"Department of Homeland Security (DHS) Secretary Jeh Johnson on Thursday downplayed concerns about malicious hackers influencing U.S. elections amid rising fears about foreign actors trying to wreak havoc on Election Day." (thehill.com)
I'd like to comment... Just because DHS can't see it, doesn't make it true. That's not a knock on DHS but neither the US-CERT nor the NCCIC are equipped to handle the multi-disciplinary analysis required to see and read all of the tea leaves.
Let me explain... here are a few things you may not have known. We tracked in near real time, the manipulation of the Ukrainian Presidential Election by hackers, military, and commandos. This multi-facted, asynchronous information operation followed what we believe to be an updated version of the Ivanov Doctrine --Putin's asynchronous warfare plan taken from lessons learned by watching the US operate against Iraq. We published reporting on this in 2014 and into 2015. Since the Crimean conflict, Wapack Labs has actively tracked cyber activities between Russia and their neighbors -but most specifically Ukraine. The ability of DHS's NCCIC to have known about this would have meant they would have had more intelligence than just cyber coming into the center. I'm not sure if they do.
The high level story goes like this:
(Russian) hackers trojaned the Ukrainian Central Election Computer systems. When the Ukrainians find out, they take it offline. Telephony denials of service, computer attacks, and manipulation of election reporting on Russian State-owed Television station on the eastern border of Ukraine reported false outputs through the night of the election. The full report tells the full story, properly sourced, but the last time we mentioned this, it was reported by the Christian Science Monitor. We preferred to stay low-key in the article, but this story was originally tipped off by my original blog post. I remember having a discussion with Mark Clayton (the journalist) as he was pulling the piece together. He was aghast that the story of a Presidential Election manipulation hadn't received more attention here in the US. My only thinking is, my team is small and nimble.. we operate very much in a multi-disciplinary fusion center approach. I'm guessing that gathering lessons learned wasn't the priority at the time, and neither the press, nor our IC apparently connected the dots... or maybe Jeh just hadn't been made privy?? I don't know. I can't speculate on that, but I can make our original reporting available.
If you wish to purchase the report, I've priced the short form Priority Intelligence Report at $1. The 25 page document is priced slightly higher. Both are available for purchase at our digital storefront.
I'm preparing for my trip to Orlando tomorrow. I've never been to an ISC2 Annual Summit, and the fact that it's being hosted with ASIS makes this attractive to my cashflow operated marketing budget. I've got a great little announcement that'll be hitting the press while I'm there, and if you see me, ask me! I'm planning on having my laptop, running demos to anyone that'll want to see them. We'd built an early version that I demo'd all over RSA, gathering a great crowd, running demos on my phone until the battery finally died. I can't wait to show off the upgrade!
On Wednesday we're presenting at the FS Consortium in NYC, and next week? Cigars with Red Sky Alliance members on Monday night with Threat Day at the Global NOC of one of the major telecom companies on Tuesday. We've got a great lineup. I'm running hard. It's awesome! Didn't get the invite? Shoot a note to Pam, our marketing guru. She'll hook you up!
So, until next time,
Have a GREAT weekend. Maybe I'll see you in Orlando!