Russian hackers take the stage at DNC convention
As WikiLeaks dumps DNC emails, Russian hackers are being accused of trying to influence the outcome of the presidential election and force changes in foreign policy.
The 2016 presidential election may be most remembered not for the rise of populist sentiment, the '60s-reminiscent passion of Bernie Sanders, the fiery rhetoric of Donald Trump and his surprising ascent, the fall of controversial DNC head Debbie Wasserman Schultz or Hillary Clinton 's ragged climb to the top of the Democratic ticket, but rather the rise in both prominence and threat of the nation-state hacker.
WikiLeaks's dump of 20,000 Democratic National Committee (DNC) emails not only heaped a whole lot of misery on Democrats and Hillary Clinton's campaign, forcing the resignation of Wassermann Schultz, but it also raised the specter that Russia may be trying to manipulate the outcome of the U.S. presidential election and prompted at least one security researcher to notify the Federal Bureau of Investigation (FBI) of a DNC bank account laying wide open.
The emails raised the ire among Bernie Sanders supporters and Clinton critics because they appeared to show, at the very least, that the DNC threw its support behind Clinton before the first primary ballot was cast and explored ways to curb voter enthusiasm for Sanders, whose popularity had unexpectedly surged.
But in addition to revealing machinations behind a political party on the eve of its convention in Philadelphia, the emails underscored the holes in security and privacy yawning at many organizations and the very real possibility that nation-states like Russia have upped their game to actually manipulate the underpinnings of democratic process.
Security firm CloudStrike, called in by the DNC in May, to investigate a pair of intrusions, one of which resulted in the theft of the DNC's opposition file on Republican presidential nominee Donald Trump, fingered two Russian hacking groups, Cozy Bear and Fancy Bear, as the familiar culprits behind the hacks.
A lone hacker, self-dubbed Guccifer 2.0, quickly claimed responsibility for breaking into the DNC computer systems last summer and allegedly released the contents of the DNC's opposition research files on Republican presidential candidate Donald Trump. The hacker taunted CrowdStrike in a WordPress blog, but researchers stuck to their assessment that the hacks were orchestrated by Russian hackers and that Guccifer 2.0 was a persona designed as a front for those groups.
On Sunday, Clinton Campaign Manager Robby Mook publicly suggested that the Russians were intent on swaying the upcoming presidential election toward Trump. "Experts are telling us that Russian state actors broke into the DNC, took all these emails, and now are leaking them out through these websites,” Mook said on This Week with George Stephanopoulos. "It's troubling that some experts are now telling us that this was done by the Russians for the purpose of helping Donald Trump.”
A person close to an alleged FBI investigation into the intrusions was quoted by Reuters as saying that the timing and execution of the email dump "has all the hallmarks of a classic intelligence operation intended to damage a perceived adversary."
Darren Hayes, Assistant Professor and Director of Cybersecurity at Pace University's Seidenberg School of Computer Science and Information Systems said in comments emailed to SCMagazine.com that “It is not that surprising that the DNC or RNC might be a target of cyber attacks by Russia.”
Former FBI Special Agent In Charge (SPAIC) Leo Taddeo, chief security officer at Cryptzone, agreed that Russian hackers were likely behind the hacks. “I believe the research that shows Russian state actors hacked into the DNC email servers and extracted the emails and other documents,” he said in comments emailed to SCMagazine.com.
Unlike the Clinton camp, Taddeo doesn't think the leaks were designed to help Trump gain the presidency. “Contrary to what is being reported, this is not Putin trying to help Trump,” he said, noting the material was likely passed along to influence policy toward Russia. “Instead, Putin and his leadership are trying to influence Clinton and her future stance toward Europe's missile defenses and NATO expansion.”
In fact, “one might think that the Donald Trump campaign might actually be of most interest given the uncertainty surrounding some of his policies – especially as they pertain to comments made about NATO. Many western governments, including Russia, want to anticipate potential policies for the new Commander in Chief,” said Hayes.
Under Obama, the U.S. has moved closer to Russia “with advanced missile defense systems and the expansion of NATO bases,” Taddeo explained, adding that Putin and Medvedev know that U.S. policy toward Russia can be influenced during an election cycle. And indeed, thanks to an open microphone in 2012, Obama was heard telling Medvedev that he needed more space but once reelected “would be ‘more flexible' in dealing with the missile issues,” Taddeo said. From Russia's perspective, “the U.S. election cycle is a key opportunity to influence US defense and diplomatic posture on this most critical issue.”
The motivations of WikiLeaks Founder and Editor Julian Assange are less murky. Assange, who has been in the Ecuadorian Embassy in London where he sought asylum from Swedish authorities and avoidance of possible extradition to the U.S., has made it clear that he doesn't want Hillary to gain the White House – noticeably missing from recent dumps are any files or emails from the Republican National Committee or its operatives.
Regardless of who is behind the hacks – or their motivations – the incidents demonstrate that organizations like the DNC increasingly must fend off attacks as the stakes get higher and cast a harsh light on their security practices and foibles.
“The political atmosphere is ripe for email attacks as the large data sets available in one place make it an attractive target. In reality, email is the most prevalent attack vector organizations face daily,” Peter Bauer, CEO, Mimecast, said in comments emailed to SCMagazine.com. “In fact, 91 percent of all cyberattacks start with a phishing scam via email, so users need to be more cautious than ever.”
The email dump by WikiLeaks not only reveals embarrassing messages, but according to security researcher Dominique Davis, CEO at Red Cell Infosec, at least one of the missives released “contains the DNC General Fund bank account and routing number and wire instructions,” he said, adding that he reported the exposed data to the FBI last week. “Any hacker on the net right now could empty this account.”The DNC might have saved its sensitive data from the hackers had it just used encrypted email, security pros said.
“When dealing with sensitive information through email, it should always be encrypted. It is imperative that organizations - especially any political or government agency - encrypt emails due to the high level of cyber espionage, hacktivism and state sponsored infiltration,” Byron Rashed, senior director of marketing at InfoArmor, said in comments emailed to SCMagazine.com.
While encryption “doesn't guarantee the hackers could not have obtained the information,” according to John Gunn, VP of Communications, VASCO Data Security, “it certainly would have made their job a lot more difficult.”
But Brad Bussie, director of product management at STEALTHbits Technologies, called the technology needed to encrypt email “well known, but not commonly implemented” mainly because of the “complexity and infrastructure cost.” In comments emailed to SCMagazine.com, Bussie said, “Most weight the value of the information that is transmitted against what it would cost to protect it. If the protection cost outweighs the value of the information then most do nothing and let operations continue as normal."
The issue reflects a “significant shortage of qualified IT security professionals - this event is just more evidence of the problem,” Rashed said in emailed comments to SCMagazine.com. “Political campaigns are not known for paying well or for providing long-term employment.”
Bauer said going forward organizations “should implement a strong employee security training program” in conjunction with “robust email security technology, so that they have a holistic, multi-layer defense against today's threats.”
The DNC and other organizations should rethink how they view security. “You cannot pre-emptively stop anyone sending you an e-mail,” John Marshall, sales engineering director, STEALTHbits, told SCMagazine.com in email correspondence. “E-Mail encryption is very limited in terms of being able to work across organizations or different mail systems” and “ongoing use of personal archives means that e-mail content is exposed to an infiltrator without them needing to gain access to the email system.”
Marshall said the use of two-factor authentication would help encrypt access “but the usability and functional differences these have to corporate mail systems will lead users to prefer to use those, which typically rules encryption out.”