US report on Democratic hacking was wake-up call for improved cybersecurity
By LESLEY CLARK | McClatchy Washington Bureau | Published: December 30, 2016
WASHINGTON (Tribune News Service) — A report that accompanied President Barack Obama’s announcement that the U.S. was expelling 35 Russian diplomats provided few new details about alleged Russian hacking of Democratic Party computers.
But it did offer a warning to Americans: Beef up your computer security because the Russians are probing vulnerabilities.
Cybersecurity experts said that seemed to be the purpose of the 13-page report, rather than laying out the evidence that Russians were behind the penetration of computer systems belonging to the Democratic National Committee and John Podesta, Hillary Clinton’s campaign chairman. Email from both hacks was made public by the anti-secrecy website WikiLeaks.
President-elect Donald Trump, who has voiced skepticism at the administration’s claim that Russian President Vladimir Putin was behind the hacks, on Thursday said he would meet with U.S. intelligence community officials next week to hear more details of their case against the Russians.
But on Friday, it remained clear that Trump hasn’t embraced the allegations, praising Putin for refusing to retaliate against the U.S. for the expulsion of the 35 and the imposition of sanctions on other Russian officials. Putin said he wouldn’t act against the U.S., at least until Trump takes office on Jan. 20.
Tweeted Trump: “I always knew he was very smart!”
In the meantime, computer experts said the Obama administration’s report asked for private companies and cybersecurity experts to examine their computer systems for any evidence of Russian hacking.
“Whether you are public sector, a company or not for profit, this is a wake-up call for you to realize that there are people who will target you and go after you whether you know it or not,” said Sam Curry, chief product officer of Cybereason, a cybersecurity firm founded by former leaders of the Israeli Defense Force’s cyber military intelligence unit. “This is ‘Take your security seriously.’”
The report’s prime objective is to help “network defenders in the United States and abroad identify, detect and disrupt Russia’s global campaign,” Obama said.
To that end, the report included a list of “indicators of compromise” — or pieces of data that identify potentially malicious activity — that are associated with suspected Russian military and civilian intelligence services. The administration asked companies to check to see if their systems had been affected by the activity.
“Even if the bad actors are no longer active in your system, it’s important for the government to know about and understand it,” a senior administration official told reporters in a telephone briefing. “It helps to fill in the bigger picture, provide greater insight into the scope and scale of Russian activity and helps all the network defenders.”
Though the report contained no further evidence of Russian tampering, it put the U.S. government stamp of approval on the findings from private security firms such as Irvine, Calif.-based CrowdStrike, which said it found malware with a digital signature linked to Russian military intelligence.
It could also result in exposing more attempts at hacking, said Matt Tait, founder of the British security firm Capital Alpha Security. The report warned that Russian cyberagents have targeted a wide range of organizations, including government agencies, “critical infrastructure entities, think tanks, universities, political organizations and corporations.”
“It’s adding cost to Russia,” Tait said. “This is sort of a way of doing technical harm to Russia by exposing some of their ongoing campaigns and making it a bit easier for cybersecurity professionals in the U.S. private sector.”
Cybersecurity officials noted the report did not appear aimed at making the administration’s case against Russia. That could come in an intelligence community report on Russian hacking that Obama has ordered released before he leaves office Jan. 20.
But Obama has already cautioned that much of that work may be classified. “We don’t want them to know that we know,” Obama said at a recent press conference.
Unclear is how much will be divulged next week to Trump, who has downplayed the administration’s insistence that Russia influenced the outcome of the election.
More than half of Thursday’s report focused on ways to prevent hacking, including warning against falling prey to electronic tricks like phishing and spearphishing — the way the hackers are believed to have gained entry to the Democratic computers. Experts said it was a call U.S. computer users needed to hear.
“If someone does a really good job of faking an email and then hosting a domain that looks legitimate, you can trick even a number of cyber sophisticated people,” said Tim Erlin, director of security and risk strategist at Tripwire. “It takes layers and layers of defense to protect ourselves.”
Proof that it was Russia behind the hacking will be difficult to come by, said Christopher Pogue, chief information security officer at Nuix, an Australian software company involved in cybersecurity and digital investigation.
“To attribute the activities to a specific individual is tremendously difficult,” Pogue said. “Saying it was the Russians is great politically, but from a technical standpoint is challenging.”