Did the Russians hack our election?

Posted on by

I have watched the series of reports about the Russians trying to influence our election last fall with a mixture of disbelief and interest. I wanted to put together links to some of the better reporting, and also call out some of the sub-standard reporting to steer clear from.

Let’s start with what we know and what has been released to the general public. The best quality of information came from this report from Crowdstrike back in June. They were called in by the DNC to try to get to the bottom of the attacks on their network. This post has many details that point out indicators that two separate Russian state intelligence agencies had penetrated their networks over a long period of time. They entered via phished emails and then proceed to infect various PCs with a boatload of malware, most of which was very clever at avoiding detection. When you look at the Crowdstrike report, you can see why this malware was so difficult to pin down: you needed the experience and context of other attacks by these Russian state actors to see the similar patterns of compromise.

I assume that our government has this experience, but getting them to tell civilians in an unclassified report is another matter entirely. Still such a report was done by the FBI and Homeland Security recently, and it can be found here. Sadly, this report comes up lacking in several areas: it doesn’t tie any specific Russian sources to these attacks, it doesn’t help network defenders to prepare their own networks for future similar attacks, and it contains mostly high-level platitudes and security chestnuts that aren’t very unique or actionable.

The feds didn’t do themselves any favors here. I agree with Bruce Schneier’s assessment: “If the government is going to take public action against a cyberattack, it needs to make its evidence public. It’s one thing for the government to know who attacked it. It’s quite another for it to convince the public who attacked it.” He links to previous attacks such as Sony, OPM, and Estonia that took some effort to figure out the originating offenders.

Also not helping matters was when the Washington Post ran a story about the Russians hacking into a Vermont electric utility. They later corrected the piece, leading with the statement they “incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far.” Oops. The issue is that yes, one piece of malware, which can be purchased online from a variety of sources, was found on a laptop belonging to one employee of Burlington Electric. This laptop was a personal machine and not part of any operational function for the utility. The Intercept unpacks the Post story technically bit-by-bit so you can see the sloppy reporting and reactions forthwith.

Various security researchers have come out with similar negative reactions to the DHS/FBI report and the Post piece. Here are links to three of them:

So if you are a corporate IT manager, what needs to happen, going forward? First, you should re-read the Crowdstrike blog post from last June and make sure you – and your security staff — understand the various infection vectors used by the Russians. Next, you should take the time to ensure that your defenses actually will work against these vectors, and if not, what gear you need to put in place to make things more secure. Finally, you should not over-react to the general press stories about hacking attempts, without doing some careful investigation first. As a recent example, stories such as the US Customs computers going offline on Dec. 28th – which were originally attributed to a hacking attempt – turn out to be nothing more than a bad systems upgrade by their IT department.

4 thoughts on “Did the Russians hack our election?

  2. We have definitely entered a new era of “life”. Unfortunately, anything that’s written and transmitted electronically can return and bite us. We will have to remember our “manners” when speaking about and to others as anything that we consider confidential and “clever” is no longer confidential and “clever” to all readers. Before the internet the influencers where the media including “opinion” makers. Now it is everybody & everything that we “expose” to others whether intended or otherwise. I think it is academic as to who “did” it but “they” did us all a favor through demonstrating in a dramatic why that we all have to get a “grip”.

    Reply

  3. thanks, Dave~ the whole thing seemed like bad political theater at it’s worst~ the point being to distract the public, blame the bogeyman, and not deal honestly with the outcome of the election.
    thanks for researching and confirming what should have been obvious. yikes!
    ///hope you and the fam are well~

    Reply

  4. As an outsider, as far as your wonderful country is concerned, I suspect that this is the first time in the history of the modern world that another country has successfully finagled the election of a powerful person to head another country without being overtly seen as participating in an election. It would seem to me that this process is a new example of the art of diplomacy.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.