Of hacks and Russian hackers
by Tom Sullivan
Once during the Reagan years, I accidentally put my credit card payment voucher in the envelope backwards (with my own name and address showing in the window). Then I unknowingly mailed it to myself from the post office a half mile away. Three weeks later it arrived in my mailbox along with the late payment notice from VISA.
We’ll come back to that.
The New York Times has published a lengthy history on how the Russian hacks of DNC computers affected the election. It seems the FBI first contacted the DNC in September 2015. The call from Special Agent Adrian Hawkins got routed to the help desk where he reached a tech-support contractor. Yared Tamene, no expert in cyberattacks, made a cursory look for signs of intrusion and found none. Tamene couldn’t be sure it wasn’t a prank call. It was months before the DNC higher-ups finally realized they had a serious problem. Even so, the FBI found, the Russian hackers made “a very sloppy attempt to cover up.”
Take time to read the whole thing.
There are a lot ways to go with this, but two passages jumped out at me (emphasis mine):
Shawn Henry, who once led the F.B.I.’s cyber division and is now president of CrowdStrike Services, the cybersecurity firm retained by the D.N.C. in April, said he was baffled that the F.B.I. did not call a more senior official at the D.N.C. or send an agent in person to the party headquarters to try to force a more vigorous response.
You know, to the office building of a national political party a few blocks away.
Then there was this (emphasis mine):
Andrew Brown, 37, the technology director at the D.N.C., was born after that famous break-in [Watergate]. But as he began to plan for this year’s election cycle, he was well aware that the D.N.C. could become a break-in target again.
There were aspirations to ensure that the D.N.C. was well protected against cyberintruders — and then there was the reality, Mr. Brown and his bosses at the organization acknowledged: The D.N.C. was a nonprofit group, dependent on donations, with a fraction of the security budget that a corporation its size would have.
“There was never enough money to do everything we needed to do,” Mr. Brown said.
The D.N.C. had a standard email spam-filtering service, intended to block phishing attacks and malware created to resemble legitimate email.
The Times includes a helpful photo of the DNC’s headquarters.
Even as Bernie Sanders supporters convinced themselves that the shadowy DNC had somehow “rigged” the Democratic primary against him, I promised there was no hidden, computer-filled bunker below ground where Debbie Wasserman Schultz pulled levers and pushed buttons that manipulated state boards of elections and vote tallies in states from the Atlantic to the Pacific. The reality is the DNC could barely block spam and malware. Reading between the lines, the RNC (another nonprofit) was not much better.
But we dearly love our conspiracy theories. Anyone who has watched Mission Impossible would like to believe that our leaders and our government are far more competent and capable (and/or diabolical) than ordinary human beings. Maybe even able to deliver a letter from a post office to a house half a mile away in less than three weeks. But they’re not. Donald Trump is about to demonstrate that for the world.
By and large, our leaders and our government do not operate with the skill and eye-popping gizmos of Ethan Hunt’s IM Force. There are no guarantees of invincibility. Space shuttles explode. Helicopters on secret missions crash. SEAL Team 6 does not always walk away. More mundane organizations, even prominent ones, are typically less well funded, equipped and capable than we imagine.
One year during the Clinton administration, my state tax refund check did not arrive until mid-summer, and then in a crumpled envelope with a postmark showing it had first passed through Sullivan, Maine.