Russian Hackers’ New Target: a Vulnerable Democratic Senator
vulnerable:弱势的,脆弱的
able to be easily physically,emotionally,or mentally hurt,influenced,or attacked
Sen. Claire McCaskill is a top target for Republicans looking to grow their slim Senate majority in 2018. Turns out, Russia’s “Fancy Bear” hackers are going after her staff, too.
The Russian intelligence agency behind the 2016 election cyberattacks targeted Sen. Claire McCaskill as she began her 2018 re-election campaign in earnest, a Daily Beast forensic analysis reveals. That makes the Missouri Democrat the first identified target of the Kremlin’s 2018 election interference.
cyberattack:网络攻击
forensic:[fə՝rensik]法庭的
McCaskill, who has been highly critical of Russia over the years, is widely considered to be among the most vulnerable Senate Democrats facing re-election this year as Republicans hope to hold their slim majority in the Senate. In 2016, President Donald Trump defeated Hillary Clinton by almost 20 points in the senator’s home state of Missouri.
be critical of:对...批评、挑剔
be critical to:对...关键
There’s no evidence to suggest that this attempt to lure McCaskill staffers was successful. The precise purpose of the approach was also unclear. Asked about the hack attempt by Russia’s GRU intelligence agency, McCaskill told The Daily Beast on Thursday that she wasn’t yet prepared to discuss it.
“I’m not going to speak of it right now,” she said. “I think we’ll have something on it next week. I’m not going to speak about it right now. I can’t confirm or do anything about it right now.”
The senator later released a statement asserting that the cyberattack was unsuccessful.
“Russia continues to engage in cyber warfare against our democracy. I will continue to speak out and press to hold them accountable,” McCaskill said. “While this attack was not successful, it is outrageous that they think they can get away with this. I will not be intimidated. I’ve said it before and I will say it again, Putin is a thug and a bully.”
In August 2017, around the time of the hack attempt, Trump traveled to Missouri and chided McCaskill, telling the crowd to “vote her out of office.” Just this last week, however, Trump said, on Twitter, that he feared Russians would intervene in the 2018 midterm elections on behalf of Democrats.
cyber warfare:网络战
hold them accountable: Someone who is accountable is completely responsible for what they do and must be able to give a satisfactory reason for it:
intimidate:威吓 intimate:亲密
thug:/θʌɡ/暴徒
bully:one who hurts or frightens someone else, often over a period of time, and often forcing them to do something that they do not want to do:欺凌弱小的人
chide:/tʃaɪd/ to speak to someone severely because they have behaved badly:斥责
The revelations of the attempted hack of McCaskill staffers comes just weeks after Special Counsel Robert Mueller indicted 12 Russian intelligence officers, accusing them of orchestrating cyberattacks that targeted the Democratic National Committee, the Democratic Congressional Campaign Committee, and Clinton’s campaign in 2016.
On Friday, Trump is scheduled to chair a meeting of the National Security Council on election vulnerabilities facing the midterm elections—amid persistent criticism, particularly after his Helsinki meeting with Russian President Vladimir Putin, that he isn’t taking Russian interference seriously.
chair a meeting:主持会议 Would you like to chair tomorrow's meeting?
National Security Council:国家安全委员会
Secretary of State:国务卿
amid:在... 中间 in the middle of or surrounded by:
The attempt against McCaskill’s office was a variant of the password-stealing technique used by Russia’s so-called “Fancy Bear” hackers against Clinton’s campaign chairman, John Podesta, in 2016.
The hackers sent forged notification emails to Senate targets claiming the target’s Microsoft Exchange password had expired, and instructing them to change it. If the target clicked on the link, he or she was taken to a convincing replica of the U.S. Senate’s Active Directory Federation Services (ADFS) login page, a single sign-on point for e-mail and other services.
As with the Podesta phishing, each Senate phishing email had a different link coded with the recipient's email address. That allowed the fake password-change webpage to display the user’s email address when they arrived, making the site more convincing.
forge:锻造,伪造
expire:期满
信息泄露:information leakage
have this information revealed 把信息泄露出去
Prevent Information Leakage 防止信息泄露
replica:复制品
phish:网络钓鱼
In October, Microsoft wrested control of one of the spoofed website addresses—adfs.senate.qov.info. Seizing the Russians’ malicious domain names has been easy for Microsoft since August 2017, when a federal judge in Virginia issued a permanent injunction against the GRU hackers, after Microsoft successfully sued them as unnamed “John Doe” defendants. The court established a process that lets Microsoft take over any web addresses the hackers use that includes a Microsoft trademark.
wrest:抢夺,争夺
spoof:欺骗
malicious:/məˈlɪʃ.əs/ 恶毒的
permanent injunction:永久禁令 issue:议题、发表、公布
defendant:被告
trademark:商标
Microsoft redirected the traffic from the fake Senate site to its own sinkhole server, putting it in a prime position to view targets trying to click through to change their passwords.
The Daily Beast identified McCaskill as a target while investigating statements made by Microsoft VP Tom Burt last week in an appearance at the Aspen Security Forum. Burton discussed the Virginia injunction, and told the audience that it allowed Microsoft to thwart a phishing campaign against three midterm election candidates, who he declined to name.
sinkhole:排水口
thwart:反对,阻碍
“We did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for elections in the midterm elections,” said Burt, Microsoft’s corporate vice president for customer security and trust. “We took down that domain and working with the government actually were able to avoid anybody being infected by that particular attack.”
The most recent domain seizures recorded in the Virginia case took place between August and December of last year, when Microsoft grabbed seven malicious web addresses, including the “qov.info” address. A report from the security company Trend Micro released in January listed that address and the role it played in a Senate phishing campaign against unnamed targets.
A snapshot of a deep link on the phishing site taken September 26th by a website security scanner showed the fake password-change page with the Senate email address of a McCaskill policy aide on display.
seizure:获取,捕获
aide:助手
There is a notable divide between Congress and the Trump administration over the vulnerability of the 2018 election to Russian election interference.
In March, the Senate Intelligence Committee warned state election officials to make cybersecurity a “high priority” for their election systems, particularly over voter databases, and urged the states to bolster their coordination with the Department of Homeland Security. But the secretary of Homeland Security, Kirstjen Nielsen, appeared earlier this month to downplay the threat. While “adversaries and nonstate actors” consider U.S. elections a persistent target, Nielsen said there are “no indications that Russia is targeting the 2018 U.S. midterms at a scale or scope to match their activities in 2016.”
bolster:加强
coordination:协调
Department of Homeland Security:国土安全部
downplay:轻视,不予以重视
adversary:敌人
indication:指示、象征
By contrast, Dan Coats, the embattled director of national intelligence, testified in February that Russia considered its 2016 election hacking a success. Putin “views the 2018 U.S. midterm elections as a potential target for Russian influence operations,” Coats told the Senate intelligence panel. Last week, after being rebuked by Trump beside Putin in Helsinki, Coats reiterated his concern about Russia’s “ongoing, pervasive efforts to undermine our democracy.”
Earlier this year, Congress appropriated $380 million, as part of a broader spending package, to individual states for election security. The Senate is currently weighing whether to authorize an additional $250 million in similar grants.
A spokesperson for the Senate Intelligence Committee declined to comment, as did a spokesperson for Mark Warner, the top Democrat on the panel.
embattled:严阵以待的,受围攻的
rebuke: [rɪˈbjuk]非难,指责
appropriate:拨专款;合适的,适当的;侵吞
spokesperson:发言人,代言人
on the panel:在名单上
McCaskill is one of 10 Senate Democrats facing re-election this year in states that Trump won in 2016. Her likely Republican challenger is Josh Hawley, who currently serves as the state’s attorney general. Outside groups and campaign committees have spent more than $15.5 million against McCaskill so far.
McCaskill has spoken out forcefully against Moscow, likening Russian election-meddling to “a form of warfare” and calling Putin a “thug and a bully.” She was also caught up in the Podesta hack, which was revealed when WikiLeaks released the Clinton campaign chair’s private email communications. The document dump showed that McCaskill called Podesta to inform him that she had “info” about an individual working in the State Department’s inspector general’s office, which at the time was investigating Clinton’s private email server. The “info” was that a top aide at the inspector general’s office once worked for a Republican senator, Chuck Grassley of Iowa.
likening:把...比作 She likens marriage to slavery.
dump:倾倒,丢下
McCaskill’s criticisms of WikiLeaks stretch back nearly a decade. In 2010, she and Sen. Lindsey Graham (R-S.C.) called for prosecutions of individuals who send classified information to WikiLeaks. Earlier this month, Mueller’s GRU indictment included Russian intelligence officers who, through the Guccifer2.0 persona, are accused of funnelling the hacked 2016 data to WikiLeaks.
“I hope we can find out where this is coming from and go after them with the force of law,” she said at the time.
prosecution:控告,起诉
indictment:起诉书
funnel:/ˈfʌn.əl/漏斗,输送,传送
vulnerable:弱势的,脆弱的
cyberattack:网络攻击
forensic:[fə՝rensik]法庭的
be critical of:对...批评、挑剔
be critical to:对...关键
cyber warfare:网络战
hold them accountable: Someone who is accountable is completely responsible for what they do and must be able to give a satisfactory reason for it:
intimidate:威吓 intimate:亲密
thug:/θʌɡ/暴徒
bully:one who hurts or frightens someone else, often over a period of time, and often forcing them to do something that they do not want to do:欺凌弱小的人
chide:/tʃaɪd/ to speak to someone severely because they have behaved badly:斥责
chair a meeting:主持会议 Would you like to chair tomorrow's meeting?
National Security Council:国家安全委员会
Secretary of State:国务卿
amid:在... 中间 in the middle of or surrounded by
forge:锻造,伪造
expire:期满
信息泄露:information leakage
have this information revealed 把信息泄露出去
Prevent Information Leakage 防止信息泄露
replica:复制品
phish:网络钓鱼
wrest:抢夺,争夺
spoof:欺骗
malicious:/məˈlɪʃ.əs/ 恶毒的
permanent injunction:永久禁令 issue:议题、发表、公布
defendant:被告
trademark:商标
sinkhole:排水口
thwart:反对,阻碍
seizure:获取,捕获
aide:助手
bolster:加强
coordination:协调
Department of Homeland Security:国土安全部
downplay:轻视,不予以重视
adversary:敌人
indication:指示、象征
embattled:严阵以待的,受围攻的
rebuke: [rɪˈbjuk]非难,指责
appropriate:拨专款;合适的,适当的;侵吞
spokesperson:发言人,代言人
on the panel:在名单上
likening:把...比作 She likens marriage to slavery.
dump:倾倒,丢下
prosecution:控告,起诉
indictment:起诉书
funnel:/ˈfʌn.əl/漏斗,输送,传送