Following the news that hackers are targeting the US presidential campaigns, IT security experts from Tripwire provide insight into the motivations of the attacks and what we can expect in the run up to the election:

Dwayne Melancon, CTO and VP, Research & Development at Tripwire:

dwayne-melancon“We know that ‘hacktivists’ tend to look for high-profile targets, either to disrupt them or to spread the word about disagreement with a particular cause. In this case, the US presidential election fits the bill – it is a contentious race, and a lot of people are watching. What’s curious in this case is that, while there are a lot of attacks going on, the motivations are not as clear-cut, and certainly not all aligned.

Furthermore, the statements from the FBI are not particularly actionable, so it is difficult to see what benefit others will derive other than awareness, and possibly unsubstantiated fear. The FBI is talking about this but in a very general way, without giving clues as to what should be done about this, and by whom. It is akin to “bad things are happening in your neighborhood and it involves crime and suspicious people – you should be careful.” And more specifically, the FBI commentary is not as public as Clapper’s statements, but he mentions the FBI a lot in his conversations – they say they are educating the campaigns, so the answer may be that there is no action to be taken by anyone else – but that isn’t clear.

Since this has now been opened up to the public, I would like to see the advisories become more specific and more actionable in the near future.”

Tim Erlin, Director, Security and IT Risk Strategist Tripwire:

tim_erlin“Politics and cyber security are inextricably linked these days. As the political environment heats up for a big election, campaigns necessarily present a larger attack surface, and a big election presents new material for attackers to leverage.

Candidates should expect, and be prepared for, cyber attacks based on multiple motivations, from ideological to purely opportunistic.

When you have an outspoken candidate with a strong position, they necessarily garner extra attention, both good and bad, both in real life and online.

The increase in cyber attacks will involve more than targeting the candidates and their campaigns directly. The population in general should be on the lookout for attacks that leverage political candidates, but target the average consumer.”

Information Security Buzz