Does a BEAR Leak in the Woods? The Democratic National Committee breach, Russian APTs, and the 2016 U.S. Election

Presented at ShmooCon XIII (2017), Jan. 15, 2017, noon (60 minutes)

2016. Am I right? The June 2016 revelations of the DNC breach by two Russia-based advanced persistent threat groups was only the beginning of a series of strategic leaks and conflicting attribution claims. In a series of "1-2 punches," we saw attacks designed to breach the target and exfiltrate data reinforced by a campaign to leak information using mouthpieces posing as hacktivists. In this presentation we'll demonstrate techniques used to identify additional malicious infrastructure, evaluate the validity of "faketivists" like the Guccifer 2.0 persona, strengths and gaps in the attribution analysis, and how the adversary might adjust their tactics going forward.

Presenters:

• Toni Gidwani
  Toni Gidwani is the Director of Research Operations at ThreatConnect and leads ThreatConnect's research team, an elite group of globally-acknowledged cybersecurity experts dedicated to tracking down existing and emerging cyber threats. Prior to joining ThreatConnect, Toni led analytic teams in the U.S. Department of Defense.

Links:

• https://infocon.org/cons/ShmooCon/ShmooCon 2017/Does A Bear Leak In The Woods.mp4

Similar Presentations:

• THOTCON 0x8 (2017) / Bears...Bears Everywhere
• GrrCON 2014 / Breach Stains
• DerbyCon 9.0 Finish Line (2019) / Social Engineering in Non-Linear Warfare