Security Central: DNC Watergate Flashbacks and More, Week of June 17

This week, the U.S. Armed Forces gave us more of a peek into some of the nation’s offensive cyberwar tactics. The particulars on these strategies have historically been kept cloaked and tightly guarded, but as details continue to emerge, experts have speculated that one of the most common cyber tactics likely used by the U.S. government is hacker baiting. Described by Fortune as a sort of terrorist catfishing project, this method is designed to essentially lead enemies on a wild goose chase, or directly into an ambush. Hackers break into the accounts of foreign military leaders, mimic their personas and plant fabricated/false information, causing those on the receiving end to execute unnecessary, time-wasting tasks or perhaps be led into potential traps.

It’s almost no secret that cyber warfare strategy has been going on behind the scenes for a while, but it wasn’t until earlier this year that Secretary of Defense Ashton Carter released the first official details about these efforts. Even then, the specifics have remained vague. However, due to mounting universal pressure to eradicate terrorist organizations such as ISIS (also known as ISIL), the curtain is being pulled back more and more on the military’s tactics and procedures surrounding digital deception and network sabotage.

The U.S. armed forces aren’t the only ones fighting digital battles. Silicon Valley and the Pentagon may work well together, but the tech hub and domestic law enforcement just can’t seem to get along. Last Thursday, Manhattan District Attorney Cy Vance called out Apple and Google at a Bloomberg legal summit for holding up over a thousand criminal cases due to their strict phone encryption policies, an issue that both tech giants have refused to budge on. Vance criticized the two companies, saying that they have chosen to “engineer themselves out of criminal investigations,” and cleared the path for cyber-criminals to operate freely without fear of retribution.

“In my office alone, we now have 270 lawfully-seized iPhones running iOS 8 or 9 that are completely inaccessible,” said Vance at the summit. “These devices represent hundreds of real crimes… that cannot be fully investigated, including cases of homicide, child sex abuse, human trafficking, assault, robbery, and yes—cybercrime and identity theft.”

Vance made a plea to Congress, emphasizing law enforcement’s mounting concern regarding the large number of stalled cases, and the growing need for agencies to be able to access Google and Apple devices. Adding further ammunition to his argument, Vance stated that the two tech companies have failed to produce proper evidence “backed up by data” and concrete reasoning as to why allowing access to the encrypted devices would compromise security. In this ongoing battle between Silicon Valley and law enforcement agencies, Vance’s comments may spark a renewed vigor toward reaching a resolution on this matter. If you remember, the first quarter of this year was dominated by the ‘FBI vs. Apple’ case. Clearly, we haven’t heard the last of this.

Nearly half a century after The Washington Post exposed the details of the break-in at the Democratic National Committee’s headquarters at Watergate, it reported Tuesday that the DNC is experiencing some déjà vu. According to DNC officials and security experts, Russian government hackers breached its computer network and gained entry to the whole database, gaining access to emails, chat traffic and opposition research on presidential candidate Donald Trump. The discovery was made over the weekend during a major computer cleanup campaign, and the hackers were immediately ejected, but DNC experts say that some of the hackers likely had access to the DNC network for over a year. This isn’t the first time American political organizations have been targeted. According to The Post article, these intrusions and others like them are examples of Russia’s ongoing strategy to gain insight into the U.S. political system, our leaders, our policies and the strengths and weaknesses of our potential future president – a practice from which America itself is not exempt.

To close out this week, it’s worth mentioning that there are new and developing tactics out there designed to preempt targeted digital and phishing attacks and breaches. Area 1 Security, a computer security start-up, has piqued industry interest by offering insights and solutions designed to successfully block attackers before they reach their intended targets – sometimes days, or even months beforehand. Aimed at the owners and operators of computer servers that have been compromised cyber criminals, the Area 1 team taps into these servers to observe the attackers’ actions and behaviors. This provides valuable visibility into who is being targeted, why and what tools the hackers are using. According to an article by The New York Times, Area 1 Security Founder Oren Falkowitz, “aims to eventually end phishing attacks altogether.”

Wouldn’t that be something?