US CERT – DHS Releases Emergency Directive In Response To Widespread “Infrastructure Tampering Campaign” Targetting US Executive Branch

Considering that I’ve been a little lost in the world of underground hacks and leaks the last few weeks, I’m not exactly sure how well its been reported in the “Main Stream Media” that part of the US Governments ongoing shutdown involves the temporary laying off of US Government IT workers. Quite literally meaning that nearly every website owned by the US Federal Government is currently out in the open with no one on staff to mitigate attacks or secure them. For example, as was just reported by Netcraft earlier this week, since the shutdown first began “130 TLS certificates used by U.S. government websites have expired without being renewed” – up from 80 just last week.

Full Press Release from Netcraft:

Before moving on, truth be told, I am writing this article following up on a report from Adam Longo, concerning a DDoS attack effecting tonight. For those of you unaware, the site is currently being taken offline via a coordinated DDoS attack at the hands of Mecz1nho Markov – leader of the Brasilian based hacking group Pryzraky. For the purposes of this article, the news serves as a perfect reminder of just one of the small problems presented by the US Government shutdown – strictly in regards to cyber, IT and/or data security.

All of this is important to understand because hackers have been talking about all of this for weeks now, and indubitably countless threat actors have since gone on to do irreparable damage to our Government and US Government systems/server over the same time period of our shutdown. If you need any proof of this, look no further than Emergency Declaration 19-01 issued to the public by US CERT and Department of Homeland Security on January 22nd 2019. In it, the DHS explains how it’s their duty to inform the US public or any Government agencies of any immediate threats presented to their systems, either in live time or into the immediate future. In this particular instance, the DHS is now warning of “DNS Infrastructure Tampering” campaigns actively being carried out by unknown and malicious international threat actors or Advanced Persistent Threats (APT’s).

More specifically, the Department of Homeland Security explains how, dating back to January 10th 2019, their “Cybersecurity and Infrastructure Security Agency (CISA)” has been “tracking a series of incidentsinvolving Domain Name System (DNS) infrastructure tampering.” Explaining that CISA is now “aware of multiple executive branch agency domains that were impacted by the tampering campaign,” adding that each/every effected agency has since been contacted privately about this matter.

Read Full Emergency Directive from DHS:

Now, in my professional experience I know that DNS level attacks usually involve the hijacking of network internet traffic in hopes of either intercepting and stealing said traffic, or cutting off traffic to the end destination – the website itself. For example, this is how Wikileaks was ‘hacked’ by OurMine in 2017. With that said however, DNS level attacks can also lead to the complete hijacking of a websites “Name Servers,” quite literally granting hackers full and complete administrator level control over a website and all of its contents – including every piece of data entered onto the websites back-end, normally shielded from public eye.

In this particular instance, as was explained/described by the DHS themselves in Emergency Directive 19-01 posted above:

In response to the incidents and to stay out ahead of future DNS level attacks like it in the future, the DHS has also submitted to following recommendations for all US Government website administrators:

As stated, all agencies, departments, organizations and websites affiliated with the US Government’s Executive Branch are to conduct full and complete audits of their online systems, DNS records and web traffic – with full reports due back to the DHS by February 5th 2019 at the very latest. From there, Government researchers can begin putting together the full scale of these hacks/attacks, as well as what information the hackers were able to steal – and for how long. Possibly implicated under the umbrella of the US Executive Branch are the US Military, White House, Immigration and Custom Enforcement, National Security Agency, as well as state and local law enforcement agencies – among many others.

Additionally, once again given my experience, I do not think it would be unreasonable to speculate that we won’t see any of the information uncovered by hackers the last few weeks for quite some time down the road. Say for example the start of the 2020 US Presidential election season, which due to kick off in less than 12 months time. If I had a guess, I would assume that any information targeted by hackers over the last two weeks was acquired specifically for this very purpose; to interfere with and/or manipulate the course of the 2020 US Presidential elections. Though even I admit that statement is merely speculative and remains to be seen.

Published by

Brian Dunn

Writer, Researcher Owner: Rogue Media Labs | Rogue Security Labs (929)-319-2570 BrianDunn@RogueSecurityLabs.Ltd

Leave a Reply

Your email address will not be published.