actually cover it in more detail in another article. It becomes spearphishing when there's a list of specific targets.

According to the report, "at least one" regretful slob actually clicked to open Pandora's box. That's all it takes.

Imagine a virus that hides from your immune system and can make you sneeze on command to spread further. That's hacker malware; designed to operate and spread automatically while leaving no obvious digital evidence.

RIS groups successfully exploited both mechanical and human flaws to achieve their goal of disrupting our election.

So what if the election is over? There's no reason for them to just stop.

Everything Else In The JAR

This is obviously a complex, ongoing issue that deserves more than 13 pages. Not all security buffs are stoked on this report. There isn't much declassified data to sink their teeth into.

They do provide two lists of best practices and mitigation strategies. Let's see what professional security entails.

Best Practices (Translated)

1. Backups - Are there at least two copies of everything? No such thing as too much redundancy.

2. Risk Analysis - What are your digital assets? How critical to the business are they? How badly do others want to steal this? Things like that.

3. Staff training - This is critically important for any business, but especially government offices. Hackers prey on ignorance. In many cases, it really comes down to not clicking on that one link.

4. Vulnerability Scanning & Patching - As people have more time to poke around existing coding languages and software, backdoors and flaws are revealed. It's a game of cat and mouse. If White Hat (lawful) hackers find it first, a fix can be made and distributed. If Black Hat (criminal) hackers find it first... well we've seen the headlines.

5. Application Whitelist - this is a common security practice. Basically, only software that is specifically approved can be used. All other programs are automatically blocked.

6. Incident Response - Misleading because 95% of the work is in the preparation. Being able to quickly detect and eliminate criminal software or users is key. The stealthiest can exist undetected for years like barnacles, quietly siphoning out information.

7. Business Continuity - If the plug has to get pulled on key business infrastructure or information, can things continue on as normal? Having backups makes this easier.

8. Penetration Testing - Calm down boys. This just means hiring White Hat hackers to try and break in. These skills are in high demand right now to keep the good guys one step ahead.

Mitigation Strategies (Translated)

1. Software Patches - As I've explained in another article, a lot of updates are security fixes.

2. Application Whitelist - See above.

3. Restrict Admin Privileges - Don't give one person all the keys. A top goal for hackers is to take over an important account. Limit access privileges to only what is directly necessary for the job.

4. Network Security Zones - Like big digital doors that close to keep the fire contained.

5. Input Sanitation - Let's say a hacker types this (extremely fake) code command into the "Name" box of a contact form: C#:hack_the_world.exe. If the input is not "sanitized", the command could actually be run inside the system instead of being a name only C3-PO could love.

6. Firewalls - Not to be confused with antivirus, firewalls automatically block all internet traffic except what's permitted by specific rules. Kinda like whitelisting, it's easier to just block everything and have a short approval list.

That's all folks. The few remaining pages have response strategies for more specific corporate needs. I'm already over my word count here. Sorry Victoria.

Thanks for reading! Stay tuned for more #GRIZZLYSTEPPE coverage.

Leave a comment or reach out on social media to discuss with me.

@pjmulroe #MakeSecurityGreatAgain

Report this Content
This article has not been reviewed by Odyssey HQ and solely reflects the ideas and opinions of the creator.
10 things that happen the second Thanksgiving is over
reference.com

To those who celebrate, you just spent an entire day cooking an elaborate meal with all of your favorite foods. You probably ate your body weight in pumpkin pie and mashed potatoes. What happens now? Oh yea, Christmas. It’s time to take out all of the decorations and Christmas themed things that have been sitting in the attic since last year; it’s time to make a reappearance. So, here are 10 things that happen the second Thanksgiving is over.

Keep Reading...Show less
Adulting

18 Things I Want To Do Now That I'm 18

I'm technically an adult, so I'm legally required to live a little, right?

3400
Happy Birthday Cake

For the entirety of my high school career, I was always seen as the goody-two-shoes. I never got in trouble with a teacher, I kept stellar grades, and when I wasn't doing extracurricular activities, I was at home studying. Even when I did go out, it was usually with a bunch of fellow band geeks. The night would end before 11:00 PM and the only controversial activity would be a fight based on who unfairly won a round of Apples-to-Apples when someone else clearly had a better card (I promise I'm not still holding a grudge).

Now that I'm officially an adult, I want to pursue some new things. I want to experience life in a way that I never allowed myself to do prior to entering college. These are the years that I'm supposed to embark on a journey of self-discovery, so what better way to do that than to create a bucket list?

Keep Reading...Show less
Featured

10 Life Lessons from Christmas Classics

The holiday classics that shaped my life

2060
10 Life Lessons from Christmas Classics
Flickr

The holiday season is full of stress, debt, and forced conversation. While we rush through the month of December, it's important to take a step back and enjoy the moments before they're gone. Most families love to watch Christmas movies, but these beloved films provide more than entertainment. Here are 10 life lessons that I've learned from the holiday classics we watch every year.

Keep Reading...Show less
Featured

15 Mind-Bending Riddles

Hopefully they will make you laugh.

201377
 Ilistrated image of the planet and images of questions
StableDiffusion

I've been super busy lately with school work, studying, etc. Besides the fact that I do nothing but AP chemistry and AP economics, I constantly think of stupid questions that are almost impossible to answer. So, maybe you could answer them for me, and if not then we can both wonder what the answers to these 15 questions could be.

Keep Reading...Show less
Entertainment

Most Epic Aurora Borealis Photos: October 2024

As if May wasn't enough, a truly spectacular Northern Lights show lit up the sky on Oct. 10, 2024

21670
stunning aurora borealis display over a forest of trees and lake
StableDiffusion

From sea to shining sea, the United States was uniquely positioned for an incredible Aurora Borealis display on Thursday, Oct. 10, 2024, going into Friday, Oct. 11.

It was the second time this year after an historic geomagnetic storm in May 2024. Those Northern Lights were visible in Europe and North America, just like this latest rendition.

Keep Reading...Show less

Subscribe to Our Newsletter

Facebook Comments