Establishing Digital Trust: Don't Sacrifice Security for Convenience
The Russian government recently stated that the Kremlin's official website and the website of the Russian Electoral Commission were hit by massive cyber attacks on September 13, 2015, Russia's national Election Day.
"Yesterday someone attempted to hack our website and alter the data there, making 50,000 requests per minute," Russian Election Commission chief Vladimir Churov stated at a press conference on Monday, RT.com reports. "They failed and we have already established the culprit -- it's a company based in San Francisco."
And Dmitry Peskov, Russian president Vladimir Putin's press secretary, stated that "a very powerful hacking attack" was launched against the president's website. "The defense system worked, even though it was not easy," he said.
Tripwire director of IT security and risk strategy Tim Erlin told eSecurity Planet by email that attack attribution is increasingly being used as a political gambit. "The discussion, though brief, of China's cyber-attacks on the U.S. in [Wednesday's] Republican presidential debate is certainly one aspect of this new frontier for information security, but this kind of public pronouncement of culpability from Russia is another," he said.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"We should expect that cybersecurity will continue to be an important topic in ... politics, and we should also expect that nations and politicians will evolve their rhetoric on this topic as they further understand the potential leverage," Erlin added.
Politics and cyber security
According to the results of a recent Tripwire survey of 210 information security professionals, 68 percent of respondents said they'd prefer to vote for a candidate in the 2016 U.S. presidential election who has a strong cyber security policy.
Fifty-four percent said cyber security policy and regulation would be a key issue in the upcoming U.S. presidential elections.
"There is a big difference between a candidate who has a cybersecurity policy and a candidate who has an understanding of cybersecurity," Tripwire CTO Dwayne Melancon said in a statement. "In the past, there have been unrealistic expectations regarding the government's role in the cybersecurity space as well as difficulties in passing effective legislation."
"It will be important for candidates to not only articulate their concern for cybersecurity, but to also share a concrete plan on how they will incorporate the expertise of respected experts, who can help craft practical, effective and sustainable cybersecurity policies," Melancon added.
A Russian hacker group
Separately, F-Secure Labs published a report [PDF] stating that a hacker group called the Dukes "has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making."
While the Dukes' earliest identified attacks were launched against Chechnya in 2008, the group began targeting the West in 2009 with attacks on a U.S.-based foreign policy think tank and a NATO exercise in Europe. The group's MiniDuke malware was identified by researchers at Kaspersky Lab and CrySys Lab in 2013 -- at that point, the F-Secure report states, the group had already been operating for at least four and a half years.
"The connections identified in the report have significant international security implications, particularly for states in Eastern Europe and the Caucasus," Patrik Maldre, junior research fellow at the International Center for Defense and Security, said in a statement. "They shed new light on how heavily Russia has invested in offensive cyber capabilities, and demonstrate that those capabilities have become an important component in advancing its strategic interests."
"By linking together seven years of individual attacks against Georgia, Europe, and the United States, the report confirms the need for current and prospective NATO members to strengthen collective security by increasing cyber cooperation in order to avoid becoming victims of Russian information warfare, espionage, and subterfuge," Maldre added.
A recent eSecurity Planet article examined the growing threat of cyber war.