A great thing about hacking, if you’re Vladimir Putin, is it’s so hard to prove. Just look at the recent “NotPetya” attacks that fried computers in the Ukraine and around the world: It’s two weeks later and still there’s no consensus among security experts if responsibility lies with Russia, vigilante hackers, or someone else.
This attribution issue offers tactical advantages for the Kremlin such as letting Russia use hacking to make mischief in ways that are even more subtle than its assassins’ signature polonium tea. But hacking also lets Russia further its strategic goal of spreading “dezinformatsiya.”
As the New York Times explained last summer, “The fundamental purpose of dezinformatsiya, or Russian disinformation, experts said, is to undermine the official version of events — even the very idea that there is a true version of events — and foster a kind of policy paralysis.”
Hacking is an ideal vehicle for “dezinformatsiya” because in many cases it really is hard to establish a “true version of events.” And in a stroke of good fortune for the Russians, the U.S. has elected a President who seems to believe, when it comes to cyber attribution, that hard is the same as impossible.
“Nobody really knows,” President Trump said in Poland this week, casting doubt on whether Russia had indeed meddled in the U.S. electoral process. He made the statement despite stacks of intelligence reports that the Kremlin did exactly that, and even though Congressional leaders from both parties don’t dispute the meddling either.
Trump’s behavior amounts to a kind of intellectual nihilism that holds that, if even a few people deny a fact, it’s impossible to say it’s true. By this logic, we should also respect those who say 9/11 was an inside job, the moon landing was staged and creationism is real. Except that those people are flat-out wrong—and so is Trump when it comes to Russia’s election hacking.
But for Putin, the former KGB man, Trump’s eagerness to dive down Russia’s rabbit holes of lies and doubt (on display again in the screwy statements that followed Trump and Putin’s two-hour meeting) are a giant strategic success. Russia’s dezinformatsiya campaign couldn’t be going any better.
Jeff John Roberts
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Apple’s bug bounty a bust: It turns out $200,000 isn’t enough. That’s the top amount Apple offered to pay hackers to disclose critical iOS exploits under the iPhone maker’s bug bounty program, yet no one is coming forward to claim the reward. The likely explanations are that iOS vulnerabilities can fetch more than $1 million on the black market, and that Apple is unwilling to provide white hat hackers with “developer devices” to tinker with. (Motherboard)
Power plants in peril! A pair of reports suggest hackers from a nation state (likely Russia) have breached the computer systems of more than a dozen power stations, including nuclear facilities, across the U.S. The breaches are believed to have been carried out with malware that compromised engineers’ passwords. All this raises the specter of a major attack that could shut down portions of the U.S. power grid and damage surrounding infrastructure. (Bloomberg, New York Times)
Android ad scam alert: Why are bad guys so attracted to the online ad industry? Presumably because there’s good money it. The latest example comes via reports of CopyCat, a form of malware that spread to 14 million Android devices last year. The criminals cashed out by installing the malware and then pocketing revenue tied to millions of ad displays and commissions for app installations. (Fortune)
A cool scene & poor hygiene: That’s a very short summary of an advice guide for women who plan to attend DEF CON in Vegas (the advice could apply to this month’s other Vegas hacker convention, Black Hat). Key phrase: “How I, a woman, an engineer, and a hard introvert with a low tolerance for dickheads, recommend approaching DEF CON.” (Breanne Boland blog)
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
So what exactly happened to all those computers during Petya/NotPetya’s recent rampage? Fortune’s Robert Hackett has a nice summary of a cartographer’s video that shows just how the malware munches up the code of a victim machine and then injects others nearby. It’s kinda like the Walking Dead – but with Windows machines.
Within minutes of setting the malware into motion on one of the machines, the infection spreads across the network and runs its destructive course. One by one, White’s dummy files are encrypted, rendering them into inaccessible, alphanumeric gobbledygook. Read more on Fortune.com.
FedEx, Maersk and Getting a Grip on the Latest Hacking Attacks by Adam Lashinsky
Law Firm DLA Piper Reels Under Cyber Attack, Fate of Files Unclear by Jeff John Roberts
Bithumb, One of the Biggest Bitcoin and Ethereum Exchanges, Got Hacked by Robert Hackett
Doctors Use Snapchat to Share Patient Scans, Report Finds by Jeff John Roberts
IRS Says it Will Limit Bitcoin Audits at Coinbase—But Only a Bit by Jeff John Roberts
ONE MORE THING
What School has the Best Cyber Security Program? Universities are revamping curriculums to reflect the growing importance of cyber skills in the world and the workplace. CSO has a nice rundown of what Carnegie Mellon, Johns Hopkins and others are offering. (CSO)