No matter which side you stand on, we can all agree that 2016 was an unusually crazy election year. Aside from the actual politics, this was the first time we spent all year talking about election hacking.
But we can’t just relax now that the election is over. Russian election hacking is only just starting!
After successfully disrupting the U.S. election, Russian hackers are setting their sights on Germany’s 2017 election. There’s still time for Europe to learn from America’s cybersecurity struggles.
This Isn’t Just Paranoia—Germany Is Facing Real Threats
Germany’s election hacking threats are similar to how the U.S. situation got started. In May 2015, the German Parliament network was hacked and it took the country’s intelligence agency over a year to identify Russian attackers as responsible.
This inability to detect intrusions is a real threat to the upcoming election! So much so that Hans-Georg Massen, head of Germany’s domestic intelligence agency, has publicly explained there is growing evidence of Russian attempts to influence 2017 campaigns.
While the persistent 2015 hack was ultimately mitigated, a recent cyber attack has refueled concerns over Russian interference. In late November 2016, nearly 1 million Germans lost internet and phone access in an attack similar to the major U.S. internet outage in October.
The attackers attempted to add routers to a botnet, which would let them launch future attacks using the routers as remote-controlled infrastructure—a perfect foothold for upcoming election hacks.
This botnet attack seems to have failed, but we’ve seen how easy it is for attackers to evade detection and German intelligence leaders are understandably concerned. As we move into 2017, these leaders must get out ahead of Russian hacking groups.
What German Intelligence Should Know About the U.S. Election Hacks
It’s official—every U.S. intelligence agency agrees with confidence that cyber attacks related to the election were Russian attempts to implement a propaganda machine. Knowing the international implications, the CIA, FBI and NSA recently released a report warning European countries about Russian hacking group strategies and intentions.
Here are a few of the lessons to learn from the report:
- These Aren’t Rogue Attacks! We’re used to seeing independent hacking groups like Anonymous wreaking havoc. U.S. services have confirmed that Vladimir Putin is intimately involved in the influence campaigns that plagued the U.S. election. Don’t be fooled into thinking these are amateur attackers—take this seriously and act quickly.
- The Campaigns Are More Flexible than You Think: The Russian hackers showcased an ability to evolve over the course of the election. The initial goal was to undermine faith in the democratic process. But when it looked like Clinton might win, the focus shifted to undermining her competence.
- Persistence Cannot Be Tolerated: We can’t grow numb to the fact that it takes companies more than 200 days to detect data breaches. This isn’t the business world—we’re talking about the global implications of electoral processes. The report warns that Russian hackers gained persistent access to multiple state and local election boards (though they were not tied to vote tallying).
These are just 3 of the takeaways from the report, but one thing is clear. We need to detect these attacks faster!
Computer Forensics—Yes, We Can Detect Hackers After an Attack
Unless you catch "hackers" in the act, it is very hard to determine who was doing the hacking. Why wasn't this brought up before election?
— Donald J. Trump (@realDonaldTrump) December 12, 2016
Don’t get caught up in this idea that if you suffer an attack, you have no chance of figuring out who launched it. That’s flat out wrong!
The best write up on this subject by far is by Peter Stephenson, Technology Editor of SC Magazine in his, "Of Course it was the Russians." blog.
"This is a forensic process. The forensic process is born out of two things: the first is the scientific method and the second is Locard's transfer principle. The scientific method tells us to create a hypothesis and attempt to falsify, or disprove it. Locard tells us that if two things touch they each leave something of themselves behind. Both of these principles apply to the Grizzly Steppe analysis. Because the hackers with whom we deal routinely are quite clever we need to expect such things as obfuscation, false trails, and attempts to derail an effort at attribution. The solution is data – lots and lots of data."
It seems like firewalls and active, in-line blocking tools get all the cybersecurity glory. But what about computer forensics? We know that hackers (especially skilled state-sponsored ones) are more than capable of slipping past cybersecurity solutions—you need computer forensics to avoid dangerous persistence.
With the right architecture of network TAPs, in-line security appliances, and out-of-band solutions like computer forensics, we can make sure that Russian hackers don’t get deep into our networks to steal valuable propaganda material. We know exactly how to identify hackers even if they aren’t “in the act.” We just need to get more efficient at it.
If you want to learn more about ensuring maximum visibility to get rid of persistent attackers, download our free white paper, Maximizing Visibility in Security and Monitoring Tools.