Back to
What can we learn from the alleged Russian hacking in the 2016 U.S. presidential election to help defend businesses from cyber-attacks?

What can we learn from the alleged Russian hacking in the 2016 U.S. presidential election to help defend businesses from cyber-attacks?

Published on 07/10/2018

Russia's attempt to sabotage the 2016 US presidential election shows how dangerous even stock-standard computer hacking techniques can be. Those hacking tools aren't limited to politics – businesses are also at risk from similar attacks.

The United States indicted twelve Russian military intelligence officers for hacking networks associated with Hillary Clinton's 2016 U.S. presidential campaign campaign for the presidency, which Donald Trump narrowly won.

Russian government hackers implanted hundreds of malware, or malicious software, files on Democrats' computer systems to steal over 100,000 documents.

The Grand Jury indictment lays out, in step-by-step detail, just how a state actor, namely, Russia, with all of its technical resources, allegedly used computer hacking techniques to steal information.

Did the Russian spies use sophisticated hacking techniques? Surprisingly, no. The hacking techniques used were stock-standard, in general. That is what makes the Russian hacking so relevant to business leaders.

The Russian spies began by using a very simple, well-known and effective method called "spear-phishing" to get users' passwords.

Spear-phishing is dangerously simple and refers to emails sent to members of a target organisation. The emails look perfectly legitimate and usually include a request to change a password.

The Russians sent an email to a user that looked exactly like a security notification from Google, a hacking technique known as "spoofing", which instructed the user to change his or her password by clicking on the link.

Those instructions were followed, the innocent email user revealed the password, and the Russian hackers gained access to the computer system.

Once inside, the Russians sent an email with just one character changed on an internal user's email, which revealed more critical information.

After the computers were hacked, "key logging" spyware was installed which enabled the Russians to record every keystroke the user made, and capture additional passwords. Key logging is a well-established hacking technique.

How did the FBI discover such clear facts about the Russian hacking? The technical details show that the U.S. government has some remarkable capabilities.

The indictment provides a meticulous list identifying the specific Russian military officers involved and which officers did what and when.

The indictment reflects an impressive counterintelligence operation by the U.S. government against the Russian government.

Could hacking of this nature happen in New Zealand? Absolutely. Hackers from around the world are continually attacking New Zealand computer networks.

The motivation is usually commercial. Hackers may try to steal customer lists and trade secrets or seek "ransomware" gains. Ransomware is malware designed to encrypt data files and hold them "hostage" until the victim pays a "ransom" for the decryption key.

The main lesson we can learn from the Russian cyber-attack is a reminder that humans are usually the weakest link in any computer security chain. Computer users, as curious or incautious humans, will usually pose the greatest threat.

Hackers employ common "social engineering" techniques, which includes "phishing" with fake emails or by calling insiders and fooling them into believing they are talking to a fellow employee to extract critical security information.

Users' lack of care or awareness of the potential implications of clicking on unknown links or downloading unknown files is a perennial security risk.

To be fair, however, many spear-phishing emails appear to be authentic, so it is tough to manage this vulnerability. User education and constant vigilance are key. Regular internal "drills", which simulate spear-phishing attacks, help to educate users and identify weak spots.

It is also essential to apply the most important operating system security "patches", or updates, soon after they become available. Current antivirus protection is useful, but it is not 100% effective.

Cyber-security insurance is affordable to cover losses from a cyber-attack, although this is more in the nature of an ambulance at the bottom of the cliff.

All of the lessons we have learned about protecting computers against hacking apply to businesses of all sizes. Cyber-attacks will continue, simply because they work.

Business leaders must become familiar with, and continually educate their users about, the risks they face by carelessly clicking on unknown links or being duped by social engineering.

as seen in the Herald, 07 October 2018