DNC breach raises questions on IT resources at political HQs
- By Sean Lyngaas
- Jun 14, 2016
Russian hackers have breached the Democratic National Committee's computer network, raising questions about the amount of IT resources political parties put into defending the data they so prize for understanding voters and attacking their opponents.
The hackers gained access to all of the DNC opposition research on presumptive Republican presidential nominee Donald Trump, The Washington Post reported. Some of the intruders had access to the DNC network for about a year, and they were so thoroughly ensconced there that they were able to read all email traffic, according to the report.
The DNC enlisted cybersecurity firm CrowdStrike to investigate and the firm said it expelled the hackers in a cleanup operation over the weekend.
DNC spokesman Luis Miranda declined to answer specific questions from FCW about the number of IT security personnel the committee has on staff, or on what security controls the committee had in place prior to calling CrowdStrike.
"The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with," Rep. Debbie Wasserman Schultz (D-Fla.), the DNC chairwoman, said in a statement.
"When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately," Wasserman Schultz said. “Our team moved as quickly as possible to kick out the intruders and secure our network."
In an interview, CrowdStrike CTO Dmitri Alperovitch said his firm was confident it had expelled the hackers from the DNC network, adding that CrowdStrike would continue to monitor the DNC network for the foreseeable future. The hackers' "interest in the U.S. election does not end with this incident" and will likely intensify, he said.
CrowdStrike said both of the hacking groups it identified on the DNC network operate in support of the Russian government. One of the groups was also behind previous network intrusions at the White House, State Department, and Joint Chiefs of Staff, the firm said.
Alperovitch would not comment on the nature of IT security controls that the DNC had in place prior to the breach, or whether the committee's public-facing internet connection had been isolated from its internal network.
Robert Bigman, former chief information security officer of the CIA, said he would have advised the DNC to have that basic segmentation in place from the day its network was configured.
It is not clear whether that was the case. Alperovitch said the hackers could have used spear phishing -- or innocuous-looking links or attachments that are laced with malware -- to infiltrate the DNC. In terms of the scope of the breach, the intruders had access to the entire DNC research staff's computers, according to the Post.
Bigman said that despite the sophistication of the Russian hackers, some basic security controls may have mitigated the damage of the breach. "I put the blame for this one squarely [on] the desk of the DNC," he told FCW.
This is familiar territory for both national parties: Hackers hit the computers of presidential candidates John McCain and Barack Obama in 2008. And IT security experts said it was all but certain that the Republican National Committee was in hackers’ crosshairs right now.
"The RNC should take a hard look at their own networks," said Brendan Conlon, who worked computer network operations at the National Security Agency for a decade. "It is highly unlikely that the adversaries are only targeting the DNC."
RNC spokesman Sean Spicer did not respond to requests for comment.
Asked if the DNC and RNC will ramp up their IT security resources in the wake of the breach, Jason Healey, a former White House cyber official, said: "Yes, absolutely. And yet they’ll still be vulnerable."
Rep. Jim Langevin (D-R.I.), who takes a keen interest in cyber issues, said he appreciated the DNC's transparency in disclosing the breach. "I hope the DNC is equally as transparent in discussing the risk modeling it has used and how it will change in light of the breach," Langevin said in a statement.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.