Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
DNC Leak: US Intel Chief Says It's Too Soon To Attribute Blame
Newest First  |  Oldest First  |  Threaded View
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
8/1/2016 | 8:43:24 AM
Re: Coincides with my previous statement
We all know how expensive political campaigns can be. Campaign staff are usually comprised of political folks close to the candidate, and not necessarily looking all all aspects of the campaign, notably their information infrastructure. As with industry, infosec likely takes a back seat in the budgeting process. It is almost laughable to think that the DNC would provide this protection, given their candidate's recent debacle with email confidentiality. One would think that the other party however, would likely offer a bit more protection with their candidate more knowledgeable in business matters where all aspects of infrastructure are considered, and hopefully surrounding himself with not just political staff, but also business folks. I guess time will tell, because as you pointed out, most don't act until they themselves get burned. That is an axiom that makes infosec folks uncomfortable.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/31/2016 | 9:29:58 PM
Re: Coincides with my previous statement
Very good point. I would hope the RNC would learn from the event at the DNC less it happen to them in the future. But then again, I've seen first hand that most don't act until they themselves get burnt.
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
7/29/2016 | 2:42:37 PM
Re: Coincides with my previous statement
There are really two issues at hand. First, the method and motive - although at some point in time it will be possible to attribute the breach/leak actors and their methods, it will be difficult to pin a motive short of a confession. At best, an educated guess will result. Second, the exposure resulting from the leak. Although it is difficult to have an end justify the means, the more important message gleaned is that a major political party disenfranchised 13 million or so voters. That, coming from the party that claims the other political party disenfranchises voters is certainly disingenuous. It does not end there. Now, there appears to be collusion between a political party and news media. People get their news from the media, but how genuine or trustworthy is that news if it is seriously influenced or even shaped by a political party? Although this is not Nazi Germany with Goebbels at the helm of their propaganda machine ... it does resemble it, just with different actors. Here is a more important question - was it a good or bad thing that the leak occurred, when it sheds light on an organization's activities? If so, how is that different from officials "hacking" into data sources to reveal their contents, in the interest of national security, knowing that the leak was a result of a hack (case in point, FBI and terrorist iPhones)? In these cases, there are blurred lines when attempting to define good and bad.

One thing is certain - the DNC is now a richer target environment because there is now a known trove of "juicy information", so they had better be on their toes. Additionally, the RNC should be increasingly alert because their opponents will be searching for their "juicy information" to counterbalance that which was exposed about the DNC. A digital information war by proxy, as it were.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/29/2016 | 1:58:57 PM
Re: Coincides with my previous statement
I agree that another dump of emails will most likely occur soon. As for there not being a motive I would find that difficult to believe in this case. For a cause such as a cyber threat or hack there is normally an effect that the hacker is trying to achieve.
theb0x
100%
0%
theb0x,
User Rank: Ninja
7/29/2016 | 1:43:26 PM
Re: Coincides with my previous statement
There doesn't necessarily have to be a motive. We all know the level of corruption there is within these organizations based on what has been exposed. I am predicting another dump of emails soon. This is just the surface...
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/29/2016 | 1:06:17 PM
Coincides with my previous statement
This coincides with a previous statement I made for the quick hit "Russia Likely behind DNC Breach says FBI." (I tried linking the article but the post window would not accept it.)


There haven't been enough parameters defined to assess motive.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10737
PUBLISHED: 2020-05-27
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the hom...
CVE-2020-13622
PUBLISHED: 2020-05-27
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.
CVE-2020-13623
PUBLISHED: 2020-05-27
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.
CVE-2020-13616
PUBLISHED: 2020-05-26
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.
CVE-2020-13614
PUBLISHED: 2020-05-26
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.