It's happening. The first time we spoke about hacking threats towards the 2016 election, all we could report on was a poll that showed a lot of people were worried about the prospect. The second time we reported on it, back in March, something had happened—the hacktivist collective known as Anonymous had targeted Trump's companies and electoral campaign. This turned out to be a bit of a false alarm.
Now, in September, the warning signs are over. It's actually happening—our election is under cyberattack.
More to the point, what we're experiencing right now isn't just an anarchic group of pranksters or transparency activists attempting to make a point. It isn't even criminals looking to exploit stolen personal identifiable information (PII). From a certain point of view, the actions taken to disrupt the 2016 election literally constitute warfare. Let's explain.
First of all, let's start with a well-supported assumption: The high-profile attacks which resulted in the leak of over 20,000 emails from the Democratic National Committee was probably carried out by state-sponsored Russian hackers. There are excellent reasons why this should be the case, including Russian-language code, similarities to other advanced malware linked to Russia, and tactical similarities to known Russian-linked hacking groups. Competing theories don't hold much water, so this is what we're going to go with.
There are also excellent reasons why this is worrisome. The Russian government operates using a strategy of 'hybrid warfare," which expertly combines acts of outright criminality—hacking and annexation, to name two—with expertly-run public relations campaigns that give these actions the veneer of legitimacy. Analyzed through this lens, the DNC hack is a perfect example of hybrid war.
We know that hackers were inside the DNC servers since at least the fall of 2015. The hacks were discovered in the middle of June—but the emails themselves weren't released until practically the eve of the Democratic Convention. The emails were released through Wikileaks, an apparently neutral venue that often benefits Russia with the information it discloses. Lastly, during the furor, an army of paid Russian trolls impersonated Donald Trump supporters, adding to the chaos.
The DNC was the textbook definition of a hybrid warfare campaign, basically the polar opposite of the fumble-fingered hacktivist campaign against Donald Trump. The attackers didn't use anything as crude or as public as a DDoS attack to achieve their ends. Rather, they used stealthy malware that hid for the better part of a year. What's more, these attacks are part of an apparent sustained effort—we haven't seen the last of what Russia has up its sleeves.
For example: recently, the airwaves were rocked by admissions that hackers (again potentially from Russia) had broken into state election boards in Arizona and Illinois. From the latter, they stole nearly 200,000 election records.
In this instance, we'd be remiss in fanning the flames of hysteria. Several media outlets have implied that this kind of attack could potentially alter voter records or prevent people from voting, and this is simply not the case. Given the nature of the attack, which involved an elementary code-injection attack, this was much more likely to be a purely criminal, as opposed to criminal, endeavor.
Nonetheless, the reaction to the hack—if not the impact of the hack itself—is telling. People sense instability. They don't know what's happening next. They're waiting for the other shoe to drop.
For enterprises and government agencies everywhere, these examples should be a telling lesson about what happens in the event of a major security breach. People like to think that the systems that support them throughout their lives are dependable—that they can store their credit card information, PII, and financial data with a company or with a government, and that it will stay private. When that sense of dependability is shaken, your customers, supporters, or constituents may react unpredictably.
For all organizations hoping to establish a secure and trusted system, Garland Network TAPs are necessary. This is foundational technology for establishing visibility within your network, allowing you to see every bit, byte and packet® that could indicate a long-running APT or an infiltration via code-injection vulnerability.