The DNC HAS Been Hacked - How Did it Happen and What Lessons Can We Learn from It?

34ccfc75772c853410d9_355e48e909f9a018d94e_carousel_image_153e39b1eeea20cd02a7_dnc4.jpg
34ccfc75772c853410d9_355e48e909f9a018d94e_carousel_image_153e39b1eeea20cd02a7_dnc4.jpg
EAST BRUNSWICK, NJ -  The security compromise and recent leak of thousands of Democratic National Committee (DNC) electronic messages should serve as the latest reminder of how terribly exposed our digital lives leave us and our private information. If a large, well-funded organization as powerful as the DNC cannot protect its sensitive communications, how can any of us ever expect to protect our own communications and personal data?
 
What Was Hacked?
An extensive file containing sensitive information about Republican Presidential Candidate Donald Trump was hacked from a DNC network server and subsequently posted publicly on the internet on June 15. The information first appeared on the anti-secrecy website WikiLeaks. The hack of the DNC server was quickly attributed by law enforcement to what appears to be foreign state-sponsored hackers connected to Russian intelligence. Among other things, the files exposed the DNC’s non-neutral preference (and potentially biased activity in support of it) for Hillary Clinton to win the Democratic Presidential nomination over Progressive Democratic candidate Bernie Sanders.
 
The leaked file included internal DNC emails, text messages and a 200-page book of opposition research assembled about Trump. The sensitivity of the information as well as the timing of the leak has resulted in what some are describing as a rough start to the Democratic National Convention in Philadelphia. The compromise has already resulted in the resignation of DNC Party Chairwoman Debbie Wasserman Schultz. It has also reignited the fire and criticism from Sanders supporters during a period when the Democratic party was hoping to unify all of its constituents.
 
 
How Does a Security Compromise Like this Happen?
Organizations including the RNC and the DNC have invested heavily in the latest security technologies with the goal of securing their computing networks and connected devices. They’ve also developed, documented and implemented policies and procedures that help them to operate securely and meet legal and regulatory requirements. Yet losses to security breaches for these same organizations continue to occur. This is almost always the result of a lack of security savvy among the organization’s Internet-connected users. All too often security breaches like the one at the DNC are caused by users doing something that they shouldn’t do such as clicking a malicious link in an email message, opening an infected email attachment or visiting a website that is tainted with malware.
 
 
What Kind of Cyber Attack Was This?
Almost all legitimate sources say that the DNC hack was likely the result of a Phishing exploit. Phishing exploits attempt to acquire sensitive information such as usernames, passwords, credit card details, money or intellectual property by simulating a trustworthy source in electronic communication. Communications pretending to be from popular social media sites, email platforms, banks, payment processors, IT administrators and other trusted sources commonly are used to lure victims. Phishing emails often contain links to websites that are infected with malware. Phishing attacks often direct users to enter user names and passwords at fake websites whose look and feel are almost identical to the legitimate one they are mimicking. Phishing is just one type of social engineering technique used to deceive users, but it remains among the most dominant and effective attacks being used by cyber-criminals today.
 
How can the Average Person Avoid Falling Victim to a Similar Attack?
The only way to stay protected from these type of threats is to exercise good judgement and extreme vigilance when it comes to internet use. Security implications should always be considered when doing any kind of computing. Be skeptical of every email, text and instant message that you receive. Examine them carefully to verify the legitimacy of the source. Examine URL’s to ensure they are not malicious spoofs. This thinking needs to be applied when using any type of connection and every device.. at work, at home and when out and about as well. Here are a few additional tips worthy of consideration:
 
- Regularly update software;
 
- Be skeptical of every email, text and instant message;
 
- Use 2 factor authentication whenever it is available;

 
- Use encryption whenever possible;
 
- Connect on trusted, secure networks only;
 
- Use lock-out schemes when devices are idle;
 
- Selectively choose applications and terminate permissions for applications not used; and
 
- Avoid losing devices by keeping them close.
 
Education is equally important, Because of this, parents and older siblings of children should teach kids about acceptable usage and cyber-security threats when they are first learning to access and use the internet. Children are smart and a little coaching will position them to properly recognize and avoid cyber-threats.
 
Prior to the existence of the internet, criminals had to physically spy on or attack their prey, break and enter, intercept mail or dig through garbage to steal personally identifiable information and communications. . Now that most of society’s information is available and exchanged with the ease of a click online, criminals leverage the internet to steal communications, account credentials, money, identities, sensitive intellectual property and private data. Today, cyber-criminals can anonymously deliver their attacks anonymously with a basic computer and internet connection right from the comfort of their own homes or from anywhere else in the world. They’re also able to attack hundreds, if not thousands, of potential victims at a time with the simple click of a mouse.
 
I saw a recent interview with James Comey, the current FBI director, that really resonated with me. He said that people should treat their e-mail box like they treat their home. If somebody knocked on your door at 2 in the morning, you wouldn’t just open the door and let them in. You would ask who it is, look out the window and try to vet who it was. The problem today with cyber-security is that people will receive a message, they click on a link, they open an attachment, they really don’t think where these things are coming from. It is important to know the source of these messages. It is not just e-mails. It is anything with instant messaging, social media and the like. Most security compromises happen because somebody is does something that they shouldn’t do. They open a link, they open an attachment from an e-mail from a dubious source. Once they do that, a malicious payload is in their system and that could lead to the type of debacle that the DNC is now experiencing.
 
The DNC hack is the latest reminder of how terribly exposed we are when we use the Internet. By exercising good judgement and vigilance we can improve our ability to avoid falling victim to hackers online.
 
 
Jeff Bernstein is an East Brunswick resident and the managing director of the T&M Protection Resources Cyber Security Advisory team. T&M is a security solutions provider that focuses on the protection of people, property and information. Bernstein has over 17 years of experience leading organizations dedicated to the protection of critical electronic computing infrastructure. Reach Bernstein at jbernstein@tmprotection.com.
 
 The Guest Column is our readers' opportunity to write about a given issue or topic in an in-depth and educational manner.
 
The opinions expressed herein are the writer's alone, and do not reflect the opinions of TAPinto.net or anyone who works for TAPinto.net. TAPinto.net is not responsible for the accuracy of any of the information supplied by the writer.
 
 
 
 

 The Guest Column is our readers' opportunity to write about a given issue or topic in an in-depth and educational manner.

The opinions expressed herein are the writer's alone, and do not reflect the opinions of TAPinto.net or anyone who works for TAPinto.net. TAPinto.net is not responsible for the accuracy of any of the information supplied by the writer.

TAP Into Another Town's News:

You May Also Be Interested In

Sign Up for E-News

Summit

Upcoming Events

Carousel_image_6c3705f0d83fcd78b74f_2ab30b66626ffd382f18_adobestock_50725543_child_reading

Wed, May 23, 10:00 AM

Summit Free Public Library, Summit

Ages 1 yr.-K: Storytime Squad

Arts & Entertainment Education

Carousel_image_45d79e8f8bb0f2094c44_d1fd9ac3c313c38cfd1f_storytimesillhouette

Wed, May 23, 10:00 AM

Summit Free Public Library, Summit

Storytime Squad

Arts & Entertainment Education

Carousel_image_0de40117d74882eb067b_122a37f8f9e0f55b1807_adobestock_50725543_child_reading

Wed, May 23, 12:00 PM

Summit Free Public Library, Summit

Age 1 yr.-K: Storytime Squad

Arts & Entertainment Education

Summit Police Blotter

May 17, 2018

4/24 - At 0728 hours a report was taken for a theft of two (2) sandwiches from a business on Morris Avenue. The manager reported that at approximately 0330 hours a male entered the business and removed two sandwiches from a refrigerated case. After doing so, he exited the store without paying for them. The male suspect was described as Hispanic, approximately 6’0”wearing a blue/gray ...

Video: Point View's Petrides Talks Current Events That Could Be Market Movers

May 22, 2018

Point View Wealth Management's Managing Director and Portfolio Manager, John Petrides, live on CNBC discussing events that could move the market this week:

.ptview.com/medias/tv-radio

​​​For more than 25 years, Point View Wealth Management, Inc. has been working with families in Summit and beyond, providing customized portfolio management services and comprehensive ...

Dietze Attends Dartmouth Alumni Council Meeting

Point View Wealth Management's Founder, President and Chief Investment Strategist, David Dietze, recently took part in the 216th meeting of Dartmouth's Alumni Council in Hanover, NH.

The Dartmouth Alumni Council's mission is to connect Dartmouth alumni to the College and each other.

Stocks Can Rise in a Rising Interest Rate Environment

Investors remain concerned about the potential impact of higher interest rates on stocks. In their most recently released minutes, the Federal Reserve Open Markets Committee indicated the US economy is on solid footing and the economic conditions warrant continued gradual increasing of interest rates. This set off a sale in the stock and bond markets as investors began pricing in a fourth ...

AtlantiCast

AtlantiCast: Episode 15

On this week’s AtlantiCast, learn some important tips for controlling and avoiding diabetes from an Atlantic Health System expert, see how Atlantic Health is advancing cutting-edge research, hear what’s being done to keep health care environmentally friendly and much more!

 

Managing the Ups and Downs of First-Time Homebuying

They accepted our offer, now what?

At times both equally exhilarating and terrifying, the purchase of a home can be a total roller coaster ride -- especially when it is your first time going through the process. Between suddenly being expected to understand the intricacies of contracts and the inner workings of a home, you are also expected to start writing checks for amounts you may ...

SURVIVING A STROKE: Quick Medical Response Gives Mom Her Life Back

Carotid artery dissection. It’s one of the most common causes of stroke in younger adults.

And while you might not associate the word “stroke” with younger patients, the condition – if not treated immediately – could lead to paralysis and even death.

Lindsey Singh can attest to the importance of immediacy. The 31-year-old mother of two from Flanders experienced ...

A Royal Pain

I went to a big wedding over the weekend.  It was in England.

I like to think I was invited, but according to the Royal Guards and the Thames Valley Police I was not.  But more about that later.

You see, not too long ago I received an evite addressed to me from H&M@royalwedbot.co.uk.  Curiously, it was in my spam folder with a warning message. For an evite it was pretty ...