Russia hacked the 2016 presidential election.
It was made fact on December 29th by a Joint Analysis Report (JAR) released by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI).
This JAR elaborates on the strategies and tools used by Russian civilian and military intelligence services (RIS) to compromise the election. It's the explanation to the Joint Statement released on October 7th, 2016 from DHS and the Director of National Intelligence on Election Security.
It even has a pretty badass name: GRIZZLY STEPPE .
Shortly after being made publicly available an old friend of mine shared the link to Facebook. Obviously, I had to click.
Good news: It's only 13 pages.
Bad news: It reads like wet newspaper and is illustrated with fugly swimlane diagrams.
Thankfully this is Tech Translation, so let's explain it! I even took the liberty of making a cooler cover photo for the report.
Class is now in session.
The Short Explanation
Since the summer of 2015, two separate RIS groups did three major things:
1. Hack and control other legitimate sites, computers and accounts around the world. These machines did the dirty work while keeping their real identities and locations hidden.
2. Dupe targets with fake websites or bad links disguised with URL shorteners (like bit.ly) to steal login information or install remote access tools (RATs) for back doors into party systems.
3. Analyze initial information to craft even more convincing spearphishing messages to senior party members. This is the 'leaked' information we've been seeing on the news.
Phishing is the term for tricking people out of their information online. I actually cover it in more detail in another article. It becomes spearphishing when there's a list of specific targets.
According to the report, "at least one" regretful slob actually clicked to open Pandora's box. That's all it takes.
Imagine a virus that hides from your immune system and can make you sneeze on command to spread further. That's hacker malware; designed to operate and spread automatically while leaving no obvious digital evidence.
RIS groups successfully exploited both mechanical and human flaws to achieve their goal of disrupting our election.
So what if the election is over? There's no reason for them to just stop.
Everything Else In The JAR
This is obviously a complex, ongoing issue that deserves more than 13 pages. Not all security buffs are stoked on this report. There isn't much declassified data to sink their teeth into.
They do provide two lists of best practices and mitigation strategies. Let's see what professional security entails.
Best Practices (Translated)
1. Backups - Are there at least two copies of everything? No such thing as too much redundancy.
2. Risk Analysis - What are your digital assets? How critical to the business are they? How badly do others want to steal this? Things like that.
3. Staff training - This is critically important for any business, but especially government offices. Hackers prey on ignorance. In many cases, it really comes down to not clicking on that one link.
4. Vulnerability Scanning & Patching - As people have more time to poke around existing coding languages and software, backdoors and flaws are revealed. It's a game of cat and mouse. If White Hat (lawful) hackers find it first, a fix can be made and distributed. If Black Hat (criminal) hackers find it first... well we've seen the headlines.
5. Application Whitelist - this is a common security practice. Basically, only software that is specifically approved can be used. All other programs are automatically blocked.
6. Incident Response - Misleading because 95% of the work is in the preparation. Being able to quickly detect and eliminate criminal software or users is key. The stealthiest can exist undetected for years like barnacles, quietly siphoning out information.
7. Business Continuity - If the plug has to get pulled on key business infrastructure or information, can things continue on as normal? Having backups makes this easier.
8. Penetration Testing - Calm down boys. This just means hiring White Hat hackers to try and break in. These skills are in high demand right now to keep the good guys one step ahead.
Mitigation Strategies (Translated)
1. Software Patches - As I've explained in another article, a lot of updates are security fixes.
2. Application Whitelist - See above.
3. Restrict Admin Privileges - Don't give one person all the keys. A top goal for hackers is to take over an important account. Limit access privileges to only what is directly necessary for the job.
4. Network Security Zones - Like big digital doors that close to keep the fire contained.
5. Input Sanitation - Let's say a hacker types this (extremely fake) code command into the "Name" box of a contact form: C#:hack_the_world.exe. If the input is not "sanitized", the command could actually be run inside the system instead of being a name only C3-PO could love.
6. Firewalls - Not to be confused with antivirus, firewalls automatically block all internet traffic except what's permitted by specific rules. Kinda like whitelisting, it's easier to just block everything and have a short approval list.
That's all folks. The few remaining pages have response strategies for more specific corporate needs. I'm already over my word count here. Sorry Victoria.
Thanks for reading! Stay tuned for more #GRIZZLYSTEPPE coverage.
Leave a comment or reach out on social media to discuss with me.
@pjmulroe #MakeSecurityGreatAgain