Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years
Motherboard ^ | 04/04/2016 | Lorenzo Franceschi-Bicchierai

Posted on 04/12/2016 2:26:50 PM PDT by unixfox

The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.

The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers, widely believed to be working for the Chinese government, had for more than a year infiltrated the computer systems of the Office of Personnel Management, or OPM. In the process, they stole highly sensitive data about several millions of government workers and even spies.

In the alert, the FBI lists a long series of websites used as command and control servers to launch phishing attacks “in furtherance of computer network exploitation (CNE) activities [read: hacking] in the United States and abroad since at least 2011.”

Domains controlled by the hackers were “suspended” as of late December 2015, according to the alert, but it’s unclear if the hackers have been pushed out or they are still inside the hacked networks.

“Anybody who’s been in that network all this long, they could be anywhere and everywhere.”

“Looks like they were in for years before they were caught, god knows where they are,” Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, and who has reviewed the alert, told Motherboard. “Anybody who’s been in that network all this long, they could be anywhere and everywhere.”

For Adams, this alert shows that the US government still is not in control of what’s going on inside its most sensitive networks. This alert, he said, is an admission of that.

“It’s just flabbergasting,” he told me. “How many times can this keep happening before we finally realize we’re screwed?”

The FBI wouldn’t comment on the alert, only saying that it was just another example of a routine notice to private partners, “provided in order to help systems administrators guard against the actions of persistent cyber criminals.”

This group of “persistent cyber criminals” is especially persistent. The group is none other than the “APT6” hacking group, according to sources within the antivirus and threat intelligence industry. There isn’t much public literature about the group, other than a couple of old reports, but APT6, which stand for Advanced Persistent Threat 6, is a codename given to a group believed to be working for the Chinese government.

“This is one of the earlier APTs, they definitely go back further than 2011 [...] more like 2008.”

“This is one of the earlier APTs, they definitely go back further than 2011 or whatever—more like 2008 I believe,” Kurt Baumgartner, a researcher at the Russian security firm Kaspersky Lab, told me. (Baumgartner declined to say whether the group was Chinese or not, but said its targets align with the interest of a state-sponsored attacker.)

Kyrk Storer, a spokesperson with FireEye, confirmed that the domains listed in the alert “were associated with APT6 and one of their malware backdoors,” and that the hackers “targeted the US and UK defense industrial base.”

APT6 is ”likely a nation-state sponsored group based in China,” according to FireEye, which ”has been dormant for the past several years.”

Another researcher at a different security company, who spoke on condition of anonymity because he wasn’t authorized to speak publicly about the hacker’s activities, said this was the “current campaign of an older group,” and said there “likely” was an FBI investigation ongoing. (Several other security companies declined to comment for this story.)

At this point, it’s unclear whether the FBI’s investigation will lead to any concrete result. But two years after the US government charged five Chinese military members for hacking US companies, it’s clear hackers haven’t given up attacking US targets. --


TOPICS: Canada; Crime/Corruption; Government; Russia; US: Arkansas; US: Nevada; US: New York; US: South Carolina; US: Texas; War on Terror
KEYWORDS: 2008; 2011; 201512; 2016election; apartment6; apt6; arkansas; benghazi; blackberry; canada; clintoncash; clintonfoundation; cybersecurity; cyberwar; cyberwarfare; domains; election2016; fbi; hackers; hacking; hillary; hillaryclinton; hitlery; humaabedin; iran; kurtbaumgartner; libya; newyork; opm; pages; peterschweizer; russia; southcarolina; treygowdy; trollfarm; uranium; waronterror; wipewater
Navigation: use the links below to view more comments.
first previous 1-2021-4041-50 next last
To: unixfox
This is one of the earlier APTs, they definitely go back further than 2011 or whatever—more like 2008

More precisely, to the very day Obama set up the so-called 'office of the president elect' on November 5th...

21 posted on 04/12/2016 2:57:30 PM PDT by null and void ("when authority began inspiring contempt, it had stopped being authority" ~ H. Beam Piper)
[ Post Reply | Private Reply | To 1 | View Replies]

To: unixfox

Well, isn’t that special. Everything Hillary gave to our enemies on her private server was already known by our enemies. Therefore, no foul. No harm.


22 posted on 04/12/2016 2:58:02 PM PDT by VerySadAmerican (Never held a job in the private sector;never met a payroll,never created a job - CRUZ! Conservative!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Major Matt Mason

They are getting a cut of the action.


23 posted on 04/12/2016 2:59:55 PM PDT by Shady (We are at war again......this time for our lives...)
[ Post Reply | Private Reply | To 4 | View Replies]

To: CharlesOConnell
So, maybe we can get Hillary’s redactions from them.

I had a Russian FReeper ask the FSB for files on obama's birth.

No dice, got back a nice form letter that said, in essence, not our problem, ask the American FBI...

24 posted on 04/12/2016 3:02:33 PM PDT by null and void ("when authority began inspiring contempt, it had stopped being authority" ~ H. Beam Piper)
[ Post Reply | Private Reply | To 14 | View Replies]

To: unixfox

It’s okay though. Nothing more than carelessness.


25 posted on 04/12/2016 3:05:50 PM PDT by Cboldt
[ Post Reply | Private Reply | To 1 | View Replies]

To: unixfox

Honestly, these days you sometimes wonder...

...am I more worried about those without legal access...

...or those with it?

26 posted on 04/12/2016 3:07:14 PM PDT by DoughtyOne (Hey Ted, why are you taking one for the RNC/GOPe team, and not ours? Not that we don't know.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Major Matt Mason

My thoughts too...did they hack or were they given access to the agencies drop box accounts?


27 posted on 04/12/2016 3:11:31 PM PDT by kevslisababy
[ Post Reply | Private Reply | To 4 | View Replies]

To: unixfox
“Anybody who’s been in that network all this long, they could be anywhere and everywhere.”

Check Hillary's bathrooms.

28 posted on 04/12/2016 3:13:32 PM PDT by BlatherNaut
[ Post Reply | Private Reply | To 1 | View Replies]

To: VerySadAmerican

And she walks, and continues to RUN.
My thoughts exactly.


29 posted on 04/12/2016 3:16:17 PM PDT by 5th MEB (Progressives in the open; --- FIRE FOR EFFECT!!)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Darth Reardon
Was it NCIS:LA the other night where they had to go into the datacenter to access an air-gapped server, then sent the agents data from that server via email?

They did it on Elementary this last weekend. Sent data to the NSA.

30 posted on 04/12/2016 3:18:30 PM PDT by IYAS9YAS (I got nothin'.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: unixfox

and setting up literal retards to be fall guys in “we caught a terra-ist herr derr” photo-ops


31 posted on 04/12/2016 3:19:18 PM PDT by thoughtomator
[ Post Reply | Private Reply | To 6 | View Replies]

To: Major Matt Mason

> Did they hack, or were they allowed in?

So, the Clintons really raked in a ton of money haven’t they?


32 posted on 04/12/2016 3:20:15 PM PDT by thoughtomator
[ Post Reply | Private Reply | To 4 | View Replies]

To: detective

“We need an outsider to come in and clean out the traitors, liars and thieves.”

That’s why the GOPe, in bed with the Dems want to stop Trump, because he is exactly the outsider who would clean up the place.


33 posted on 04/12/2016 3:20:35 PM PDT by Innovative ("Winning isn't everything, it's the only thing." -- Vince Lombardi)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Paine in the Neck

“It’s not fascism when we do it!”


34 posted on 04/12/2016 3:25:41 PM PDT by sheik yerbouty ( Make America and the world a jihad free zone!)
[ Post Reply | Private Reply | To 11 | View Replies]

To: unixfox

The FBI? Nothing says instant bllsht like those three letters.

In about 24 hours look for legislative calls for MAC address licensing and registration, per device internet access registration, mandatory IPV6 only access with every frame containing signed geo-tagged PII - all for national security reasons of course...

This is in addition to the FBI’s calls for backdoor access to everything and weak encryption.

Just one of the many benefits for a totalitarian State that runs ISIS. The gift that keeps on giving.


35 posted on 04/12/2016 3:30:30 PM PDT by Mr. M.J.B.
[ Post Reply | Private Reply | To 1 | View Replies]

To: proust

Bbb


36 posted on 04/12/2016 3:31:17 PM PDT by thinden
[ Post Reply | Private Reply | To 2 | View Replies]

To: unixfox

When Obama won, in November 2008, my first thought was ‘ now all our enemies will know all our secrets’. Why is anyone surprised by this info??


37 posted on 04/12/2016 3:37:30 PM PDT by originalbuckeye ("In a time of universal deceit, telling the truth is a revolutionary act." - George Orwell)
[ Post Reply | Private Reply | To 1 | View Replies]

To: unixfox

Who was a first term president when this hacking was discovered?

“In the alert, the FBI lists a long series of websites used as command and control servers to launch phishing attacks “in furtherance of computer network exploitation (CNE) activities [read: hacking] in the United States and abroad since at least 2011.”

Domains controlled by the hackers were “suspended” as of late December 2015, according to the alert, but it’s unclear if the hackers have been pushed out or they are still inside the hacked networks.”

What president ran successfully for his second term as this news was not released?

The answer is the same for both questions.


38 posted on 04/12/2016 3:39:12 PM PDT by Grampa Dave (When The Ballot Box No Longer Counts, The Ammo Box Does! What's In Your Ammo Box?(US Conservative)!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: CharlesOConnell

BOL! Thanks for posting the same thought that I had!:

“So, maybe we can get Hillary’s redactions from them.”


39 posted on 04/12/2016 3:41:22 PM PDT by Grampa Dave (When The Ballot Box No Longer Counts, The Ammo Box Does! What's In Your Ammo Box?(US Conservative)!)
[ Post Reply | Private Reply | To 14 | View Replies]

To: null and void

Bingo!

This is one of the earlier APTs, they definitely go back further than 2011 or whatever—more like 2008
More precisely, to the very day Obama set up the so-called ‘office of the president elect’ on November 5th...


40 posted on 04/12/2016 3:43:37 PM PDT by Grampa Dave (When The Ballot Box No Longer Counts, The Ammo Box Does! What's In Your Ammo Box?(US Conservative)!)
[ Post Reply | Private Reply | To 21 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-50 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson