Over the weekend, WikiLeaks published more than 19,000 leaked emails between top members of the Democratic National Committee. The emails mostly covered routine campaign business , but a few discussed Bernie Sanders faith and his run for president, and provoked accusations that the DNC favored Hillary Clinton in this year’s presidential primary race.
DNC chair Debbie Wasserman Schultz stepped down over the weekend as a result of the email leak and declined to kickoff the Democratic National Convention in Philadelphia Monday . The FBI is now investigating the leaked emails , and the Clinton campaign said Russian groups trying to help Donald Trump get elected are responsible for the attack.
Corey Nachreiner , CTO at WatchGuard Technologies and a regular contributor to GeekWire , discussed how this hack went down and ifit could have been prevented.
Corey Nachreiner
On how hackers got into the DNC system: No one has confirmed exactly how attackers got malware into the DNC systems yet. However, they have analyzed two malware samples they found, and attributed those samples to two alleged Russian hacking groups. They also know that at least one of these groups is known for delivering malware via spear phishing.
On the sophistication of spear phishing versus a regular phishing attack:As you may know, phishing is an attack where criminals try to bait you into sharing confidential information, typically by sending you an email that links to a seemingly legitimate looking website, such as an online banking site. In reality, the site is a fake, and the attacker is hoping you enter your credentials so they can be stolen. Phishing emails are typically easy for victims to recognize since they go out to many victims at once, and they tend to included many recognizable attributes that help identify them as illegitimate.
Spear phishing also involves sending emails that try to lure usersto do something they shouldn’t, but the key difference is that messages target a particular user or group of users. Spear phishers learn about their victims ― through social networks, corporate web sites, and other public resources ― before crafting very specific emails targeted at that particular user or group. As a result, it’s much harder to identify a spear phishing email as bad, since the email appears similar to many other emails you receive, and usually seems to have something to do with your job. Typically, the goal of spear phishing is to get a victim to interact with a malicious document, or to visit a malicious web site, in hopes of infecting that user with malware. One of the threat actors associated with the malware used in the DNC attack has been known to use spear phishing to get victims to visit a malicious drive-by download website.
How the DNC could have avoided such an attack: Without all the details, it’s hard to say for sure what the DNC could have done to prevent this attack. However, in general, the best way to defend yourself online is to layer many different security controls together that can block different parts of a hacker’s attack chain. You need web security controls that can keep users from bad sites, intrusion prevention services that can identify and block network attacks, email security controls that can strip bad stuff from emails, and advanced threat protection products that can help identify even the most evasive malware. You also need to segment your internal network, and use all these security controls internally as well. However, even with all kinds of security technology, attackers can still get into your network if they can trick users to do something they shouldn’t. That’s why awareness training needs to be a core part of security strategy. Make it a priority to train users on how to recognize malicious emails, and provide them with strategies to avoid spear phishing emails that can be harder to detect. Otherwise, a simple user error could circumvent the entire security program that you worked so carefully to construct.