Data Recovery

Was the DNC Breach the Work of Russian Hackers?

The recent breach of sensitive data stored on the DNC server has been making waves since the stolen information was published on WikiLeaks just a few days ago. As the information is sifted through (exposing problematic behavior on the part of handfuls of DNC higher-ups), questions have gone unanswered regarding the expertly-planned cyber espionage attack that was so successfully carried out against the national committee.

dnc leak2Cyber experts have noted that the scale, timeliness, and sensitivity of the data released imply a level of sophistication that would be difficult to find outside of state-sponsored activity. WikiLeaks’ decision to publish the documents into a search engine has indexed that data, making it that much easier for those looking for damning data to locate it. Email conversations between democratic party leaders revealing a collusion to give the nomination to Hillary Clinton, remarks regarding Bernie Sanders’ lack of religious emphasis, and many other sensitive topics have been sentenced to the public eye, with largely embarrassing results.

It’s worth mentioning that the documents were well-timed; all confidential information was exposed strategically; their surfacing just before the Democratic National Convention allowed for the highest possible level of chaos upon the convention’s onset.

As for who actually carried out the hacking? American authorities seem to be unanimously pinning the blame on Russian hackers, an allegation that gains evidence daily. For example, in mid-June when the DNC called in the the cyber threat analysis firm Crowdstrike to examine the committee’s servers, the company found “two separate Russian intelligence-affiliated adversaries present in the DNC network.” Crowdstrike then released a comprehensive report of its findings, which were released on June 14. Among its many discoveries, Crowdstrike found that one of the hacking groups had been snooping in the DNC’s servers for almost a year. The next week, two different cybersecurity firms independently confirmed Crowdstrike’s reports. The additional firms also found that the two hackers used malware and methods identical to those used in other attacks attributed to the suspected Russian hacking groups.

dnc leakThe day after Crowdstrike’s report was published, a hacker calling themselves “Guccifer 2.0” took credit for the hack and claimed that he or she was not affiliated with the Russian government and was instead a stand-alone hacker. Guccifer 2.o went on to claim that he had handed off much of what he had found to Wikileaks.

More compelling evidence linking the DNC breach to Russian state-sponsored hacking was found by King’s College in London professor Thomas Rid. Rid found that there was an identical command-and-control address hardcoded into the DNC malware that was also on the malware that was used to hack the German Parliament back in 2015. German officials had stated that the malware originated from Russian military intelligence.

Additional evidence includes that documents were translated into Cyrillic and that Guccifer, who claimed to be Romanian, did not speak coherent Romanian.

“It doesn’t strain credulitiy to look at the Russians,” said malware expert with CitizenLab Morgan Marquis-Boire. “This is not the first time that Russian hackers have been behind intrusions in US government, and it seems unlikely that it will be the last.”

The Kremlin has denied any Russian involvement in the leak.

 

Electromagnetism- the Secret of Your Storage Drive

Whether you prefer classic hard disk drives or solid-state drives (also called flash drives), you rely on some form of electromagnetism to store your precious data. Your data has to be able to be converted into digital form to be stored in a computer, and as you likely know, digital data is stored in binary code, or a sequence of 0’s and 1’s.

But it’s not as if there’s just a bunch of 0’s and 1’s in your physical hard drive that your computer then configures into the data you recognize when you see it on your monitor. No, the physical way of storing binary code is through either the presence or absence of magnetism or electrical current.

b.opIn the case of a hard disc drive, if there’s no magnetism, that means 0. If there is magnetism, that means 1. A piece of magnetized metal reads the presence or absence of magnetism on tiny (microscopic) units of space on a spinning disk and from that understands what binary code to send to the computer, which then uses software to translate that code into more digestible information for you to read from your monitor.

In the case of a solid state drive, the absence of an electric current means 0, and the presence of an electric current means 1. Because electric currents can be created by transistors and transistors are able to be made smaller and smaller as time goes on (while hard disk drives can only be so  small and still be functional due to their reliance on a spinning disk mechanism), solid-state drives are capable of being much smaller and storing the same amount of information as hard disk drives. However, if your SSD fails, it’s going to be way less likely that you’re able to recover the information.

But this give and take between electricity and magnetism goes much deeper than a choice between storage drives. Magnetism actually begets electricity, and the other way around. Here’s how:

It comes down to subatomic particles, as things so often do. Each electron is surrounded by a force called an electric field. When an electron moves, it creates a second field called a magnetic field. When electrons are made to move together, or flow in an electric current through a conductor (i.e. a metal or other substance with a structure that enables electrons to weave through the place comfortably), the conductor becomes a temporary magnet.

hmBut that’s electricity begetting magnetism. How would that current even be forced to be created? If you get a coil of wire and place it near a magnet with an unchanging magnetic filed, nothing happens. However, if that magnetic field is changed by moving the magnet back and forth or spinning the wire, the changing magnetic field can produce an electric current in the wire.

Electricity and magnetism have always been extremely closely related, in an interactive relationship known as electromagnetism. Flowing electrons produce a magnetic field and spinning magnets cause an electric current to flow. Simple as that.

Advances in Deep Learning Can Help Computers Fight Malware

Malicious software is always engineered to hide that it’s malicious. Programs meant to fight malicious software must be sophisticated enough to identify it despite its attempts at camouflage. So far the conflict has raged on with neither type of software able to eliminate the other completely and each type of software having no choice but to become ever more advanced. However, resolution may be just around the corner.

Cybersecurity company Deep Instinct just released a security solution that utilizes “deep learning” to enable a program to learn to identify bad code on its own, without being programmed to recognize anything in particular.

deep learning“Deep learning draws its inspiration from the human mind. It organizes itself into a structure of synthetic neurons. It’s another term for neural networks,” explained Bruce Daley, principal analyst at Tractica. “It was rebranded because there was so little progress with neural nets.”

Daley went on to explain exactly what kind of advantage deep learning capabilities can offer an application: “With traditional programming, as you code, you have to anticipate all the situations that arise that you have to deal with. What deep learning does is take the data and build a model from what it finds in the data that’s statistically relevant.”

“So you don’t have to anticipate all the relationships the program will encounter,” he added. “It turns into something like making beer or making bread.”

Another distinction: deep learning is more advanced than machine learning. For example, in the context of facial recognition software, a program would contain information about how to identify a nose, eyes, bone structure, etc. A facial recognition program outfitted with deep learning capabilities would be able to learn the facial features itself.

The difference between a normal program and one equipped with deep learning is profound; traditional programming methods allow for the slightest change in malicious code to fool a program. Deep Instinct CTO Eli David explained, “It’s as if I show you the picture of a cat, then I modify a few pixels, and you can’t recognize it’s a cat.”

Deep learning allows a program to have a much more comprehensive understanding of what makes malicious software what it is, so a few metaphorical “pixels” won’t make all the difference.

“With deep learning, you can show just the tail of the cat, and it will return with high confidence that it’s a cat. It is extremely resilient to variance and modification,” explained David.

Tractica forecasts that applications that utilize deep learning will generate a $10 billion market by 2024.deep learning stuff

Deep Instinct clearly believes it, and is now wagering on cybersecurity being a fruitful subset of deep learning applications. Given 2015’s proliferation of high-profile cyberattacks and the push towards increased government surveillance, it’s not a bad bet.

For how advanced Deep Instinct’s security solution is, it remains pretty small; it takes up only 10 MB of memory, and is generally inactive so it doesn’t take up much processing power either.

“Most of the time this agent does nothing,” said David. “When it detects a new file–any type of file– it passes it through the deep learning module on the device. If the file is malware, it will remove it or quarantines it.”

Data Recovery: About it and the four phase cycle of recovery

Data recovery is a process of retrieving or getting back the data that has been removed due to various reasons. Like the ones mentioned above, in a day-to-day life. This could be from corrupted media, drives, or files.

Now, like any other process known, data recovery too is a very logical and methodical process. This essentially has four phases of steps to retrieve the data:

  1. Phase one: Fix the Hard Disk Drive: This phase, as the term itself indicates, is about repairing the hard disk drive of the system or the network. As well known a fact it is that the hard disk can come as a major savior to data prevention, even when a network function fails. Thus, concentrating on the hard disk drive would be but the foundation stone lay to ensure that the lost data can be retrieved. Repairing it means readying it for its optimal and smooth use, without any interruptions and glitches. For example, if the PCB is defective, it is to be made sure that it be either replaced or fixed properly, or the functioning of the heads has to be rechecked and so on.
  2. Phase two: Imaging the drive to a new disk image file/drive: Ensure that the drive that has currently gone dysfunctional be imaged to a fresh drive or even to a new disk image file. As mentioned, that the hard disk is the parent component to the chances of reading the data back. So, in this case, the data should be transferred to a fresh drive to ensure that it can be rescued and reproduced unharmed and unchanged. The faulty drive will be a long term threat to the data to be stored in the future. Create an image of the drive. This would ensure that the data is saved as a second copy on another fresh drive or device. This would most certainly work in getting the lost data back, without any harm or infected changes.
  3. Phase three: Recovery of partitions, Files, MBR and MFT logically: Now that the drive is already metamorphosed to a new look- into an all-new drive, one can begin the formal process of data recovery full on. Using this “photocopy” version of the failed drive, it is possible to now fix the partition table, the MFT, and the MBT. This is important as this would facilitate the retrieval of the data by reading the file system’s data structure.
  4. Phase four: Repair Retrieved Damaged files: As much of a utopia one would hope for- to retrieve the data impeccably untouched, there are quite a many chances of some part of it being damaged or corrupted. Say a part of a file written in a particular part of the drive is corrupted. This is very common to see as the disk drive goes for a toss. Now, the data has to be made readable from its current failing condition. For curing the files of this situation, a world of software is available. So, you are almost there!