Breach, Threat Management, Data Security

Obama orders intel probe of election hacks

After months of allegations that Russia had interfered in the presidential election through a series of cyberattacks on organizations and people affiliated with the Democratic party and calls for review from lawmakers on both sides of the aisle, President Obama directed U.S. intelligence agencies to conduct a full investigation and deliver a report before he leaves office January 20, according to the president's homeland security adviser counterterrorism advisor Lisa Monaco.

Speaking at a breakfast hosted by the Christian Science Monitor, Monaco said the president had ordered “a full review of what happened during the 2016 election process” and asked the intelligence community “to capture lessons learned from that and to report to a range of stakeholders, to include the Congress."

The president's charge came just days after Sen. Lindsey Graham (R-S.C.) and Sen. Patrick Leahy (D-Vt.) announced a bipartisan investigation of alleged election shenanigans.

“Obama's decision to order a full investigation into the cyberattacks tied to the election underscores just how serious of an issue weaponized data has become. We saw an unprecedented amount of compromised information leveraged by outside parties this election cycle, which solidified the fact that politically motivated cyberattacks have truly become a national security issue,” Tony Gauda, CEO of ThinAir, said in comments sent to SC Media.This investigation should provide insight into the motivation and identity of the hackers, which will hopefully lead to meaningful action on the part of the next administration.”

Much of the chatter during last six months of the election was dominated by hacks at the Democratic National Committee, the DCCC and others affiliated with Democratic candidate and former Secretary of State Hillary Clinton.

WikiLeaks founder Julian Assange released thousands of emails purloined from Clinton's account and those of her most trusted advisors, including Clinton Campaign Chairman John Podesta.

Early assessments of the hacks at the DNC and the Democratic Congressional Campaign Committee (DCCC) by CrowdStrike, Fidelis and ThreatConnectfound links to Russian APT groups Fancy Bear and Cozy Bear. Dell SecureWorks, an Atlanta-based security company, was tracking GRU activity for more than a year, also found that the hackers were using a popular URL-shortening site, Bitly, as they sent out their malicious links in phishing campaigns intended to get targets to click on fake Google login sites to dupe them into providing their email credentials.

But, a misstep by the GRU – exposing a number of their Bitly accounts – allowed the SecureWorks researchers, between October 2015 and May 2016, to monitor 9,000 of the intelligence service's links to 4,000 Gmail accounts. And, among those were 100-plus email addresses tied to the Clinton campaign. A number of high-ranking Clinton staff members, including Podesta, were targeted by the ploy. 

Speculation continued to grow throughout the remainder of the campaign that Russia, despite denying interference, was trying to sway the U.S. election to Trump, who had repeatedly praised the nation's president, Vladmir Putin, and who had made rumblings that changes to the U.S.'s relationship with NATO – which might prove favorable to Russia – would likely be forthcoming during a Trump administration.

Proponents hope the probe will be illuminating and the U.S. will review other elements of the election process as well.

“Knowing whether or not our electoral system has been compromised is of great importance. That includes the actual machines used by the public to cast their votes; machines which are known to contain numerous vulnerabilities,” Cris Thomas, strategist at Tenable Network Security, said in comments emailed to SC Media. “Hopefully this report will look at those devices and recommend solutions to mitigate their risks.”

But Thomas warned that the final report might not be made public. “The FBI still has an active investigation underway and has shared very few details with the public,” he said.

In fact, there may be actual evidence to support this request or the request may be politically motivated, possibly as a precursor to sanctions,” he said. Obama had pledged earlier in the fall that there would be consequences for nation-state involvement in hacks on election-related entities and American interests. “

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.