Security from the ground up
The ease with which cybercriminals penetrate national data systems is evident in the indictments issued this month by Special Counsel Robert Mueller for 12 Russian nationals. Not only did these hackers steal data from the Democratic National Committee (DNC), but they also broke into the databases of state-level election systems, all for the purpose of interfering with the 2016 presidential election.
Mueller claims in his indictment that a Russian military intelligence agency, the Main Intelligence Directorate of the General Staff (GRU), executed the cyber operations going back as far as 2015. GRU officers used various methods to hack the email accounts of volunteers and employees of the Clinton campaign and the DNC, and released stolen materials in April 2016.
In June 2016, state-funded hackers researched Democratic Congressional Campaign Committee (DCCC) and DNC networks to find vulnerabilities and sent false emails to members of the Clinton campaign, including one from an email account in the name of a member of the Clinton campaign, with a one letter deviation, a cybercrime technique know as “spear phishing” to steal passwords and gain access to private information. Other attacks included the use of malware and other hacks.
The hackers released documents through an online persona, DCLeaks, to publicize the information collected. The domain was paid for using cryptocurrency. Although not part of the indictment, a NSA report from May 2016 has been leaked claiming that the GRU was hacking software companies to attain voter information before the election. A Maryland-based software vendor, ByteGrid, is also being investigated for its ties to a Russian investor. ByteGrid owns servers that contain voter registration data as well as other important election information. An ownership stake was purchased by AltPoint Capital Partners, who are largely backed by Russian investor Vladimir Potanin. It is unclear whether voter information was leaked by the firm, but the investigation highlights vulnerable points in the voting system that could have been used to influence election results.
Data leaks and cyber attacks are not only issues for corporations such as Equifax and Yahoo; cybersecurity affects every aspect of our lives, including the foundations of our democracy. The Cold War was fought with threats of physical consequence, primarily the threat of nuclear war. While cybercrime appears to be comparatively less severe, technology and data are, at best, just as devastating. As the modern battlefield has evolved, data security must evolve as well. The Internet was not designed to include the uses it has today and security was less than an afterthought. Companies that collect mass amounts of consumer data and our government need to adopt the responsibilities of protecting data because of its impact on the real world.