Cyber security is a dark world not many understand. So, I jumped at the opportunity to interview a top cyber security expert. To protect his identity, I’ll refer to him only as John.
John has worked in cyber security for 12 years and is currently employed by one of the world’s largest defence contractors. He started as a white hat (ethical hacker) contracting for an Israeli firm that specialises in penetration testing. People like John get paid by large banks and government agencies to legally break into their computer systems, corporate mobiles and large networks in order to expose weaknesses.
We sat down for a beer and discussed one of the biggest topics in the world right now, the supposed Russian hacking of the US elections. One of the first points John raised was that he is no fan of Donald Trump. His reasons are his own but it’s pertinent to point out he isn’t speaking from a biased position.
RightofB: I am interested in the claims that Russia hacked the elections and how you would go about it if you where the Russian government?
John: well I won’t use the term “hacking the election” that’s impossible, hacking the DNC yes, hacking Podesta to a degree. The main thing to remember is in the hacking world it’s best practice to use proxies and VPN’s via countries that are not part of the 5 eyes….
RightofB: OK hang on, I know what a VPN is but can you elaborate on the rest?
John: a VPN or Virtual private network helps you encrypt the information that you send, so it’s impossible to view the contents of the transmission. Proxies are like virtual computers that you can add to this encrypted network, bouncing from these networks helps hide your origin. And the “5 eyes”, US, Canada, Australia, NZ and the UK all share internet traffic data so it’s a good idea to source your bounce boxes or virtual servers outside of these countries. Throw in a couple of dark web nodes and it’s impossible to track.
RightofB: You are saying if you had hacked the DNC they wouldn’t be able to track you?
John: Well it comes down to the tools you use. Hackers from around the world use different sets of tools. We can tell from the type of hack and the tools used the possible origin of the intrusion. Though I will add that there are many ways around this.
RightofB: What do you mean?
John: Well the tools these groups use can be downloaded from various places including the dark web, you just need to know where to look. This in combination with routing traffic via the Ukraine could leave “planted” finger prints behind.
RightofB: In other words, the hack on the DNC could have been planted?
John: That’s right, the problem with the Ukraine is it’s a hotbed for hackers, freelancers, ex and current CIA, ex KGB and Israeli cyber security types, almost like when ex-military guys leave the special forces and join private security firms. To be honest if you knew your way around you could just hire some Ukrainian guys to hack the DNC for you. Might set you back a couple of hundred Bitcoin.
The other thing to keep in mind is that Russia and China have surpassed the US when it comes to cyber warfare.
RightofB: That’s scary especially since WikiLeaks dumped the CIA hacks.
John: Yes, now imagine China and Russia both have a bigger arsenal of methods for hacking. This to me is the problem with blaming the Russian government. Don’t get me wrong the Russians are constantly hacking everyone but they don’t get caught so why would they get caught hacking the DNC?
RightofB: Does that mean you don’t believe it was the Russian government?
John: I highly doubt it. Imagine you are Putin and you oversee the worlds 1st or 2nd best cyber attacking outfit would you leave fingerprints? If you understood Russian and could read it there is nothing stopping you from buying Ukrainian hacking tools on the dark web, routing over VPN into Amsterdam then eastern Europe, jumping a couple of onion gateways to an IP address in the Ukraine, from there you can deploy the hack. These days only amateurs who are trying to make a name for themselves leave Easter eggs, not government agencies.
RightogB: You make it sound easy, what about Podesta’s email?
John: This was a simple phishing scam, a webpage that gets you to enter and reset your password. It’s not really a sophisticated intrusion. This could have come from anywhere, probably China. It happened on his gmail account. Google are quite good at catching these types of scams early but the Chinese are pumping these out by the day. From there I’d say they sold the info. There is a lot of money to be made in email “ransom” from guys like Podesta.
RIghtogB: Could Google trace this hack?
John: Sure they can. They can trace it to the origin of the page where he would have had to “reset” his password. But from there the hound would lose the scent. Those sites pop up and close down so quickly, it’s almost not worth tracing, plus they can be setup from anywhere in the world, or cloned to multiple places or countries.
RightofB: What reasons are the FBI and CIA giving to blame the Russians?
John: Well the government never got a look at the DNC servers and Crowdstrike (a company with a questionable past) blamed it on a tool the GRU (Russian military intelligence agency) used in 2014. Two years in the hacking world is an eternity. It’s highly unlikely that the GRU would use 2-year-old previously used exploit to hack any government body. The risk is too high. If you are going to hack governments you would use the newer unknown exploits.
It’s a bad look for Crowdstrike who are in charge of DNC security when they get caught by an old exploit. It’s more likely the GRU sold the tool online for use. Once a tool gets too old or “outed” it’s no longer effective on the big corporations or for industrial espionage. It’s sold or traded online by amateurs for use on smaller institutions. The exploit probably started its life in the GRU, which hordes exploits just like the other agencies around the world.
It’s a very big mistake underestimating the GRU. When it comes to cyber warfare they are far ahead of the US government and light years ahead of Crowdstrike. It’s like asking the lawnmower service guy to look at what’s wrong in a Formula 1 car’s engine.
RightofB: Is this a dangerous path for the US to walk?
John: Not really. We know, and all government agencies know, that everyone hacks everyone. The Chinese hack the US, the US hacks the Russians, the Russians hack the US and so on. This is how I remain in a high paying job. This is nothing new, especially coming out from the US. They are one of the main culprits when it comes to government hacking. Now that Wikileaks dropped the US hacking toolbox it will be attached to many past hacks. It’s like finding the murder weapon with a name tag on it.
RightofB: What about Trumps collusion with the Russians?
John: How the CIA and FBI establish collusion is not really my area of expertise but I do know that the GRU is not easy to infiltrate. It would be impossible to link to Putin or Trump with concrete evidence, which won’t exist. The GRU is spread out in factions that can operate independent of the governing body, a capability inherited from the cold war era. First, they will have to prove which GRU unit did the hack with more than “fingerprints”, which as I explained is not easy. Then they will have to prove that Putin ordered the hack which will be impossible. But if they could, they would have to prove that it was a combined and communicated strategic alliance. We are talking about a guy that has “offed” a few people in his life without getting caught and is still a president of a major country. Putin did not get to where he is by making silly strategic mistakes like this.
RightofB: What is the way forward for this investigation?
John: The problem today is hacking has become big business, stealing, bribing, blackmailing and selling of information. Freelancers, government groups… there are no borders or boundaries, you can be anyone or no one.
Trying to prove something will be futile in court. It’s not some 16 year old in a basement they are accusin. It’s the Russian government we are talking about. Anyone claiming they have concrete proof the Russians hacked the DNC is 100% doing so for political reasons.
Moving forward the US should invest in cyber security, hire the best. America used to be a leader in this space but they have fallen behind over the last 10 years. The Wikileaks Vault 7 dump has put the US back even further. The problem is that China and Russia are not going to hold up development to wait for the US to catch up again.
The US is eating itself from the inside by hunting for ghosts that will never be found. If they had proof it would be out already. If after 8 months they have still not uncovered anything new it will be forever lost in the galactic size haystack. Close the case and get back to righting the ship. Trump will be voted out in 4 years, no need to do 4 years of hyperbolic damage to a country already struggling internationally.