Advertisement
Advertisement
In countries that have invested a lot in these types of programs, they spend money building up their own tools and techniques, and they all leave these kinds of different little marks when they're used. They'll all result in hacks that look a little bit different. There's things they'll do to try and mask this.If the hackers are investing so much, why don't they go to equally great lengths to hide their tracks?
You can imagine that occasionally people screw up. Occasionally there's a few slip-ups here and there, or a few fingerprints here and there that get left, and then from this, you can kinda piece together what's happened.So far, everyone has concluded that it was Russia. How are they so sure?
The initial security company, Crowdstrike did the first analysis, and then Fireeye and Mandiant went through and effectively confirmed this. To me as someone who, yes, hasn't yet seen all the detailed information, it just seems exceedingly implausible that someone would be able to so expertly fake this without leaving their own fingerprints, or having their own issues, given how complicated all this is [and] given the state of the world, it just seems extremely unlikely.One of the pieces of evidence was a "dropper" previously used by the Russian government. What does it mean that they found a "dropper" previously used by the Russian government?
Let's say US agents had observed someone leaving a soda can someplace, and then someone else comes by to collect it, and through other means, we know this is the Russian government [collecting] it. Then someone else leaves the soda can there, and someone comes to pick it up.
Advertisement
In another case, they found that someone had modified a document in the [leaks], and had done it using a computer that had Russian language settings, and they didn't realize that when they did this inside of [Microsoft] Word, it would leave a trace. They kinda slipped up. So when you see that someone happens to have edited a document, and it just so happens that someone used Russian language settings and so on, these sort of slip-ups are very common. You just have to make one little mistake in one little place, and people can trace it back.What should we make of a hack this serious?
It's frightening that this sort of thing might be used for political reasons, especially against countries that are democracies, because, since it's influenced so much by what the voters think, and what's reported in the media, then it seems entirely possible for countries that have these capabilities to influence elections in democratic countries. That frightens me.Is the DNC culpable for leaving themselves open to this?
It's extremely hard to protect against something like this. Had equal focus been put into getting into the RNC's servers and the RNC's systems, I see no reason to expect that they wouldn't have been successful there, or really in any other similarly protected organization. It's exceedingly hard and requires an enormous amount of effort, and some of the top tech and financial companies are really leading the way on this, but it's exceedingly hard for anyone to resist state-level actors like this. So it's not just like they didn't have antivirus software, or they didn't have a firewall or something, and somebody got in.Are political parties harder to protect?
You have people coming and going all over the US, exchanging information, sending things to each other. It's just very hard to imagine how to design an effective security system for such a dynamic and distributed system like that, which people really need to use to get work done.What's the cybersecurity community expecting to happen next?
Attack capabilities in this space are likely to increase as more and more governments put more resources into developing them. And I think that increasingly we will see groups use this to try and further aims that they might otherwise try to do through other means. We'll see countries continue to use this to influence elections, especially if it's effective in this case.Should I just avoid email altogether?
I have multiple conversations per week with people in person or on the phone intentionally. When I'm going to say something that I don't want put in an email, I will not put it in an email. It's wise to consider what you write down, and what you stick in emails.Follow Mike Pearl on Twitter.