Posts

Investigate Russian Hacking for Security, Not Politics (and get on with governing)

Our national security depends on cyber security, and Russian hacking threatens those defenses. Every day that I come to work, I see an erosion of traditional power structures at the hands of increasing cyber threats. The hacking of Yahoo by Russian operatives and the DNC are two such examples that have potentially shifted the balance of power from our marketplace and political sphere into the hands of Vladimir Putin, Russian cyber criminals and anyone piggybacking on their technology. Now that Roger Stone, an administration advisor, has admitted to contact with the DNC hacker (Guccifer 2.0), the ties are too direct to ignore. But we shouldn’t be doing this for purely political reasons, we should be doing it to clear our President and his administration of wrongdoing so that they can go on about governing the country and implementing their vision. 

If we don’t investigate the potential Russian hacking of the DNC with a thoroughness similar or better than the Yahoo hack, we are as much as admitting defeat in the cyber realm and simultaneously suggesting a coverup for political expediency. This isn’t about a single politician, this is about an entire political system. Cyber IS the new warfare, and we as a nation can acknowledge it now or after it is generally too late (which is what most corporations do). We don’t just need to get to the bottom of administration involvement, we need to get to the bottom of how Russian has inserted itself firmly in the midst of our democracy via hacking, trolling and kompromat (a Russian term for compromised materials, like hacked emails and tax records). 

Here are my recommendations for proceeding to have a neutral investigation of the charges so that we can clear our President and move on to discovering the source or our weakness: 

  1. Name a bipartisan select committee to investigate the alleged Russian hacking of our presidential election and President Trump’s ties to Russia. As they say, sunlight is the best disinfectant, and I’m certain that the administration has nothing to hide. But doing nothing sends exactly the opposite message – one of coverups and collusion for the sake of an election. 
  2. Since both Intelligence Committee Chairmen, Senator Burr and Representative Nunes, have close ties to President Trump, their involvement gives the appearance of bias. Taking a page from the book of Attorney General Sessions, both should recuse themselves from the investigation to eliminate all accusations of impropriety. 
  3. Appoint a well-respected Republican to chair the investigation so that it will be neutral, aggressive and fair. This is the only way to quiet the suspicion of corruption. Again, since the administration has nothing to fear, this is the only way to make the findings credible. To have colluded with Russia in any way would have been political suicide, so let’s prove this conversation false once and for all. 
  4. As part of it’s process, the committee would be wise to review Trump’s tax returns (in a confidential, non-public setting) to dispel any beliefs about his business or financial ties to Russia (of which he has assured us there are none) and extinguish two myths with a single stroke. 
  5. Commission an external, forensic cyber-penetration test to determine where the weaknesses lie within our cyber security so that loopholes can be closed before the next attack. This MUST be an external audit because there is too much at stake to leave this to governmental IT teams just trying to keep their jobs. Like students grading their own papers without oversight, unscrutinized self-assessments are necessarily faulty assessments. 

The end game of this investigation should be apolitical and focused on righting the cyber weaknesses inherent in our national cyber infrastructure.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Can Size of Trump’s Hands Explain DNC Hack?

Not unlike the purported size of his hands, Donald Trump has a rather small file of publicly known information compared to those who have been in the political spotlight for many years. That could be one of the motivating factors behind the recent hacking of the Democratic National Committee. While the size of Trump’s hands has little to do with any serious conversation, it does remind us that foreign nation states are highly motivated to collect the private information of powerful people. 

The DNC revealed recently that two groups had gained access to their information; one (dubbed Cozy Bear) had been monitoring the committee’s emails and chats for as long as a year. The other, “Fancy Bear”, hacked into the DNC in April to get opposition research files and was able to gain access to all of the DNC’s research staff computers.

The DNC said that no financial, donor or personal information appears to have been accessed or taken, suggesting that the breach was traditional espionage, not the work of criminal hackers. They suspect hackers used spearphishing emails to gain access. The DNC, who became aware of a possible beach after noticing “unusual network activity”, immediately contacted CrowdStrike to shut down the intrusion. CrowdStrike attributes the hack to Russian government hackers (although an individual calling himself Guccifer 2.0 has claimed responsibility and even released supposed documents). The two groups have hacked government agencies, tech companies, defense contractors, energy and manufacturing firms, and universities in the United States, Canada and Europe as well as in Asia. Cozy Bear, for instance, compromised the unclassified email systems of the White House, State Department and Joint Chiefs of Staff in 2014.

The Why Behind the DNC Hack

Naturally, other countries have a keen interest in the U.S. presidential election because they will have to deal with the particular policies, strengths and weaknesses of a potential future president. The emails and chats they’ve been able to observe probably contained very informative strategy and analysis.

As for the information on Trump, which was largely news stories, court documents and video clips that anyone could gather, what makes it so valuable is due to the fact that he has one of the shortest political resumes of any modern presidential candidate. The DNC has spent the better part of a year gathering research going back years on Trump. Rather than spend their own time aggregating data on trump, the hackers simply stole from the DNC.

Foreign governments would want to know, for example, about Trump’s foreign investments in order to understand how he would deal with countries where he has those investments should he be elected.  They may also want to know about his style of negotiating.

As the Presidential Election nears and the rhetoric ramps up, expect to see additional breaches of political data. The DNC Hack is a perfect example of politically motivated cyber espionage that has nothing to do with financial gain. Has your organization identified and protected its critical information assets? Failing to do so might allow your risk to get out of hand. 

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.