The worlds of politics and cybercrime collided in 2016 when Hillary Clinton’s presidential campaign HQ was infiltrated by hackers. The incident led to the exposure of thousands of sensitive private documents, a storm of controversy and potentially, the disruption of the US democratic process.
There’s been a lot of speculation since the 2016 Clinton campaign hacks about the source of the attacks, what the intentions of the hackers were and the implications for cybersecurity.
In July a massive amount of new information came to light when Special Counsel Robert Mueller (pictured at top) indicted twelve Russian intelligence agents and revealed evidence discovered by his investigation including detailed technical descriptions of the tactics used by the alleged hackers.
From the point of view of the cybersecurity industry, the hacking techniques described in the Mueller indictment are typical of the sort cybercriminals use routinely. That’s interesting and also deeply concerning because it reveals the persistent misunderstanding that most people have about how cybercrime works. That hackers could use simple, generic tactics to break into a US Presidential campaign demonstrates the lack of cybersecurity awareness that exists even in large, well-funded organisations.
How Clinton’s campaign was hacked
According to the Mueller investigation, high ranking people in the Democratic campaign headquarters, including campaign chairman John Podesta, were targeted with spear-phishing emails designed to steal the login credentials for their email accounts.
A Washington Post article described Clinton campaign staff getting emails that seemed to come from fellow team members and including “a link to an Excel document named ‘hillary-clinton-favorable-rating.xlsx.” Campaign staff who opened the Excel document were directed to a phishing website that harvested their login names and passwords. That phishing site was controlled by Russian agents, the Washington Post reports.
These phishing tactics allegedly used by the Russian agents are exactly the same as the techniques criminals routinely use to defraud corporations and small businesses. Phishing emails disguised as friendly messages from colleagues or recognisable organisations such as banks or utility companies are the source of most data breaches.
Phishing
The vast majority of hacking and cybercrime is perpetrated with very simple tactics. Data from research by Deloitte and the World Economic Forum (WEF) shows that cybercriminals target companies through their staff inboxes. Once they have access to the email accounts they can quickly acquire sensitive company data that will allow them to redirect payments, commit credit card fraud and install viruses and spyware.
Email fraud has many tactical variants but all of them employ the same basic process:
- Criminals send a fake email to a person working in a target company, that seems to come from a workmate or trusted business.
- The email will contain a link that points to a phishing page that harvests sensitive data, or a hidden spyware file.
- Using the login data they collect from the phishing page or spyware, hackers will access the company’s computer system, covertly stealing data and diverting funds.
With access to a company’s email system cybercriminals can get hold of purchase orders, impersonate high ranking staff members and send fraudulent messages to customers and other businesses.
Learn more about online fraud
The 2018 AusCERT Cybersecurity Survey report warned that “phishing and email attacks are still the most prevalent form of cybersecurity incidents,” and that “phishing emails are the most widely used infection vector employed by 71% of all threat actor groups.”
Implementing a robust cybersecurity defence in 2018 means keeping malicious email like phishing messages out of employees inboxes.
If you would like to learn more about cybersecurity preparation, you can download the free e-book Surviving the Rise of Cybercrime. It’s a plain English guide explaining the most common threats and providing essential advice on managing risk.
“Cybercrime is a serious and growing business risk. Building an effective cybersecurity culture within an organisation requires directors and executives to lead by example. Surviving the Rise of Cybercrime is a must-read for directors and executives across business and in government and provides strong foundations for leaders determined to address cyber risk.” - Rob Sloan, Cybersecurity Research Director, Wall Street Journal.
You can download your copy of Surviving the Rise of Cybercrime for free, here.
