Page:Report of the Select Committee on Intelligence United States Senate on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election Volume 1.pdf/17

From Wikisource
Jump to navigation Jump to search
This page has been proofread, but needs to be validated.

   
COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY

 

system.[1] Officials used the analogy of a thief casing a parking lot: they said the car thief "didn't go in, but we don't know why."[2] State 9 became aware of this malicious activity after receiving an alert.[3]

 DHS reported GRU scanning activity on the Secretary of State domain.[4]

State 10 (U) According to State 10 officials, cyber actors using infrastructure identified in the August FLASH conducted activity that was "very loud," with a three-pronged attack: a Netherlands-based IP address attempted SQL injection on all fields 1,500 times, a U.S.-based IP address attempted SQL injection on several fields, and a Poland-based IP address attempted SQL injection on one field 6-7 times.[5] State 10 received relevant cybersecurity indictors from MS-ISAC in early August, around the same time that the attacks occurred.[6] State 10's IT contractor attributed the attack to Russia and suggested that the activity was reminiscent of other attacks where attackers distract with lots of noise and then "sneak in the back."[7]

(U) State 10, through its firewall, blocked attempted malicious activity against the online voter registration system and provided logs to the National Cybersecurity and Communications Integration Center (NCCIC)[8] and the U.S. Computer Emergency Readiness Team (US-CERT).[9] State 10 also brought in an outside contractor to assist.[10]

  DHS confirmed GRU SQL injection attempts against State 10's voter services website on August 5 and said that the attack was blocked after one day by State 10's firewall.[11]

State 11 (U) According to State 11 officials, they have seen no evidence of scanning or attack attempts related to election infrastructure in 2016.[12] While State 11 officials noted an IP address "probing" state systems, activity which was "broader than state election systems," State 11 election officials did not provide specifics on which systems.[13]
  1. (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 9], November 17, 2017.
  2. (U) Ibid.
  3. (U) Ibid.
  4. (U) DHS briefing for Committee staff on March 5, 2018.
  5. (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 10], November 29, 2017.
  6. (U) Ibid.
  7. (U) Ibid.
  8. (U) NCCIC is DHS's cyber watch center.
  9. (U) Ibid.
  10. (U) Ibid.
  11. (U) DHS briefing for Committee staff on March 5, 2018.
  12. (U) Memorandum for the Record, SSCI Staff, Conference Call with [State 11], December 8, 2017.
  13. (U) Ibid.

17
COMMITTEE SENSITIVE—RUSSIA INVESTIGATION ONLY
   

Retrieved from "https://en.wikisource.org/w/index.php?title=Page:Report_of_the_Select_Committee_on_Intelligence_United_States_Senate_on_Russian_Active_Measures_Campaigns_and_Interference_in_the_2016_U.S._Election_Volume_1.pdf/17&oldid=10924971"