Of hacks and Russian hackers
by Tom Sullivan
Once during the Reagan years, I accidentally put my credit card payment voucher in the envelope backwards (with my own name and address showing in the window). Then I unknowingly mailed it to myself from the post office a half mile away. Three weeks later it arrived in my mailbox along with the late payment notice from VISA.
We'll come back to that.
The New York Times has published a lengthy history on how the Russian hacks of DNC computers affected the election. It seems the FBI first contacted the DNC in September 2015. The call from Special Agent Adrian Hawkins got routed to the help desk where he reached a tech-support contractor. Yared Tamene, no expert in cyberattacks, made a cursory look for signs of intrusion and found none. Tamene couldn't be sure it wasn't a prank call. It was months before the DNC higher-ups finally realized they had a serious problem. Even so, the FBI found, the Russian hackers made "a very sloppy attempt to cover up.”
Take time to read the whole thing.
There are a lot ways to go with this, but two passages jumped out at me (emphasis mine):
Shawn Henry, who once led the F.B.I.’s cyber division and is now president of CrowdStrike Services, the cybersecurity firm retained by the D.N.C. in April, said he was baffled that the F.B.I. did not call a more senior official at the D.N.C. or send an agent in person to the party headquarters to try to force a more vigorous response.You know, to the office building of a national political party a few blocks away.
Andrew Brown, 37, the technology director at the D.N.C., was born after that famous break-in [Watergate]. But as he began to plan for this year’s election cycle, he was well aware that the D.N.C. could become a break-in target again.The Times includes a helpful photo of the DNC's headquarters.
There were aspirations to ensure that the D.N.C. was well protected against cyberintruders — and then there was the reality, Mr. Brown and his bosses at the organization acknowledged: The D.N.C. was a nonprofit group, dependent on donations, with a fraction of the security budget that a corporation its size would have.
“There was never enough money to do everything we needed to do,” Mr. Brown said.
The D.N.C. had a standard email spam-filtering service, intended to block phishing attacks and malware created to resemble legitimate email.