Hackers Are Using 2016 Election Lessons to Shift Tactics, CrowdStrike SaysBy
Altered data increasingly seen as part of hackers’ strategy
Attacks on Soros’s foundation, Saudi Arabia part of trend
It’s not just the Democratic Party learning lessons from cyber attacks linked to Russia during the 2016 U.S. election: hackers, too, are shifting their tactics, according to the co-founder of computer security company CrowdStrike Inc.
Undeterred by tighter sanctions imposed on Russia by the U.S. in response to last year’s attacks, hackers are increasingly likely to leak altered information they steal from both individuals and companies, said Dmitri Alperovitch, who serves as CrowdStrike’s chief technology officer.
"I’m sure they’ve been taking notes about how they can try to extort individuals, companies and leverage the same trade craft that’s been used so successfully in the last year," Alperovitch said in an interview Tuesday in San Francisco. "We will see leaks from companies, perhaps political entities, this year and we need to be very careful about believing everything that we see."
While high-profile cyber attacks against Sony Corp. and Target Corp. have drawn attention to the risks of hacking, computer experts say the U.S. is still quite vulnerable to breaches. A report last month by the Center for Strategic and International Studies said “advanced attackers can still penetrate most American networks,” with the authors singling out critical infrastructure -- including energy, telecommunications and finance -- as most at risk.
The Democratic National Committee called CrowdStrike last year to respond to a cyber breach in its networks that led to disclosures of the committee’s e-mails and other internal data, resulting in then-DNC Chairwoman Debbie Wasserman Schultz’s decision to step down. CrowdStrike linked the attackers to Russian intelligence agencies, a finding echoed by the U.S. government, which said the campaign was ordered by Russian President Vladimir Putin. Many Democrats blame Hillary Clinton’s defeat by Trump on the hacks and subsequent leaks, while Russia has denied the allegations.
Altering data could be as simple as dropping a phrase or changing a word in a sentence. Hackers could target not just highly sensitive personal information, but even e-mails whose content they could change and then release. Alperovitch said his forecast for increased breaches and data alteration is based partly on intrusions CrowdStrike continues to monitor, many of which he blames on Russia-based hackers. The company has tracked a few recent intrusions on the public sector in which Russian hackers have attempted to break in and manipulate data.
"It shows that they’re thinking of this," he said, adding that other nation-states and criminal groups could also employ this technique.
In one example, billionaire George Soros’s philanthropy, the Open Society Foundations, was the victim of a cyber breach and leak of documents which CrowdStrike also pinned on Russian hackers. In that case, Alperovitch said attackers were able to change a single line in the spreadsheet listing organizations funded by Soros’s group, adding Russian opposition leader Alexei Navalny to the roster.
The spillover of geopolitical tensions into the cyber sphere can also be seen in the Middle East. Saudi Arabia has experienced increased hacking attacks in recent months, including against the central bank, which is believed to have been the result of the computer-killing malware known as Shamoon. There has been a "reemergence" of Shamoon -- linked to Iran -- in Saudi Arabia as recently as two weeks ago, according to Alperovitch. CrowdStrike is working with some clients in Saudi Arabia, though it would not disclose more details.