DNC Hack Serves As Cautionary Tale For IT Pros - InformationWeek
IoT
IoT
Government // Cybersecurity
News
7/26/2016
09:06 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

DNC Hack Serves As Cautionary Tale For IT Pros

Following the high-profile hack of the Democratic National Committee's computer system, cyber-security experts emphasize the importance of secure email correspondence.

10 Hot SaaS Security Startups To Watch
10 Hot SaaS Security Startups To Watch
(Click image for larger view and slideshow.)

The FBI is currently investigating a hack that surfaced the contents of email from the Democratic National Committee (DNC).

About 20,000 email messages were leaked late last week, highlighting officials' favor towards Hillary Clinton and throwing the party into disarray ahead of its 2016 Democratic National Convention. Chairwoman Debbie Wasserman Schultz will resign as a result.

The messages, which were published on WikiLeaks, did not shed any light on who was behind the breach. Clinton's campaign says it believes Russia conducted the hack to benefit Donald Trump, and sources close to the matter claim Russian hackers gained access to the DNC's system.

[Read: Snowden Designs iPhone Add-On to Thwart Surveillance]

"A compromise of this nature is something we take very seriously, and the FBI will continue to investigate and hold accountable those who pose a threat in cyberspace," wrote the FBI in a statement, as reported by a number of news outlets.

Regardless of who the FBI finds guilty, this politically charged attack carries a few key lessons for IT pros. If the DNC is vulnerable to having their sensitive content breached and published, your organization could also be at risk.

The Experts Caution Organizations

Following the breach and publication of DNC emails, cyber-security industry experts spoke out about the importance of protecting sensitive data, maintaining email best practices, and having the right response prepared for when an attack takes place.

"This situation demonstrates that all data has value to someone -- even if it's not commercial data," said Mark Kraynak, SVP and general manager of enterprise solutions at Imperva, in an email. Kraynak explained how an attacker may value data more than its owner, at least until the information is compromised.

"Situations like this are a great reminder of the need for all organizations to ensure the security of their data and that they have appropriate response mechanisms in place for the inevitable attack," he continued.

Some security pros say they believe sophisticated hackers will always be one step ahead of the businesses they plan to attack. Brad Taylor, CEO at Proficio, noted a popular lesson within the security space -- once an experienced attacker is on your network, he or she can complete a breach in less than 30 minutes and maintain a presence for over 250 days without being detected.

"Security controls of any organization will never be capable of keeping out a determined adversary," Taylor cautioned. "Like water coming through a screen door on a submarine, they will find a way into any network."

Travis Smith, security researcher with Tripwire, says he expects it will be found that the DNC hack originally started with a phishing email. "Why knock down the wall if you can be welcomed in through the front door?" he asked.

(Image: Outline205/iStockphoto)

(Image: Outline205/iStockphoto)

"Phishing, spear-phishing, and whaling continue to be the dominant entry point for attackers, as humans are often the weakest link in an organization's security architecture," Smith explained.

Employees should be cognizant of suspicious email and of how they act online, cautioned Lamar Bailey, senior director of security R&D for Tripwire.

"We do not know the source of this leak," Bailey noted in an email to InformationWeek. "It could have been a hack, weak password, misconfiguration, or even an inside job. Regardless, the same things can happen to any business."

In terms of key lessons IT and security managers can take from these hacks, Bailey emphasized that data needs to be classified, and proprietary or confidential information should be treated with extra precautions.

While the 2016 presidential election has made political candidates like Clinton and Trump prime targets for cyberattacks, organized cyber-criminals have the potential to infiltrate any organization they have on their radar. Is your business protected?

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
8/30/2016 | 10:08:57 PM
Re: Who Hacked the DNC?
@vnewman: Or, if you're Snowden, a place to hide out.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
8/30/2016 | 10:08:17 PM
Re: Who Hacked the DNC?
tl;dr: Sounds like it's a matter of picking between government conspiracies and corporate conspiracies.  ;)
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
8/25/2016 | 2:11:03 PM
Re: Who Hacked the DNC?
@Joe - I'm just disappointed that we need the Russians to do our political dirty work for us :)
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
8/25/2016 | 12:47:48 PM
Re: Who Hacked the DNC?
I hear you @Joe - I just find it funny and cliche when the Russians get blamed for things (even if, in this case, they are the culprits).  There's a song by "The Call" called "The Walls Came Down" that keeps coming to mind:

I don't think there are any Russians
And there ain't no Yanks
Just corporate criminals
Playin' with tanks

Michael Been said this about "The Walls Came Down":

"There was a great deal happening politically - Grenada, Lebanon, or the government saying the Russians are evil and the Russian government probably saying the same about us. That kind of thinking inspired me to write the last lines of 'Walls Came Down'."
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
8/24/2016 | 9:00:14 PM
Re: Who Hacked the DNC?
@vnewman2: One interpretation that I think is a valid one (as far as any speculation goes) is that certain pundits believe that a HRC administration bears a non-negligible risk of creating or exacerbating a "Cold War II" with Russia, whereas Trump has demonstrated a favorable attitude toward Putin and Russia's leadership -- and, accordingly, if Russian powers-that-be see it that way too, they may have acted such to advance their diplomatic interests.

That said, security expert Bruce Schneier has noted that if it was Russia (who is the most likely suspect at this point), in leaking these emails they're broadcasting to the Obama Administration that they have a wealth of emails and other information going back to 2013 -- and therefore are implicitly "threatening" that if the Administration sanctions them, there will be retaliation in the form of more leaks and revelations of yet more damaging information.


vnewman2
50%
50%
vnewman2,
User Rank: Ninja
8/23/2016 | 12:22:00 PM
Re: Who Hacked the DNC?
Time will tell...regardless of what happened, "Russia conducted the hack to benefit Donald Trump."  Really?!

I'd believe that only if said Russian was an immigrant who worked at the DNC!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
8/23/2016 | 10:44:09 AM
Re: Who Hacked the DNC?
To be fair, more has been done with less -- particularly where nation-state-backed hackers are concerned.

And those who associate with Hillary Clinton have been subjected to hacks before with no "inside help."

My only point: Could have been an insider, but it could also not have been.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
8/15/2016 | 12:00:38 PM
Re: Who Hacked the DNC?
C'mon now, there is no way this happened without a little insider help.  Just no way!  It stinks of a disenchanted minion with a wealth of tasty information at their fingertips.
Michelle
50%
50%
Michelle,
User Rank: Ninja
8/13/2016 | 11:33:49 PM
Re: email matters
@Joe thanks for the additional info and link. I sometimes feel bad for the folks who must choose one bad over another. 
Faye___Kane
50%
50%
Faye___Kane,
User Rank: Strategist
8/1/2016 | 2:36:19 PM
Re: Who Hacked the DNC?
I was using Exchange as an example because its so widely used.
Page 1 / 3   >   >>
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll