Our servers and hacker attack on US Democrats: continuation of the story



    Our servers and a hacker attack on US Democrats: a continuation of the story.

    Last year, there was a lot of talk on the web that the servers of the US Democratic Party were attacked by hackers who left a “Russian footprint”. Recall that the attack was quite successful, as a result of which hackers received gigabytes of data related to the political activities of a number of famous people. This is personal correspondence, party documents and everything else. James Klapper, director of US national intelligence, said hackers who work in the interests of nations like Russia and China are behind this attack.

    As it turned out, the “Russian trace” was discovered only because hackers took advantage of the workour servers (located, by the way, in the Netherlands). Well, since we are a Russian company, then the hackers have become Russian. Forbes representatives asked us this month to tell us what really happened. By the way, before this interview, Vladimir Fomenko, the head of King-Servers, was taken by New York Times journalists . Some details of the interview are sure to be interesting to Habr.

    Initially, Forbes reporters asked what we think about the situation voiced by the FBI. Then representatives of the Bureau saidthat six of the eight IP addresses used by cybercriminals belonged to our servers. After it became known about the “Russian trace”, NYT journalist Andrew Kramer came to us and asked about everything in detail. He was provided with all the information on the case, in general, the interview was constructive.

    But when the article was ready and published, it turned out that Kramer turned the words of Vladimir Fomenko against himself. In the article, in particular, it was said that the head of King Servers is associated with intruders, and in general was almost the inspirer of all Russian cybercriminals. It is clear that the publication needs views of the material, but it turned out somehow quite ugly.

    After that, we decided to contact the ThreatConnect organization, which helps various organizations avoid various cyber threats or determine who is behind this or that attack. Initially, it was ThreatConnect experts who determined that the hackers who attacked the political party servers in the United States used King Servers. The response from the management of this company was received quite quickly. The following was said in it: “Based on the nature of the activity (of the attackers) and the fact that your resources were used by unidentified criminals, we propose that all information be provided to the authorities of Russia and the United States so that we can begin a constructive and transparent dialogue. As for the article in the New York Times, the term “information link” is the author’s words, not ours. We suggest that you contact the author to resolve the problem. As for our published study, we simply determined that the IP addresses from which the attack was carried out are registered on you and your company. Please let us know if we can help you. ”

    In general, everything is logical, unlike the NYT article. In fact, how can the use of our company's servers serve as evidence that Russian hackers are behind the hack? The hosting company should work in accordance with the business interests of customers and the laws of those countries where their activities are carried out. Well, yes - would really experienced crackers who managed to carry out a successful attack on the servers of a political party, not try to cover up the tracks, working, in fact, directly? In addition, NYT draws attention to the "Russian servers" and does not mention the other two, which are not associated with King Servers.

    image

    By the way, Forbes journalist asked Vladimir Fomenko what he thinks about the nationality of the crackers, as well as about some other details of the identity of the hackers. The answer was: “We are not able to find out their nationality, nor are we aware of whether they are hackers, since no one is conducting investigations. All we know is that crackers have no nationality. ”

    By the way, the company ThreatConnect, which conducted analytics regarding the source of the attack, said that after studying the situation, “there are more questions than answers.” The most interesting thing is that no one seeks to receive answers. None of the representatives of foreign companies and organizations that might be interested in a real investigation requested anything that would clarify the situation with the source of the attack. Logs were not requested, no one asked to share the payment information that the attackers indicated when renting the servers. Nothing.

    In general, this happens when hacking is investigated not by technical experts, but by journalists. I would like to hope that in the future the situation will become clearer - we ourselves are very interested in what happened in reality.

    In conclusion, I just want to repeat that King Servers works exclusively in accordance with the business interests of customers and the laws of those countries where their activities are carried out. And it will always be so. I would also like to quote the comments of the head of King Servers in one of the interviews: “We cannot be held responsible for the actions of third parties. It’s the same as blaming Ilon Mask that Tesla shot down one of the Democrats ... ”

    PS: if someone is interested, the so-called“ Russian trace ”used dedicated servers with Intel processors of the E3, 8Gb RAM series .


    Also popular now: