
Russian government hackers penetrated DNC, stole opposition research on Trump - uptown
https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-trump/2016/06/14/cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html
======
tptacek
The only thing interesting about this story is that whoever did it got caught.
Sort of.

Is there anyone here who really believes that every major campaign
organization since, say, 2004 hasn't been completely owned up? What, you think
the people that build the software and IT environments for campaigns --- sites
that by design have millions of users with persistent accounts, and thousands
of staff members at varying levels of privilege --- are the creme de la creme
of software security talent?

Because, sure, I mean, everyone I know in software security and pentesting
tells me "my first career choice is to go work in IT for the DNC and the GOP",
but somehow along the way Google manages after a mighty struggle to outbid the
70k/year cost-center IT organizations offer for security talent.

If there was any interesting "oppo research" on McCain in the DNC servers
during the '08 election, I will bet all the money in my pocket versus all the
money in yours that the Chinese read all of it long before everyone on the
official CC list did.

~~~
stillsut
Is blase indifference how we respond to national level security breaches now?

If this was somebody's health records, the organization responsible for the
disclosure would be under serious investigation (HIPPA), and throwing down
retainers to every law firm in town.

Thomas, is it your opinion that those responsible for securing this data
shouldn't be held responsible?

~~~
tptacek
I think it's awfully silly to pretend that campaign IT organizations should be
falling on their swords when the largest, most-talented, best-funded software
security organizations in the industry do only a marginally better job when
evaluated by outcome.

But, more importantly: I meant what I said. The only interesting thing about
this story is that whoever hacked the DNC got attributed. You think the GOP
isn't owned up?

------
ams6110
State sponsored attackers had "thoroughly compromised" access for over a year
and were "expelled" over a weekend? Not bloody likely.

~~~
jandrese
Maybe the weekend was spent burning all of their equipment?

~~~
astrodust
Finally decommissioned that old SharePoint server?

~~~
jandrese
I'm not sure fire is sufficient for a SharePoint server.

------
mtgx
But some people still hope for online voting. This is a preview of how other
countries could decide your elections if you switch to online voting now (and
that's assuming your own intelligence agencies don't compromise it first to
support whoever is more favorable to them and to an expansion of their
powers).

~~~
feklar
Chinese state actors even get involved in municipal council politics in Canada
[http://www.theglobeandmail.com/news/politics/government-
infi...](http://www.theglobeandmail.com/news/politics/government-infiltrated-
by-spies-csis-boss-says/article4392618/?service=mobile)

Insecure online voting would be icing on the cake

------
lifeisstillgood
There was a time when if you wanted to transport yourself or your goods across
say Europe or China, you needed to hire mercenaries and they would protect
your business from bandits on the way.

At various times (Mongols, US Navy vs pirates etc) governments stepped in and
provided that protection (for a lesser price) and trade grew.

I'm not too sure how governments can provide protection in the online realm.
Perhaps by providing minimal standards of security? (I know the standards
exists but enforcing them?)

However, now my iPhone is FBI-resistant, and public keys are fairly easy to
share, it seems that secure peer to peer communication is feasible.

So the shape of a more secure, bandit free internet is clearer - hardened
mobile devices, and much much stricter standards that are enforced, but it
seems an odd new world.

------
daveloyall
Why wouldn't the intruders change anything while they were there?

For example, filtering out some important emails, with a goal of hamstringing
the organization.

Also... The older I get, the more I realize that adults are just kids with
very fancy tree houses. _MY treehouse doesn 't have rats. Get your leaders
from here, not from there._

------
touristtam
Very little technical information. Still interesting article in its own right.

~~~
fizbin
Some more technical information is available on CrowdStrike's blog:
[http://www.crowdstrike.com/blog/bears-midst-intrusion-
democr...](http://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-
national-committee/)

------
odesian
“It’s the job of every foreign intelligence service to collect intelligence
against their adversaries,...” Hah. Translation: We've a firm foothold in
their systems as well.

~~~
knodi123
Yeah, but the problem with their systems is, it's all written in chinese. Our
systems store information in english, which is a much easier language to read.
So they have a natural advantage there...

~~~
gruez
And the us doesn't have native Chinese speakers?

~~~
knodi123
guess this wasn't the thread for deadpan humor.

~~~
Nadya
I didn't read any humor in it. It came off as something a stereotypical single
language speaker (typically English) would say.

Or in other words: 说话像一个男人谁不说第二语言

------
NN88
What does it look like when a Russian downloads these files? Is it PDFs? Text
files? What do they see?

