Juha Saarinen is a tech blogger for nzherald.co.nz.

Juha Saarinen: Be ready when Cozy Bear comes knocking

Institutions need to be prepared for.politically motivated hacks and leaks. Photo / Twitter - SwiftOnSecurity
Institutions need to be prepared for.politically motivated hacks and leaks. Photo / Twitter - SwiftOnSecurity

Should political parties hire cybersecurity experts to protect themselves from local and international spy agency hackers seeking to distort elections and the democratic process?

The answer to that has been "yes" for the past decade, yet the Democratic Party in the United States got their operational security wrong, got hacked, and their candidate Hillary Clinton might just lose the presidential election to Donald Trump because of it.

Trump's camp is making the most of the hacked emails and documents published on Julian Assange's Wikileaks, trying to cause as much havoc as possible before the election - and they're succeeding.

Strong signs are emerging that the hack on the Democratic National Committee was done by two Russian intelligence agencies before ending up at Wikileaks, and that they've been in the computers for over a year.

Security vendor Crowdstrike was early to spot digital fingerprints from Russia's military and federal security services when it analysed the DNC servers in June.

Other security companies have since then come to the same conclusion as Crowdstrike, that the DNC hack was done by Russian actors.

Cozy Bear or Advanced Persistent Threat 29 has been active against New Zealand targets too, Crowdstrike wrote. APT29 is believed to be Russia's federal security service FSB, whereas APT28 (FANCY BEAR) is the military intelligence directorate or GRU.

Assange is denying that WikiLeaks has become Putin's latest "troll farm" and partner in a war of smears and disinformation and says the Russian connection is just a diversionary tactic by Hillary Clinton's campaign staffers.

The evidence around the DNC hack says otherwise though, and it was clearly a political attack aimed at derailing the Clinton campaign and providing Trump with further ammunition against the Democrats.

It's quite some ammunition as well, as sensitive private information such as credit card data, Democratic Party donor names and social security numbers were leaked.

There's no reason to do that, unless of course to intimidate and discourage Democrat supporters. Sabotage is the term that springs to mind.

Once that information is out, it'll continue to do damage in the short to medium term, hurting innocent people who will think twice before backing the Dems again.

There are some parallels with our own little Dirty Politics hacked emails scandal last year but the DNC hack is a very different beast.

Expect to see more politically motivated hacks and leaks that aim to influence politics in New Zealand and elsewhere and that's something our democratic institutions need to be prepared for.

Dirty Politics sidelined some characters involved in the seamier side of NZ politics, but it had little effect beyond that. It was not a hack on a political party, and didn't bring down the government.

Hager also redacted the material for Dirty Politics, and didn't just dump it as-is on the web for everyone to search and see, no matter what it might say.

It certainly made life difficult for Nicky Hager who unlike Assange isn't hiding in an embassy in London and that's another key difference: unlike Hager, the chances of anyone, the state sponsored hackers or whoever, being raided by the police or suffering any consequences, are minimal.

It's that last point political parties should bear in mind: this is very asymmetric warfare against easy, high-value targets with precious little risk of retribution faced by knowledgeable, well-resourced and motivated attackers who will become emboldened by their success.

Expect to see more politically motivated hacks and leaks that aim to influence politics in New Zealand and elsewhere and that's something our democratic institutions need to be prepared for.

Get those security experts in now.

- NZ Herald

Get the news delivered straight to your inbox

Receive the day’s news, sport and entertainment in our daily email newsletter

SIGN UP NOW
Juha Saarinen is a tech blogger for nzherald.co.nz.

Juha Saarinen is a technology journalist and writer living in Auckland. Apart from contributing to the New Zealand Herald over the years, he has written for the Guardian, Wired, PC World, Computerworld and ITnews Australia, covering networking, hardware, software, enterprise IT as well as the business and social aspects of computing. A firm believer in the principle that trying stuff out makes you understand things better, he spends way too much time wondering why things just don’t work.

Read more by Juha Saarinen

© Copyright 2017, NZME. Publishing Limited

Assembled by: (static) on production apcf05 at 25 Apr 2017 12:21:42 Processing Time: 939ms