Cyber-spying, leaking to meddle in foreign politics is the New Normal

Feature The allegations that computer hackers affected the outcome of the 2016 US presidential election have cast a long shadow and might appear to be unprecedented.

But in fact they are not. Computer hacking has also featured as an issue in previous elections, in the US and elsewhere, albeit in much more peripheral roles.

China, rather than Russia, for example, was suspected in the 2008 attacks both the McCain and Obama US presidential campaigns. The big difference was that, unlike in 2016, there was no attempt to release the compromised data.

Communications lifted after hacking the Democratic National Committee (DNC) network and compromised emails from Clinton campaign chair John Podesta were leaked during the 2016 US election campaign in what amounted to the weaponisation of stolen political intelligence.

Cyber security experts speculate that the Republican National Committee may also have been hacked. That remains unconfirmed. All that we can say for sure is that any stolen intel was not leaked wholesale.

Private information from prominent Republican politicians did, however, surface on DC Leaks, fruits of an apparent phishing attack, so claims by the Republicans that they avoided hacking by operating with better security than their Democrat opponents ought to be treated with caution.

DC Leaks released emails purportedly sent by campaign staff of Arizona senator John McCain and South Carolina senator Lindsey Graham and former Minnesota congresswoman Michele Bachmann. All three have staked out political positions hostile to Russia.

The traffic goes both ways. Paul Manafort, campaign aide to then candidate Donald Trump, was forced to step down in the wake of a controversy over alleged off-books cash payments received from a pro-Russian political party in Ukraine. One theory is that elements of the Ukrainian government leaked the information in order to damage Trump.

Travis Farral, director of security strategy at threat intelligence firm Anomali, has developed a comprehensive report on the malicious activity that surrounded the latest US election as well as putting together examples of other nation states interfering in other countries political affairs.

All the (Russian) president's men

Evidence that has come out that appears to support involvement by elements of the Russian government in interfering with the 2016 US election is "compelling"… but "not strong enough on its own to eliminate other possibilities", according to Anomali. The threat intelligence firm has published a timeline of cyber security events during the 2016 US election here.

Evidence that Russia interfered on the side of the pro-Russia candidate Viktor Yanukovych in the 2010 Ukrainian election is stronger still. "This was a multi-pronged campaign," Farral told El Reg. "False information was spread in attempts to manipulate the electorate. In addition, results were manipulated before they were sent to the central authority."

These kind of campaigns remain ongoing. Sweden has accused Russia of running an influence campaign, downplaying Nato among other strategic goals, as part of a campaign to manipulate the results of the next general election in the Scandinavian country, which needs to happen before September 2018.

Lone wolves and hackers for hire

Russia isn't the only potential adversary to worry about. Lone wolf actors (such as the original Guccifer, Marcel Lazăr Lehel), Islamic activists, and other politically motivated actors or groups could also be sources of concern. Information security attacks could be made against political organisations, government institutions, and political operatives.

Columbian hacker-for-hire Andrés Sepúlveda claims to have used a variety of dirty tricks to influence elections in Nicaragua, Panama, Honduras, El Salvador, Colombia, Mexico, Costa Rica, Guatemala, and Venezuela over the last ten years. Sepúlveda was jailed for spying on the Colombian government’s peace talks with Marxist rebels, as previously reported.

Anomali's latest threat intelligence report, Election Security in an Information Age, can be downloaded here (email-based registration required).

The report outlines historical examples of nations interfering with the smooth operation of other country's elections as well as examining the issue of attribution and manipulation of digital evidence. It's possible that culprits can manipulate digital evidence to make it appear as is someone other than themselves perpetrated an attack.

Parallax view

Over the last two years alone, there have been an increasing number of information security attacks on political organisations, government institutions, and political operatives. The German Bundestag, the ruling Turkish AKP political party of Recep Erdoğan, NATO, the Ukrainian government, and the German Christian Democratic Union political party have all been targeted since 2014.

Some of these attacks have led to the release of damning emails or other confidential information. Stealing and releasing private information hasn’t been the only avenue to influence public opinion, however. Armies of social media “trolls” have been employed by countries like Russia and Turkey to shape public opinion on state interests, according to Anomali. Nation state involvement is suspected in many cases but difficult to prove because attribution in cyberspace is difficult.

Time for a non-cyber aggression agreement

The issue of hacking as a political tool is timely, especially in the run-up to what promises to be fiercely contested elections in France and Germany later this year.

The interference of countries in the elections of other countries dates back many years. Only the cyber element is new and incidents like the compromise of Angela Merkel's smartphone and the DNC hack last year have had the incidental effect of raising awareness.

Oren Falkowitz, a former director at the US Cyber Command turned chief exec of security start-up Area 1 Security, told El Reg: "Technically not much has changed recently but there's a greater awareness of security threats among business leaders and senior politicians."

The reasons for cyber-espionage parallel those of conventional spying, namely economic, political and financial. "It's not just Russia. Everyone is engaged in this all the time," according to Falkowitz, "The focus on attribution is wrong. This is a technical problem," he added.

Security tech has achieved disappointing results because it is treating the symptoms rather than the root cause of infosec problems, according to Falkowitz. Although cyber-threats are best combated through technology, political agreements between countries might help in reducing tensions, he added.

"Cyber conventions could be treated like arms reduction talks," Falkowitz explained. "You need to establish norms before making treaties," he added. ®