Remember — just because President Trump says that something is not a threat, that doesn’t mean that it actually isn’t a threat. In fact, such a proclamation from the president likely means the opposite, seeing as he has pretty much no idea what he is doing.
The Trump administration has refused to address Russian intelligence services’ meddling in our recent presidential election, and now, they’re at it again. This time, with tools that were stolen from our National Security Agency.
According to a report from the private security form FireEye, a hacking group associated with Russian foreign intelligence agencies and known as Fancy Bear has sent a “malicious document” to hotels in “at least seven European countries and one Middle Eastern country.” This document contains malware that is widely known to be used by Fancy Bear, otherwise known as APT28 — among other names. (These are the same hackers believed to be behind the infamous attack on the DNC.)
The tools stolen from the NSA come into play after the initial malware installation on a single device. The hackers are using an exploit known as EternalBlue to spread their malware through the various computers of a hotel’s network. This exploit was leaked by the group known as ShadowBrokers earlier this year.
Besides being used in this recent Fancy Bear attacks on the hospitality industry, the EternalBlue exploit was also employed in the well publicized WannaCry worldwide ransomware attack back in May.
Of the implications of all of this, FireEye writes:
‘Cyber espionage activity against the hospitality industry is typically focused on collecting information on or from hotel guests of interest… Business and government personnel who are traveling, especially in a foreign country, often rely on systems to conduct business other than those at their home office, and may be unfamiliar with threats posed while abroad… Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible.’
The security firm reports that a public wifi network allowed APT28 hackers to gain access to a computer in a hotel back in late 2016, at which time the hackers accessed the victim’s email account. The victim logged into a hotel’s public wifi, and then twelve hours later, a hacker’s computer that was on that same wifi network facilitated a login to that victim’s computer using stolen credentials. FireEye does not name who this victim was.
The Trump administration could, in theory, be poised to do something about this, but the president has routinely dismissed the threat to the United States from Russian hacking. Thus, it’s not as though he is about to take care to address the threat to other countries from Russian hacking.
Russian election meddling has been at times suspected in European countries; it’s not confined to the United States. For instance, there is a strong allegation that Russian intelligence services were behind the surprise victory of “Leave” over “Stay” in the Brexit vote.
For now, we wait and see where this leads. The Trump administration, outside of the singular issue of the seriousness of Russian hacking, has distanced itself from our European allies across the board, which is not good for the Western efforts to combat the spread of Putin-style totalitarianism.
Featured Image via Mikhail Svetlov/ Getty Images.