Again with Russia? Don’t bank on lowering your cyber security antennae even for a second ever again. For new evidence, we have two eye-openers to add to the Russia stockpile that has already become the digital cold war. (“They hit us, we hit them back.”) And, we also have a third entry, perhaps more hopeful.
Item 1: In 2015, a National Security Agency (NSA) insider reportedly snuck classified material out from the agency’s network and stored it on an unsecured personal computer. The data was subsequently lifted by Russia-backed cyber attackers possibly by exploiting flaws in Moscow-based, security provider Kaspersky’s software to identify files. (Via the Wall Street Journal, Washington Post)
Item 2: White House chief of staff John Kelly’s personal cell phone appears to have been infiltrated, maybe as long as a year ago. Could foreign governments (Russia again?) have lifted data from the device while Kelly was secretary of Homeland Security? (via Politico)
Item 3: Both the Democratic and Republican national committees (DNC, RNC) are said to be gearing up cyber security defenses to ward off attacks against future elections.
Kaspersky Lab: Guilty Accomplice or Innocent Bystander?
More on Item 1: This is potentially big trouble for Kaspersky Lab, which is already in hot water in the U.S. made worse by heightened cyber security tensions in Washington. In September, the Senate rubber-stamped legislation to ban the company’s products from federal networks, citing national security concerns.
As expected, Kaspersky has denied those allegations and any suggested connection with this latest incident. And, to be fair even if a bug in its software gave these hackers wiggle room, so far no one’s hinting or claiming that Kaspersky was in cahoots with the thieves. Still, there’s the impression there’s fire with this smoke — the company may never be the same.
The far bigger deal: This is the third time sensitive material has been pick-pocketed out of the NSA, counting the high profile 2013 leaks of classified spying information by contractor Edward Snowden and the less publicized case against NSA contractor Harold Martin, who has been charged with taking 50 terabytes of confidential material on an elite NSA hacking team home with him.
And that’s not even counting the Shadow Brokers, which has leaked stolen NSA exploits and hacking tools targeting mail servers, routers, the SWIFT banking network and Microsoft’s Windows.
More on Item 2: Last summer, Kelly told White House tech support that his personal call phone hadn’t worked properly for months. (The chief of staff switched to a government-supplied handset when he joined the Trump administration). At this point, it’s not clear when Kelly’s device was compromised (or even if it was) and what information may have been heisted. So far, White House staffers haven’t been able to find answers to either of those questions.
The “when” and “what” of Kelly’s cell phone malfunctions are important but it would be most telling if we knew “who” did it and if any fingers are pointing at Russian mobile hackers.
Voting for Change
More on Item 3: It’s not surprising that alleged Russian interference in the 2016 presidential election would prompt both political committees to fund more cyber security initiatives. But based on history there’s no telling how each might respond. Nevertheless, the early signs are encouraging, with both the DNC and RNC leaning toward what nearly every security specialist advises — train and educate staffers on threat awareness.
Following last year’s high-profile attack into the DNC’s email system, new committee Tom Perez has hired Raffi Krikorian, a former Uber executive, to lead its security drive, The Hill reported. One of Krikorian’s first moves was to instruct all DNC staffers to use the secure messaging app Signal instead of text messages and he may also be lining up cyber security training as well, the report said.
On the other side of the aisle, RNC technicians have been training staffers to recognize phishing attacks and putting in place security protocols such as two-factor authentication.