Keeping up with the latest in cyber security news? The heat is on in the political (read: government) arena. We have your week in review covered, to keep you abreast of the cyber-crime scene. This week: eyes on Washington, D.C.
The Clinton Foundation
As you probably know, Hillary Clinton and the Democratic campaign have been making international headlines completely unrelated to their political views: The Democratic National Convention, party’s fundraising for the U.S. House of Representatives and her personal emails have all been hacked in recent months.
In light of such attacks, the Clinton Foundation (the nonprofit established by former President Bill Clinton), hired security professionals to determine if they were also compromised. The good news for Clinton: the foundation, at least, seems secure.
The Trump Campaign
In light of recent news, the Trump Campaign hired an outside security firm as well. It seems that cyber-attack tactics utilized to infiltrate the Democratic Party have also been used on the Republican Party. U.S. Federal organizations cited Russia or Russian affiliates as responsible.
So why hack political campaigns? Right now there appear to be three possibilities:
1. Eaves dropping. Could another nation just be interested in the internal operations of the political system in the United States? Absolutely.
2. Financial Gain. Information obtained through eaves dropping could be sold to the highest bidder. Even the data collected by political campaigns has a value on the cyber black market: supporters, financial records, political plans, etc. all go for a price on the dark web.
3. Planning an attack. All that data-gathering could lead to a major national manipulation. Could Russia or another nation be attempting to manipulate political results? Do they intend to just disrupt the process and create some chaos? The precedent was recently set when the Australian census crashed on the due date. A hacker goal might be as simple as creating chaos for its own sake.
The NSA Hack
If you’ve been following the speculation around a possible NSA hack, new details have emerged. When a group calling themselves “ShadowBrokers” set up an auction for leaked hacking tools, purportedly obtained from the Equation campaign (a group believed to have worked on government contracts, including for the NSA), the National Security Agency remained silent. While the silence persists, new leaks confirm the NSA link.
The virtual fingerprint identified by recent Snowden leaks contains an exact sequence known to have NSA ties.
Beyond the potential fallout from this particular hack and its subsequent auction, the sale poses some tough questions for government security operations. Such as:
2. Contracting— when an organization like the NSA outsources functions, can security levels really be maintained? As data gets shared or transported between organizations, additional risks arise.
3. Cyber blackmail— ShadowBrokers’ sale surfaces questions of dark web financial gain: hijacking data, particularly of value to corporate operations, for blackmail profit. In the past hackers may have targeted retailers like Target Corporation for credit card numbers and identity theft. With cyber blackmail, cyber criminals have an additional revenue stream, one with hefty corporate or government price tags.
Could all of these attacks have been avoided with the right security measures? Hindsight being 20/20, as we monitor security feeds from industry and government resources, we prepare for similar attacks in other organizations. Not just other governments and political organizations need take note: businesses small and large face similar attacks. Data sharing between organizations stands the best chance of helping us all survive similar attacks.