CNN reported that Russia was behind last year’s State Department and White House hacks.
Reaction from thought leaders in the cybersecurity industry
Dwayne Melancon, CTO, Tripwire (www.tripwire.com):
Once an attacker gets into your systems it can be notoriously difficult to get them out, particularly when your network and internal security controls allow the attacker to move around on your network without being noticed. That appears to be the case here, which could be the result of an outwardly-focused security approach. If you assume the enemy is ‘out there’ you stop noticing their activities when they get ‘in here.’
There are a few significant challenges in breaches like this. First, attribution is difficult. A savvy attacker can not only cover their tracks, they can often mislead you into believing someone else is behind the attacks. I hope the White House has strong evidence to claim Russian responsibility.
Additionally, many organizations lack a baseline understanding of what is ‘normal’ on their internal network and systems, making it difficult to tell which systems you can trust, which systems you can’t and – more importantly – how to stop the attack and prevent future compromises.
Tim Erlin, security and IT risk strategist, Tripwire (www.tripwire.com):
It seems clear that the recent Executive Order was, in part, born from events like the White House and State Department compromises. It remains unclear whether the news that these attacks have been attributed to Russia will result in an specific action as outlined in that Executive Order.
The information security industry is likely to be disappointed with the lack of details on how attribution was determined. There will no doubt be debate among experts.
We live in a world where commerce is interconnected globally, and the increasing visibility of cyber-attacks, along with nation-state attribution, will have a negative effect on business. If the U.S., Russia and China are facing off in cyberspace, it will be increasingly difficult for organizations to negotiate the political situation to get business done.
John Gunn, VP, VASCO Data Security (www.vasco.com):
It is not surprising that Russia has been identified as being the perpetrator in last year’s attack on U.S. government assets – you can be certain that the superpowers are going at each other all of the time – the surprising part is that that they got caught this time.
Richard Blech, CEO, Secure Channels (www.securechannels.com):
So the White House has been hacked. We are also worried about Russia AND China hacking the government. People are calling from other countries pretending to be someone else, (hacking humans). We are being sent links for ‘spear phishing’ and the Director of National Intelligence James Clapper’s answer is to advise government officials and private businesses to teach employees what ‘spear phishing’ looks like.
Countless conversations, millions of dollars in research, thousands of articles, hundreds of breaches and the best answer we have found is to ignore the technology and teach phishing classes.
All of the above would no longer be a news story or even a conversation, if the government and enterprises simply used strong encryption. Hackers are always going to get in, the data has to be encrypted when it is stolen, when removed the data will be useless. Or we can continue to treat real cybersecurity as an afterthought. The choice is ours, I will go with the encryption.
Ken Westin, senior security researcher, Tripwire (www.tripwire.com)
The intrusion into the unclassified State Department network was assumed to be Russian by many in the government and security community. As portions of the network were shut down for long periods of time for extensive security upgrades many speculated that the extent of the intrusion may have been more severe than originally thought. That the attackers were able to use that initial intrusion as a spearhead to gain access to the White House network is rather alarming, indicating a lack of network segmentation, or compromised credentials.
The new insights into the investigation with the US government implicating Russia would imply that there is strong evidence that the Russian government was involved. However, given the sensitive and confidential nature of US intelligence agencies methods only a few will have access to the actual evidence which may raise suspicions as to the accuracy and veracity of the accusation.
I do not think it is a coincidence that this comes on the heels of Obama declaring a national emergency and issuing an executive order regarding cyberthreats. Those investigating this intrusion may have additional evidence that implicates a specific group and the executive order may be used to go after those deemed responsible with sanctions and other tools at their disposal.
This is a good example of “it is not a matter of if but when,” but where we now must now also ask “for how long and how deep” a breach has occurred, as it is being revealed the hackers had access potentially for months even after initial detection and remediation attempts. The governments and businesses should take note that even networks we would expect to be impenetrable are still able to be compromised. A critical point not to miss regarding this intrusion is that it was detected and remediated, with the State Department taking a number of steps to increase their security posture and that classified systems appear to have not been compromised at this time.
About Tripwire
Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.For more information visit here www.tripwire.com
About vasco
VASCO is the world leader in providing Two-factor authentication and Electronic Signature solutions to financial institutions. More than half of the Top 100 global banks rely on VASCO solutions to enhance security, protect mobile applications, and meet regulatory requirements. VASCO also secures access to data and applications in the cloud, and provides tools for application developers to easily integrate security functions into their web-based and mobile applications. VASCO enables more than 10,000 customers in 100 countries to secure access, manage identities, verify transactions, and protect assets across financial, enterprise, E-commerce, government and healthcare markets. For more information, visit here vasco.com
About Secure Channels
Secure Channels Inc. is a cybersecurity firm leveraging robust, state-of-the-art patented encryption technologies and authentication solutions compatible with every type of data available today. Fostering innovative disruptive technologies while still being user defined has become a cornerstone for Secure Channels. The development of patented unique processes that harden encryption and envelop resources renders the data unbreakable and useless to the hacker leaving them with only bits and bytes. By using its Proximity Technologies and securing data through IoT Devices, Secure Channels will be delivering real time analytics, payment processing, and data collection to any mobile platform or device. Secure Channels provides impenetrable cybersecurity far in excess of any existing encryption systems available. For more information, visit here www.securechannels.com
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.