Fidelis Cybersecurity
Fidelis Blog

Comments

DNC Email Leak: A Cybersecurity Watershed Moment

In politics, getting the dirt on your adversary is nothing new. Candidates and campaigns have been trying to dig up dirt on each other since the dawn of democracy in Athens. More recently, we’ve seen everything from burgling party headquarters, to wiretaps, and campaign stalkers that record every word a candidate utters in public.

Most of these methods were employed to obtain information on an opponent so the information could be “weaponized” into a “gotcha” moment during a speech or used as a campaign talking point to discredit the opposing party. But as we watch the DNC leak unfold, it signifies an important watershed moment. Here’s why.

The DNC breach demonstrates the sophistication of a well-planned cyber espionage attack. First, the scale, timeliness and sensitivity of the data is significant. A massive dump of twenty-thousand emails was stolen and posted online for the world to see. It went beyond the release of a big data archive as we saw with the Ashley Madison and other recent data breaches.

Wikileaks took it a step further by putting the emails into a search engine. With the data now indexed, people could easily search and find the topics they’re most interested in. Private, internal email conversations between democratic party leaders revealed a collusion to give the nomination to Hillary Clinton, remarks about Sanders’ religion (or lack thereof), along with a variety of other topics.

Then there was the timing. All of this confidential information was exposed just before the start of the Democratic National Convention. Releasing thousands of documents worth of confidential information is the new norm. In December 2015, I predicted this would happen and it continues at greater scale and severity

Another reason this is a watershed moment centers around the suspected actor who committed the crime. Over a 12-month period, the DNC was victim to not just one, but two intrusions from a nation-state actor, Russia. They had access to the DNC’s complete network and endpoint infrastructure, including email servers. With that much time and access it’s more logical to ask what they didn’t take than speculate what they did take.

From a cyberespionage perspective, it would be surprising if the Russians simply didn’t grab “all” of the emails from the DNC. Now, it’s a matter of wait and see as to what other confidential information will be released and when.

While it is certainly possible that an insider was responsible, perhaps someone that was disillusioned about the DNC/Hillary link or upset with Sanders losing the primary, in order to commit the crime an insider would need access to the DNC email servers. Access to internal networks are typically guarded with tight access controls. Any unauthorized access would have alerted network administrators and have been discovered by Crowdstrike during their investigation.

Finally, if Russia is to blame, this breach marks the first time that a nation-state has used cyber espionage to influence a United States election. Sure, nation states have their preferences on who we want to choose as our President, and may even try some of their spycraft or dollars to influence it. But this email breach crosses a red line that we haven’t seen crossed before.

If you look back over the last five years there have been plenty of other watershed moments as cyber has become a primary domain used by nation states. A few others include…

  • 2010 – Malware “Stuxnet” released by western nations to disable Iran’s centrifuge efforts. This is widely attributed as the first kinetic cyberattack on record.
  • 2013 – Mandiant releases APT1 report exposing China’s cyberespionage campaign to steal commercial intellectual property for their own economic gain.
  • 2014 – N. Korean’s attack on Sony. Not only one of the most destructive cyberattacks by disabling thousands of machines, but the first of many “embarrassment” leak breaches (Ashley Madison and others) to follow.
  • 2015 – Suspected Chinese state sponsored attackers breach the Office of Personnel Management (OPM) and steal the “crown jewels” – top secret background files on millions of Federal workers.

If a nation-state is to blame for the DNC email leak, one thing is certain, this event will have shifted from a partisan issue to a national security issue. The safety and security of our nation revolves around the democratic process to elect our leaders.

It’s a slippery slope. If nation states choose to interfere or influence this process, the question becomes: “What will the next red line be?” We can be sure of one thing: the United States of America will have to act accordingly to ensure that these attacks are prevented in the future.

-Fidelis Cybersecurity CSO Justin Harvey

Stay up to date on all things security

Subscribe to the Threat Geek Blog