Cybersecurity

DNC breach raises questions on IT resources at political HQs

Shutterstock image (by adhike): hacker over a screen with binary code.

Russian hackers have breached the Democratic National Committee's computer network, raising questions about the amount of IT resources political parties put into defending the data they so prize for understanding voters and attacking their opponents.

The hackers gained access to all of the DNC opposition research on presumptive Republican presidential nominee Donald Trump, The Washington Post reported. Some of the intruders had access to the DNC network for about a year, and they were so thoroughly ensconced there that they were able to read all email traffic, according to the report.

The DNC enlisted cybersecurity firm CrowdStrike to investigate and the firm said it expelled the hackers in a cleanup operation over the weekend.

DNC spokesman Luis Miranda declined to answer specific questions from FCW about the number of IT security personnel the committee has on staff, or on what security controls the committee had in place prior to calling CrowdStrike.

"The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with," Rep. Debbie Wasserman Schultz (D-Fla.), the DNC chairwoman, said in a statement.

"When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately," Wasserman Schultz said. “Our team moved as quickly as possible to kick out the intruders and secure our network."

In an interview, CrowdStrike CTO Dmitri Alperovitch said his firm was confident it had expelled the hackers from the DNC network, adding that CrowdStrike would continue to monitor the DNC network for the foreseeable future. The hackers' "interest in the U.S. election does not end with this incident" and will likely intensify, he said.

CrowdStrike said both of the hacking groups it identified on the DNC network operate in support of the Russian government. One of the groups was also behind previous network intrusions at the White House, State Department, and Joint Chiefs of Staff, the firm said.

Alperovitch would not comment on the nature of IT security controls that the DNC had in place prior to the breach, or whether the committee's public-facing internet connection had been isolated from its internal network.

Robert Bigman, former chief information security officer of the CIA, said he would have advised the DNC to have that basic segmentation in place from the day its network was configured.

It is not clear whether that was the case. Alperovitch said the hackers could have used spear phishing -- or innocuous-looking links or attachments that are laced with malware -- to infiltrate the DNC. In terms of the scope of the breach, the intruders had access to the entire DNC research staff's computers, according to the Post.

Bigman said that despite the sophistication of the Russian hackers, some basic security controls may have mitigated the damage of the breach. "I put the blame for this one squarely [on] the desk of the DNC," he told FCW. 

This is familiar territory for both national parties: Hackers hit the computers of presidential candidates John McCain and Barack Obama in 2008. And IT security experts said it was all but certain that the Republican National Committee was in hackers’ crosshairs right now.

"The RNC should take a hard look at their own networks," said Brendan Conlon, who worked computer network operations at the National Security Agency for a decade. "It is highly unlikely that the adversaries are only targeting the DNC."

RNC spokesman Sean Spicer did not respond to requests for comment.

Asked if the DNC and RNC will ramp up their IT security resources in the wake of the breach, Jason Healey, a former White House cyber official, said: "Yes, absolutely. And yet they’ll still be vulnerable."

Rep. Jim Langevin (D-R.I.), who takes a keen interest in cyber issues, said he appreciated the DNC's transparency in disclosing the breach. "I hope the DNC is equally as transparent in discussing the risk modeling it has used and how it will change in light of the breach," Langevin said in a statement.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Wed, Jun 15, 2016

why has no one asked the questions of why with all its resources the DNC could not keep the hackers out but they are so sure that their nominee's personal server using only a part-time IT administrator was able to keep them at bay...?

Wed, Jun 15, 2016

Why do we keep asking if budgets are up to the task? Here's another headline: Bomb blast. Investigators on scene to check for damage. Isn't it obvious? The budget was not enough or people were inept or there was no way they stop the breach or a combination of the three. What is more interesting to me is what happens when upper management stops believing the it department?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group