Cybersecurity experts say Democratic National Committee officials should have expected their network to get breached well before it was announced this week, and that they should know it’s probably still a playground for hackers.
Related Story: http://www.washingtonexaminer.com/article/2587111
“This is probably much more common than people are thinking,” said Ed Cabrera, the head of cybersecurity strategy at security firm Trend Micro. “This kind of targeting and compromising of political and personal networks and data is common.”
The observation follows a Tuesday announcement by cybersecurity firm CrowdStrike that hackers have been roaming the DNC’s network for at least a year. Researchers specifically identified two groups known as “Cozy Bear” and “Fancy Bear,” both linked to Russian intelligence services.
Since the discovery, someone calling themselves “Guccifer 2.0” posted documents that they said were stolen in the hack to a WordPress blog, including an opposition research file on Donald Trump. The author insists it was a solo job, but skeptics said it was part of a transparent disinformation campaign by the Kremlin.
“Whether or not this posting is part of a Russian intelligence disinformation campaign, we are exploring the documents’ authenticity and origin,” CrowdStrike said in its statement. “Regardless, these claims do nothing to lessen our findings relating to the Russian government’s involvement, portions of which we have documented for the public and the greater security community.”
Significance is more than docs. Hacktivists, possibly state-sponsored, now demonstrating intent — and capability — to influence elections.
— Edward Snowden (@Snowden) June 16, 2016
Either way, Cabrera said, it’s safe to assume the network is now being well-trafficked by intruders.
“Essentially any organization that is breached, you almost always have to assume there are still threat actors on your network, and you should always go along with that assumption,” he said. “It is not uncommon to find multiple threat actors residing and burrowing into victim networks with different motivations, and these compromises would be no different.”
John Hultquist, the head of cyberespionage at FireEye, said the major parties and their presidential candidates should at least expect to get hacked by all of the governments with sophisticated cyberregimes.
“It should be assumed that nation states such as Russia and China are interested in gathering as much intelligence as possible on both campaigns in the lead up to the general election,” Hultquist said. “We’ve seen this in past election cycles, 2008 and 2012 specifically … and would expect it in all cycles moving forward.”
Political institutions have been slow to adapt to that principle, though it has not been for lack of information. Director of National Intelligence James Clapper said in May that presidential candidates were being actively targeted by foreign intelligence agencies, and retired Gen. Michael Hayden, a former director of the NSA, said in March that he would be dumbfounded if Hillary Clinton hadn’t been hacked by “scores” of intelligence agencies when she served as secretary of state.
Related Story: http://www.washingtonexaminer.com/article/2591650?custom_click=rss∣=1
“I think a problem with information security is that we can be on a reactionary mode where we really need to be on a more proactive model of threat response,” Cabrera said.
Hultquist said he hoped the candidates would learn something from getting hacked on their way to the presidency. “Whomever wins this election needs to prioritize cybersecurity as one of the highest national security concerns … moving us away from reactionary strategies towards proactive, intelligenc-led strategies that restore a position of dominance,” he said.
“This incident really should drive home just how ill prepared we are using legacy defenses [and] just how high the threat level is.”
