This is how enemies hack America — according to a cyber warrior

The media’s craze surrounding possible Russian interference with the US election through hacking isn’t going away anytime soon. Though the hype is primarily political, it’s important to separate fact from fantasy.

Tangibly, the overarching processes that corporations and nation-states use to gain advantage over a competitor or adversary are quite common. It’s important to evaluate how these attacks are used in the world today. The two main vectors used to attempt to exploit our election were Spear-Phishing and Spoofing.

Spear-Phishing

Spear-phishing targets select groups of people that share common traits. In the event of the Russian hack, the Russian General Staff Main Intelligence Directorate, or GRU, and affiliated non-governmental organizations (companies, organizations, or individuals loyal to Russia), sent phishing emails to members of local US governments, and the companies that developed the voting-registration systems.

USCG photo by Petty Officer 3rd Class Andrew Barresi

USCG photo by Petty Officer 3rd Class Andrew Barresi

Their intent was to establish a foothold on a victim’s computer, so as to perpetrate further exploitation. The end-result of that exploitation could allow manipulation and exfiltration of records, the establishment of a permanent connection to the computer, or to pivot to other internal systems.

Spoofing

Spoofing is an act in which one person or program successfully masquerades as another by falsifying data, thus gaining an illicit benefit. Most people understand spoofing in terms of email, whereby an attacker spoofs, or mimics, a legitimate email in order to solicit information, or deploy an exploit.

As it relates to the Russian situation, spoofing a computer’s internet protocol (IP) address, system name, and more, could have allowed a successful spear-phisher to bypass defenses and pivot to other internal systems. This kind of act is so trivial, some techniques are taught in basic hacking courses.

US Air National Guard photo illustration by Staff Sgt. Kayla Rorick.

US Air National Guard photo illustration by Staff Sgt. Kayla Rorick.

Ignore the Hype

What we know from reporting, as backed by unauthorized disclosures, is that defense mechanisms appear to have caught each of the spear-phishing and spoof attempts. Simply put, there is no information to suggest Russia had success.

For political reasons, politicians have worked hard to make this a major talking-point. However, these same politicos cannot speak in absolutes, because there simply wasn’t a successful breach—let alone one able to compromise the integrity of our national election.

One piece of information to note: these attacks are some of the most common seen in the cyber world. There is nothing revolutionary about these vectors, or how they are employed against government, commercial, and financial targets. This isn’t to suggest it is a moral or acceptable practice, rather the reality of life in the Information Age.

Army Reserve photo by Sgt. Stephanie Ramirez

Army Reserve photo by Sgt. Stephanie Ramirez

Hollywood Sucks

I would be remiss if I didn’t make a note about the way Hollywood (and media in general) portrays hacking in a way that is mystical and comical. The portrayals only serve to conflate an issue that is easily managed with thoughtful consideration and implementation of best-practices.

This is why we can’t have nice things.

(Kyle Buchanan | YouTube)

TOP ARTICLES
This is how John Kelly shut down speculation on President Trump's gold star family call

"If you're not in the family, if you've never worn the uniform, if you've never been in combat, you can't even imagine how to make that call," Kelly said.

Blumhouse and WATM team up to produce 'Searching for Bergdahl'

Blumhouse Television and WATM are teaming up to produce the documentary "Searching for Bergdahl," the untold story of the seven-year search for the missing soldier.

This is the real reason John McCain's Liberty Medal speech was so epic

When US media focused on a jab at President Trump, they missed the parting thoughts of a veteran and public servant of more than 60 years.

This little bot can take a lickin' and keep on tickin' for troops on assault

Weighing a little over five pounds, the FirstLook can handle being thrown into a hostile environment.

This is one of the deadliest kamikaze attacks caught on film

Japanese kamikaze pilots struck fear in the hearts of allied troops as they conducted choreographed nose-dives right into U.S. warships during WWII.

This is what it was like fighting alongside Afghan troops

In nearly every war in which America has taken part, troops have had to work alongside local forces who aren't always very motivated to fight.

This is how AC/DC helped save a POW in Mogadishu

The ending of "Black Hawk Down" was just slightly different than Ridley Scott showed. It was a moment former POW Mike Durant would never forget.

Russia is buying more of these 'Fullback' fighter jets — and they're pretty impressive

The Russian Ministry of Defense says it just got four more SU-34 bombers, and they're impressive AF. We have the details and video for you here.

More than 100 killed in Taliban attacks across Afghanistan

The Afghan Defense Ministry is reporting over 100 Afghan deaths in October. The Taliban killed Afghan police officers and soldiers, and civilians.

The US Navy just launched an effort to built this is the super-stealthy submarine

The USS South Dakota — a Block-III Virginia Class attack submarine — has officially been christened. We have the details and how it compares to its peers.