Why It’s a Little Too Easy to Pin Cyberattacks and Hacks on Convenient Enemies

Politics Features Cyberattacks
Why It’s a Little Too Easy to Pin Cyberattacks and Hacks on Convenient Enemies

The 2016 US presidential election campaign can be best described as tawdry, reaching a new low with Donald Trump’s remarks about women.

But it’s also stepped heavily into an arena that no election before it has: information security. Clinton’s infamous email server was a huge catalyst for this discussion but so too was the leak of DNC emails published by WikiLeaks. Now couple this with the breaches of voter databases in states like Arizona and Illinois.

Fingers were pointed at Russia for hacking the DNC and in October, the US government made a historic move. It formally accused Russia of the hack and its actions, which “intended to interfere with the U.S. election process”. It was a big move for the US whose relationship with Russia is fraught as it is.

“Yes, I believe it is Russia,” Jon Miller, chief research officer at Cylance and a specialist on nation-state attacks, tells Paste. “Is it possible to fool someone to make it look like it was Russia when it wasn’t? Absolutely. I just don’t think that’s really feasible. It’s possible, it’s just not probable.”

There is mounting evidence suggesting Russian hackers—whether they are government-sanctioned or rogue operators—are behind the attacks on Clinton and the Democrats. The shady hacker group Fancy Bear, unearthed by CrowdStrike earlier this year, is alleged to be one of the groups responsible for the DNC hacks. But what is this “mounting evidence”? Do we have the ability to accurately attribute cyberattacks to specific nations? If so, in what way is the public able to hold the government accountable for those accusations?

Guns and missiles—even aggressive negotiation—those acts of hostility are tangible. We know what an act of war is. But the problem with cyberwarfare is that it is the kind that the public will never really see.

Consider this: we’ve seen the US government take us to war with faulty information in the past—few discount that now. But now in the world of cyberwarfare, that paper trail is nearly invisible. How can we possibly hold our government accountable when a threat or attack from enemies is essentially anonymous?

Hacking the Election

While cyber threats to the US or any country aren’t to be downplayed, the direct threat of hacking to an election may have been overemphasized, according to political scientist and consultant Michael Montgomery.

“Unless the bad guys knew in advance that this election would hang on a few particular places, there is no realistic potential for altering the US election result through online hacking,” he says as results are still tabulated offline.

“What is possible would be a pre-election online attack to scramble registered voters lists and slow or delay voting in some areas.”

As we approach November 8, the fabled undecided voter could be swayed at any time. Hacked and altered opinion polling information could sway a voter with false or inflated details or censored information that doesn’t give us the whole picture. By targeting social media and news sites, cybercriminals can stymie the flow of information to voters.

Attacks of this scale for a long time have only been theoretical until a recent incident put it into practice.

In late October some of the web’s biggest and popular sites like Twitter and Reddit were all heavily disrupted by a mass DDoS attack on DNS provider Dyn. The scale was largely unprecedented and stoked fears of another nation state attack.

These sorts of attacks are much more probable than a direct attack on an election result, which would take a staggering amount of preparation and insider access. Chris Roberts, Acalvio chief security architect, explains that any attacker would have to do extensive research on how elections operate in the US and would need to attack from several directions, and not just in the software side of things.

“Where’s all the hardware manufactured? Where are all, or most, of the chips, microprocessors or memory circuits produced?” he asks. “I’m going to bet a lot comes from overseas, so our concept of a software or external attack might be the wrong direction to look in.” One US elections system vendor uses developers in Serbia for example but the firm said its “accuracy, integrity and security” isn’t in question.

Who are these state-sponsored hackers?

stuxnet.png

In recent years, the chat around state-sponsored cyberattacks has become much more prevalent. There are several incidents of alleged government-backed cyberattacks that were once considered outliers but have since joined the ranks of cyber lore and act as a sort of benchmark for which all nation-versus-nation hacks are now measured.

Stuxnet is the obvious example. The “cyberweapon” was allegedly a joint creation of US-Israeli forces designed in 2009 to sabotage Iran’s nuclear program. The worm went right after the centrifuges of a plant in Natanz that enriches uranium in an attempt to spoil nuclear production. It targeted computers running Windows and disrupted the controls for managing machinery. The worm had been quietly turning up the pressure on centrifuges for a year before detection, causing irreparable damage.

In her book “Countdown to Zero Day”, Wired journalist Kim Zetter shows how Stuxnet emerged as the world’s first cyberweapon and it won’t be the last.

North Korea may have taken a few hints from this. The country remains shrouded in mystery and the same can be said for its hacking exploits.

Infamously North Korea was accused of hacking Sony in 2014 (still not 100% proven) to prevent the release of The Interview, a comedy that derided Kim Jon Un. It’s also been a regular suspect in attacks against its neighbor South Korea.

The South’s government said it anticipates a “massive cyber attack” at any moment from its rival. The computer servers running Seoul’s subway was attacked in 2014, likely by the North, and just last month reports surfaced that the country’s military sustained a number of attempted hacks, once again attributed to its northern foes.

Kim allegedly operates a military division of hackers called Bureau 121 that carries out the North’s cyberwarfare deeds. “They have in fact, electronically attacked US companies,” claimed US General Vincent Brooks in April while in 2013 a Department of Defense report said that North Korea began developing its cyber strategies to compensate for its poorly armed traditional military.

Despite all these apparent hacking capabilities, attribution is still very difficult. However, a pattern often emerges with certain countries whether it’s Chinese forces blamed for the data breach at the Office of Personnel Management or Russia during this election. It should be noted that this certainly is not the first time that Russian forces have been blamed.

Russia (allegedly) makes its move

vladmir putin hack.jpg

Photo by Getty Images / Adam Berry / Stringer.

In 2007 Russia’s Baltic neighbor Estonia fell prey to a cyberattack. Websites of government ministries, banks, and news media all buckled under the weight of DDoS attacks and some party websites were hacked and defaced. It all stemmed from Estonia’s controversial decision to relocate the Bronze Soldier of Tallinn, a Soviet-era statue, along with the remains of buried Soviet soldiers.

In late 2015, a power grid in Ukraine was attacked and partially shut down leaving people in the Ivano-Frankivsk region in the dark in the cold dead of winter. It was an example of some of the worst fears emerging of the threat to critical infrastructure and industrial control systems. Some were reluctant to lay the blame on Moscow or but others like F-Secure chief research officer Mikko Hyppönen was blunt in his assessment that the Ukraine incident was an act of war.

“We shouldn’t be surprised that espionage and attacks have gone digital along with so many other things in our world. This is the world we live in now,” says Intel Security CTO Steve Grobman but adds we should be always wary of spoofed identities before coming to a conclusion.

“Regardless of who the perpetrators are, they are ‘hacktivists,’ or hackers with activist intent. They probably seek to shake voter confidence in the American electoral system, and they only have to have one high profile attack to achieve this goal.”

Russia sort of feels like the obvious perpetrator in the cyber arms race but this may not always be the case when the tools and means to carry out operations become more easily available to other countries and cybercriminals.

Hacking back

While the discussion around the US’s cybersecurity during this election has been rather negative, the fact that it’s being discussed at all is some kind of progress. “It is refreshing to see cybersecurity at the forefront of the national security conversation in this election and we see the promise of further progress in the coming months and years,” according to Grobman.

But how will the outcome of November 8 affect this progress? Trump has shown little insight into cybersecurity matters and Clinton has had her own obvious scandals surrounding technology and security. Are these candidates people that can be trusted with the threat of cyberwarfare? Or more importantly, can they be trusted with the delicate matter of attributing cyberattacks to certain people or nations without agenda?

Regardless of what you believe about the hacks—whether you take the government’s blame on Russia seriously or not—attributing cyberattacks to convenient enemies isn’t going to stop any time soon. If we don’t start demanding more transparency behind such attribution, Trump, Clinton, or whoever is President in the future, will undoubtedly have an immense amount of political power. In the future, having an excuse to take a nation to war might make the Iraq War seem justified in retrospect.

Share Tweet Submit Pin
Tags