EAST BRUNSWICK, NJ - The security compromise and recent leak of thousands of Democratic National Committee (DNC) electronic messages should serve as the latest reminder of how terribly exposed our digital lives leave us and our private information. If a large, well-funded organization as powerful as the DNC cannot protect its sensitive communications, how can any of us ever expect to protect our own communications and personal data?
What Was Hacked?
An extensive file containing sensitive information about Republican Presidential Candidate Donald Trump was hacked from a DNC network server and subsequently posted publicly on the internet on June 15. The information first appeared on the anti-secrecy website WikiLeaks. The hack of the DNC server was quickly attributed by law enforcement to what appears to be foreign state-sponsored hackers connected to Russian intelligence. Among other things, the files exposed the DNC’s non-neutral preference (and potentially biased activity in support of it) for Hillary Clinton to win the Democratic Presidential nomination over Progressive Democratic candidate Bernie Sanders.
The leaked file included internal DNC emails, text messages and a 200-page book of opposition research assembled about Trump. The sensitivity of the information as well as the timing of the leak has resulted in what some are describing as a rough start to the Democratic National Convention in Philadelphia. The compromise has already resulted in the resignation of DNC Party Chairwoman Debbie Wasserman Schultz. It has also reignited the fire and criticism from Sanders supporters during a period when the Democratic party was hoping to unify all of its constituents.
How Does a Security Compromise Like this Happen?
Organizations including the RNC and the DNC have invested heavily in the latest security technologies with the goal of securing their computing networks and connected devices. They’ve also developed, documented and implemented policies and procedures that help them to operate securely and meet legal and regulatory requirements. Yet losses to security breaches for these same organizations continue to occur. This is almost always the result of a lack of security savvy among the organization’s Internet-connected users. All too often security breaches like the one at the DNC are caused by users doing something that they shouldn’t do such as clicking a malicious link in an email message, opening an infected email attachment or visiting a website that is tainted with malware.
What Kind of Cyber Attack Was This?
Almost all legitimate sources say that the DNC hack was likely the result of a Phishing exploit. Phishing exploits attempt to acquire sensitive information such as usernames, passwords, credit card details, money or intellectual property by simulating a trustworthy source in electronic communication. Communications pretending to be from popular social media sites, email platforms, banks, payment processors, IT administrators and other trusted sources commonly are used to lure victims. Phishing emails often contain links to websites that are infected with malware. Phishing attacks often direct users to enter user names and passwords at fake websites whose look and feel are almost identical to the legitimate one they are mimicking. Phishing is just one type of social engineering technique used to deceive users, but it remains among the most dominant and effective attacks being used by cyber-criminals today.
How can the Average Person Avoid Falling Victim to a Similar Attack?
The only way to stay protected from these type of threats is to exercise good judgement and extreme vigilance when it comes to internet use. Security implications should always be considered when doing any kind of computing. Be skeptical of every email, text and instant message that you receive. Examine them carefully to verify the legitimacy of the source. Examine URL’s to ensure they are not malicious spoofs. This thinking needs to be applied when using any type of connection and every device.. at work, at home and when out and about as well. Here are a few additional tips worthy of consideration:
- Regularly update software;
- Be skeptical of every email, text and instant message;
- Use 2 factor authentication whenever it is available;
- Use encryption whenever possible;
- Connect on trusted, secure networks only;
- Use lock-out schemes when devices are idle;
- Selectively choose applications and terminate permissions for applications not used; and
- Avoid losing devices by keeping them close.
Education is equally important, Because of this, parents and older siblings of children should teach kids about acceptable usage and cyber-security threats when they are first learning to access and use the internet. Children are smart and a little coaching will position them to properly recognize and avoid cyber-threats.
Prior to the existence of the internet, criminals had to physically spy on or attack their prey, break and enter, intercept mail or dig through garbage to steal personally identifiable information and communications. . Now that most of society’s information is available and exchanged with the ease of a click online, criminals leverage the internet to steal communications, account credentials, money, identities, sensitive intellectual property and private data. Today, cyber-criminals can anonymously deliver their attacks anonymously with a basic computer and internet connection right from the comfort of their own homes or from anywhere else in the world. They’re also able to attack hundreds, if not thousands, of potential victims at a time with the simple click of a mouse.
I saw a recent interview with James Comey, the current FBI director, that really resonated with me. He said that people should treat their e-mail box like they treat their home. If somebody knocked on your door at 2 in the morning, you wouldn’t just open the door and let them in. You would ask who it is, look out the window and try to vet who it was. The problem today with cyber-security is that people will receive a message, they click on a link, they open an attachment, they really don’t think where these things are coming from. It is important to know the source of these messages. It is not just e-mails. It is anything with instant messaging, social media and the like. Most security compromises happen because somebody is does something that they shouldn’t do. They open a link, they open an attachment from an e-mail from a dubious source. Once they do that, a malicious payload is in their system and that could lead to the type of debacle that the DNC is now experiencing.
The DNC hack is the latest reminder of how terribly exposed we are when we use the Internet. By exercising good judgement and vigilance we can improve our ability to avoid falling victim to hackers online.
Jeff Bernstein is an East Brunswick resident and the managing director of the T&M Protection Resources Cyber Security Advisory team. T&M is a security solutions provider that focuses on the protection of people, property and information. Bernstein has over 17 years of experience leading organizations dedicated to the protection of critical electronic computing infrastructure. Reach Bernstein at firstname.lastname@example.org.
The Guest Column is our readers' opportunity to write about a given issue or topic in an in-depth and educational manner.
The opinions expressed herein are the writer's alone, and do not reflect the opinions of TAPinto.net or anyone who works for TAPinto.net. TAPinto.net is not responsible for the accuracy of any of the information supplied by the writer.