SoylentNews is people
SoylentNews
from the blatantly-obvious-is-hard-to-comprehend dept.
John Arquilla at ACM writes:
What a pity that senior leaders in the American government and intelligence community have decided to play political football with the alleged Russian hacks of John Podesta's and other Democrats' emails. By using these intrusions to gin up fears about the "integrity" of the electoral process—which is already befouled by the focus on finding and spreading dirt on the opposition—the real story is being neglected. And what is that real story? It is that, despite more than two decades of consistent public warnings that have reached the highest levels of government, cybersecurity throughout much of the world is in a shameful state of unpreparedness.
Take the United States, for example. Since the mid-1990s, there have been approximately 200 cybersecurity bills brought before Congress. Only one has passed, quite recently at that, and it only calls for voluntary information-sharing about cyber incidents. Legislation aside, there have also been several government-sponsored commissions and top-level exercises focused on understanding and illuminating the cyber threat. Each of these has signaled that "the red light is flashing;" that is, American cybersecurity is in very poor shape. Indeed, former cyber czar Richard Clarke and Robert Knake, in their book, Cyber War, list the U.S. as having the poorest cyber defenses among the leading developed countries.
TL;DR: The lesson(s) are: we must improve defenses, better use of strong encryption, and don't wait for government policy to protect you.
Previously:
Obama Orders Sweeping Review of International Hacking Tied to U.S. Elections
How Hackers Broke into John Podesta and Colin Powell's Gmail Accounts
(Score: 1) by daver!west!fmc on Wednesday December 28 2016, @11:08PM
Either I'm too trusting of stuff I read online, or John Podesta was spearphished with a "change your password (but first enter your current password)" e-mail (made easier either because he was using a personal Gmail account for DNC work, or because the DNC had outsourced e-mail to Google, e.g. democrats.org), asked a DNC IT staffer to confirm whether it was legitimate, and the IT staffer (being at the end of his day and tired) correctly identified it as not legitimate but mistakenly replied that it was legitimate.
Likewise, other DNC intrusions (administrator-level access to computers on their network) were made possible through other DNC staff being phished.
Now, maybe this is the cover story, but is it good cover? What it says is that the humans were the weakest links, and they got socially engineered (phished) to give up their passwords. It certainly does not exceed my willing suspension of disbelief.
And someone leaked a bunch of DNC e-mail. A friend of Wikileaks met with a cut-out to get that data, and the cut-out told him that it was an insider leak, and he has related that meeting to a news reporter.
As I wrote, perhaps I am too trusting of what I read online. All of the above is my understanding from reading admittedly mainstream news media articles (e.g. the New York Times) for statements of fact. You will note I am not making the same leaps these articles often do to Russian action; my reading is that when these leaps are reported and I can trace them to a source that source is either CrowdStrike (who was brought in by the DNC) or one or another national security establishment, and they're based on some notion of what was done being like what a couple Russian organizations do.