So, here we are, rounding out 2016, and we have a new President Elect, a massive amount of fear mongering, and divisive and frantic discussions about the “future” and “next four years”…
And now, the “ZOMG RUSSIA HAXORS THE MATRIX/GIBSON/NSA/DNC/YOURMOM” and we have no actual proof of that.
and we’re ejecting people from the country, and stirring up global tensions. Huh…
If you’re wondering why this is happening, I would suggest that everyone think about who profits from world unrest. and follow the money.
But please, stop calling everything a hack. The Secretary of State broke the law, and the FBI Director stated that he could find no “criminal intent”. However, the law doesn’t REQUIRE that criminal intent be there, in order to indict. So, again, follow the money.
The DNC failed to protect their information technology systems and infrastructure using the most BASIC of controls, because they were “too cumbersome” for the DNC to use.
This isn’t about “hacking”, or being attacked. The DNC basically set themselves up, and exposed their data to the internet, and someone targeted their organization, to see how well/poor the organization does with information security. (Yes, a bad actor)
They found out that the information security policies weren’t being followed, and found an easy way to get information and a foothold into the network. Once that happens, it’s basically a lateral movement, and takeover, of which I won’t bore you with… but it’s pretty much over at that point. (for any organization)
If it wasn’t APTnn it would have been another group, because this is a constant battle in information technology. However, it appears that businesses have lost a level of understanding around the #rigor that is needed to make systems function in a secure, reliable, and repeatable processes to further business.
As an analyst, I’m seeing a growing lack of understanding of why #rigor needs to be in the workplace, but I’ll leave that for another post.
So, did Russia do it?
For me personally, I would need to see non repudiable logs of the actual network traffic, with verifiable tap source locations, and there would need to be a complete snapshot of all routing tables, etc… to actually begin to “prove” that there was, actual Kremlin involvement in the DNC leaks. Which, is most essentially, an impossible ask. Which, is why you’ll hear so many information security professionals agree, “Attribution is hard”((TM) Dave Marcus).
So, what do YOU think? Leave a comment, and I’d like to wish you all a Safe, Prosperous, and Happy New Year!