An Open Letter to President-Elect Trump from the Internet Security Community.
Dear President-Elect Trump,
You’ve campaigned to “Make America Great Again”. We believe, as does most of our citizenry, that America’s security underpins everything we do and our greatness cannot endure unless we are secure. But we are not secure, as highlighted by recent attacks on the Democratic National Committee (DNC), the Joint Chiefs of Staff, the Democratic Congressional Campaign Committee (DCCC), and nearly all Democrats in the House of Representatives.
There is ample evidence that these attacks originated in Russia through the Russian service provider Yandex. The phishing attack targeting John Podesta originated from Russian mail servers and it was part of a campaign for which a majority of messages originated in Russia. We know that the attack was very expertly designed and executed, exhibiting a far greater sophistication than a conventional cybercriminal. It is evident that the source of the attack was Russia and it would be a grave mistake to go on refusing to accept the threat for what it is.
Here are some sources from recognized cybersecurity experts that provide evidence that the attacks originated from Russia:
- The Agari analysis of the the Podesta phishing email.
- The SecureWorks analysis of the Podesta phishing email.
- The Symantec analysis of the Podesta phishing email, and of other attacks on the Democratic party.
This is not the first time Russia mounts a cyberattack on a political enemy. In 2007, Estonia’s Internet was brought to its knees days after a dispute between Estonia and Russia about a war monument. In 2008, days before Russian troops attacked neighboring Georgia, the Georgian Internet was attacked. Last year, during conflict between Russia and Ukraine, the Ukrainian power grid was taken down by cyberattack. Germany currently fears that its election will be hacked, after recent cyber attacks on its infrastructure. Moreover, it is well understood by security professionals that much of the economic crime that plagues the Internet has its origin in Russia and former Soviet states. We must not trivialize this threat or turn a blind eye to what it means, or we will come to regret doing so.
America’s greatness will come from its citizens. And we have among our population the world-renown cybersecurity experts both in the private sector and in our intelligence community that work hard every day to keep us secure. But if we are to succeed, we need your support. The entire security community has concluded unanimously that the DNC attacks originated from Russian-sponsored actors. The evidence has been published, and there is no controversy. The FBI supports this view. The CIA supports this view. And all citizens depend on these insights not to be neglected or marginalized for political purposes.
We implore you to:
- Leverage and lead your experts on this and other matters of national security.
- Do not let politics and biases erode our security.
- Support a full and thorough investigation by a bi-partisan committee of United States Senators..
- Make it a priority your first 100 days to secure email communications by following the lead of other countries like the United Kingdom and Australia who have mandated that all government email is authenticated (using the open standard DMARC)