Russia Hacking Considerations
by Matt James
Editor’s Note: This article first appeared in The Havok Journal in August 2017. Given what’s going on in our country right now, it seems appropriate to republish it.
The media’s craze surrounding possible Russian interference with the U.S. election through hacking isn’t going away anytime soon. Though the hype is primarily political, it’s important to separate fact from fantasy.
Tangibly, the overarching processes that corporations and nation-states use to gain advantage over a competitor or adversary are quite common. It’s important to evaluate how these attacks are used in the world today. The two main vectors used to attempt to exploit our election were Spear-Phishing and Spoofing.
Spear-phishing targets select groups of people that share common traits. In the event of the Russian hack, the Russian General Staff Main Intelligence Directorate, or GRU, and affiliated non-governmental organizations (companies, organizations, or individuals loyal to Russia), sent phishing emails to members of local U.S. governments, and the companies that developed the voting-registration systems.
Their intent was to establish a foothold on a victim’s computer, so as to perpetrate further exploitation. The end-result of that exploitation could allow manipulation and exfiltration of records, the establishment of a permanent connection to the computer, or to pivot to other internal systems.
Spoofing is an act in which one person or program successfully masquerades as another by falsifying data, thus gaining an illicit benefit. Most people understand spoofing in terms of email, whereby an attacker spoofs, or mimics, a legitimate email in order to solicit information, or deploy an exploit.
As it relates to the Russian situation, spoofing a computer’s internet protocol (IP) address, system name, and more, could have allowed a successful spear-phisher to bypass defenses and pivot to other internal systems. This kind of act is so trivial, some techniques are taught in basic hacking courses.
Ignore the Hype
What we know from reporting, as backed by unauthorized disclosures, is that defense mechanisms appear to have caught each of the spear-phishing and spoof attempts. Simply put, there is no information to suggest Russia had success.
For political reasons, politicians have worked hard to make this a major talking-point. However, these same politicos cannot speak in absolutes, because there simply wasn’t a successful breach—let alone one able to compromise the integrity of our national election.
One piece of information to note: these attacks are some of the most common seen in the cyber world. There is nothing revolutionary about these vectors, or how they are employed against government, commercial, and financial targets. This isn’t to suggest it is a moral or acceptable practice, rather the reality of life in the Information Age.
I would be remiss if I didn’t make a note about the way Hollywood (and media in general) portrays hacking in a way that is mystical and comical. The portrayals only serve to conflate an issue that is easily managed with thoughtful consideration and implementation of best-practices.
This is why we can’t have nice things.
Matt James (CISSP, CPT, CEH, CDNA, Security+) has more than 15 years of experience in cyber security and information technology. He has lead and performed numerous red-team activities against the public and private sector, as well as major Fortune 500 corporations and federal agencies. Matt lives in the Washington, D.C. area after being medically retired from the U.S. Army for wounds received during combat operations in Iraq in 2005.