Among the less dramatic portions of the Mueller report are the details of how Russia’s Main Intelligence Directorate, the GRU, hacked the Democratic National Committee’s servers. Given the stakes of special counsel Robert Mueller’s investigation, the methods of the GRU’s machinations likely won’t garner much attention, but from a cybersecurity perspective, they’re truly alarming.
On April 12, 2016, the GRU successfully accessed the Democratic Congressional Campaign Committee’s computer network using credentials obtained through a single spearphishing attack — a personalized and targeted form of phishing used to con someone into sharing credentials with the hacker. Within a week, the GRU had compromised 29 different DCCC computers by traversing the network. It hacked into the DNC network using a virtual private network. From there, the GRU implemented malware on both networks, using Trojan viruses and keystroke loggers to aggregate sensitive information.
The rest is history.
We’ve known for some time now the basic infrastructure used by the Russians to hack into the DNC, but to see such an unsophisticated plan laid out in full, juxtaposed with its extraordinary success, is jarring.
First is the matter of personnel. Clinton campaign chairman John Podesta himself fell for one of the GRU’s spearphishing operations — hence the explosive Podesta dump WikiLeaks orchestrated prior to the 2016 election. While human error is understandable to an extent, the leaked DNC emails demonstrated that its employees were willing to put information as sensitive as their Social Security numbers in the bodies of emails.
But even more alarming than the apparent incompetence of top Democratic staffers was the utter lack of basic cybersecurity protocols protecting their networks. According to the Mueller report, among the accounts hacked by the GRU simply traversing the DCCC network in the first week after the initial successful spearphishing attack were those of IT administrators with “unrestricted access” to the system. They ultimately extracted 70 gigabytes of data from the Clinton campaign and 300 from the DNC.
The pace at which the GRU was capable of sweeping across entire servers for specific emails was alarming. At one point, Mueller even writes “it is unclear how the GRU was able to identify these email accounts, which were not public” within just five hours of Trump’s “Russia, if you’re listening remark.”
All of this brings up a fundamental problem: The DNC was never equipped to host its own emails.
Private companies like Yahoo and Google excel at protecting their servers from wide-scale sweeps of content such as those performed by the GRU. A system susceptible to being hacked through a mere VPN is not a secure one.
Call it hubris or incompetence, but the point remains: The same people that want to nationalize your healthcare, and thus necessarily lay hold of your most private data, can’t even protect their own emails.
