Everything old is new again.
That’s a key point our chief research officer Mikko Hyppönen keeps making when discussing the current online threat landscape. And it’s especially relevant when it comes to one of the most controversial stories of the 2016 United States presidential election — the hack of the Democratic National Committee.
If it turns out that a foreign government is actually attempting to meddle a domestic election, this would not be something history has never seen before — even if the methodology, brazenness and scale of the meddling might feel new and ominous.
F-Secure cyber security advisor Erka Koivunen points out that nation states have long been involved in “information warfare and the age-old use of misinformation, deception and false flag activities.”
Hacker Andrés Sepúlveda says says he traveled throughout Latin America “rigging major political campaigns.”
Sepúlveda claims that he “led a team of hackers that stole campaign strategies, manipulated social media to create false waves of enthusiasm and derision, and installed spyware in opposition offices, all to help [Mexican president] Peña Nieto, a right-of-center candidate, eke out a victory.”
And the idea that our growing reliance on information technology makes democracy uniquely vulnerable has been inspiring rumors of attempts to hack U.S. presidential elections for more than a decade, even sparking the imagination of those who believe that Anonymous may have prevented the hack of the 2012 election.
Koivunen explained before that if you’re involved with politics in 2016 that has international import, you have to assume you’re being hacked.
Hacking of high level political officials especially during a presidential election is now as predictable as the cyber attacks that inevitably pop up around every Olympics.
But “hacked” is such a broad term it’s important to distinguish the degrees of hacking.
“Owning an election is gold; being able to influence it is silver; knowing the outcome in advance is bronze,” Erka says.
We have no idea if someone is trying to hack the election systems of a crucial U.S. swing state. But it seems that someone is trying to influence the 2016 election.
Wikileaks, the organization that released the data from the DNC hack, has admitted that it timed this leak to do maximum damage the Democratic party nominee Hillary Clinton.
And certainly every country in the world is trying to get all the intelligence they can that will help them prepare for the first new U.S. president in eight years. Certainly, the United States would be doing the same thing.
What makes the DNC hack particularly newsworthy is that evidence of Russian cyber espionage — including F-Secure Labs investigation into “The Dukes” gang — makes is easy to accuse Russians of meddling in the election. And what’s even stranger is that one of the U.S. major party candidates seems to be welcoming Russian involvement, at least as a sarcastic jest.
So did the Russians hack the DNC, as some experts claim?
This is why nation states love cyber attacks: attribution is very difficult to pin down.
“Were the Russians in the DNC network? Sure,” Mikko tweeted. “Did they plan to do this hack to support Trump? I don’t think so.”
The goal is simply to capture as much information as possible so you can at least win a “bronze,” as Erka calls it.
“I think the Russians are in the network of the Republicans as well,” Mikko added. “They wouldn’t be doing their job if they weren’t.”
So why did the information come out?
Perhaps they saw a chance to win a “silver.” Since they’d already been outed, they decided that they emails were “too good not to use.”
With the leap from bronze to silver the potential rewards and risks grow exponentially.
So does this mean they might go for the gold?
Wouldn’t you, if you had the opportunity?
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
April 18, 2018