The Man Who Cried [Grizzly] Bear (previously known as the Boy Who Cried Wolf)

<opinion>

The Russians are coming, the Russians are coming.  The latest narrative from the White House and the media reads like a Hollywood drama with the threat of our entire infrastructure being overtaken by Vladimir Putin and his evil operatives.  Does anyone else find it suspicious that when 20+ million personnel records were exfiltrated from the Office of Personnel Management the rhetoric and nation-blaming was somewhat calm.  However, when e-mails from high-level political campaigns are exposed suddenly we are expelling “diplomats” and preparing to do whatever is necessary to rein in the nefarious cyber-bullies — aka Mother Russia.

I had the chance to peruse the report that was issued claiming the Russian civilian and military intelligence services (“RIS”) were behind the cyber attacks which were focused on the government and specifically the U.S. Presidential Election.

The report has some really interesting graphics and a lot of advice about preventing attacks along with a tiny little Yara signature that purports to demonstrate that the attack(s) originated from Russia (or RIS).  Furthermore, a joint statement from the Department of Homeland Security (“DHS”) and the Office of the Director of National Intelligence (“ODNI”) from October 7, claims that the motives and methods used to hack the e-mails of political organizations are consistent with Russian-directed cyber events.  After reading the report I was left wondering if anyone that writes these ever worked in the technology sector or has had any experience in counterintelligence.

Having some experience myself, I would just note that if I need to perform something programmatically and someone else has already written the code I need and it is modular enough to allow ease-of-use with minor tweaking, I am absolutely going to use that (assuming of course that it is open-source or if in-house part of my code repository).  The logic of the analysis seems to be that RIS writes code and it always has comments in Russian (I mean that makes perfect sense, if I am going to write code to infiltrate a foreign government step 1 is to use my native language …) and it comes from IP address ranges known to be from, or used by RIS thus the hacking must have been performed by RIS  — seriously?  How about Tor and VPN, if the theory is that only a nation-state has the expertise to perform something as complex as getting John Podesta to click on an phishing e-mail then wouldn’t that same super-smart nation-state have the ability to obfuscate both the code used as well as the geolocation from which the attack was initiated?  Apparently not, the RIS re-uses their old code with comments written in Russian and has a limited number of IP addresses from which attacks can be launched and voila — we have our culprits.

To be fair, Hollywood also must take some responsibility here.  If you watch television or movies you see how easy it is to “trace” a hacker back to their actual location irrespective of the number of hops or whether they are using the Tor network or any number of covert techniques.  Attribution however is a puzzle which to this day remains unsolved.  Consequently, while it may fit the motives and the methods of the RIS it seems ludicrous to assert Russian involvement and the resulting expulsion of 35 diplomats based on the scant evidence that has thus far been doled out to the public.

What to do?  Unlike the report states, moving to a “more complex” password is just a delay tactic and won’t matter if you are ignorant and fall prey to a phishing attack.  Multi-factor authentication is a good start but the weakest element in cybersecurity continues to be the human.  So long as users are ignorant and unaware of proper cybersecurity hygiene we will continue to see successful attacks, be it from Mother Russia or the kid next door.

Of course the next question becomes, what happens when the US/Israeli Stuxnet (allegedly US/Israeli code) code starts showing up in other countries and is used for nefarious purposes? Does that mean our diplomats are going to be expelled since the theory seems to be if the code is ours then surely we must be the ones using it, right?  Apparently the moral of the story is borrow code from other Nations so the tricky intelligence community will never figure out who is really doing all this hacking.

Share:

Tags: , , ,

Leave a Reply

You must be logged in to post a comment.

Authors

Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Christopher w. FolkChristopher W. Folk

is a second year student at SU College of Law. Christopher is a non-traditional student, returning to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering and in addition to being a full-time student, Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Ryan D. White

Ryan D. WhiteRyan is currently a second year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic.Full biography

Anna Maria Castillo

is a third year law student at Syracuse College of Law. She is also pursuing a Master of Arts in International Relations at Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She currently serves as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a third year student at Syracuse College of Law. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She is a member of the Syracuse National Trial Team and was recently awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She has served as a law clerk in the United States Attorney's Office for the Western District of New York and the Public Defender Service for the District of Columbia and as an extern in the United States District Court for the Western District of Washington. Full biography

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography

Categories