With the 2020 Presidential election right around the corner, both sides of the aisle are keeping close eye to potential cyber attacks targeting their party.
As you remember, in 2016, the Democratic National Committee was hacked and a collection of DNC emails were stolen by hackers operating under the pseudonym “Guccifer 2.0.”
The stolen emails were subsequently published in July of 2016 by WikiLeaks, just before the 2016 Democratic National Convention. The collection included 19,252 emails and 8,034 attachments from the DNC.
While carrying out the cyber attack, Guccifer 2.0 took careful precautions to remain anonymous, however one small mistake may have blown the whole cover.
“It’s really easy for a hacker to slip up even if they’ve perfected their tradecraft,” says David Kennedy, who formerly worked at the NSA and with the Marine Corps’ signal intelligence unit.
In the faceless world of cyber attacks, personas like Guccifer 2.0 or other hacking groups have a mystique that makes their crimes disconcerting, because basically you are being attacked by a phantom.
But at the end of the day, these hackers are regular people, who can screw up.
In the case of the 2016 DNC hacking, Guccifer 2.0 made a simple mistake. One time they failed to activate a VPN (virtual private network) before logging into a social media account.
This slip up eventually allowed U.S. investigators to link the persona to a Moscow IP address. In fact, U.S. authorities traced it directly to GRU headquarters and a specific Russian intelligence agent.
At the end of the day, cyber hacking blunders occur all the time, especially when dealing with amateur hackers.
On the other hand, many sophisticated hackers go to great lengths to conceal their identity, especially if they are working on behalf of another nation.
Here are a few ways that cyber hackers cover their tracks to avoid being caught.
Countries typically don’t sell. When nations such as China carry out a cyber attack, they don’t usually do so to make money by selling the information.
For example, with the Equifax hack, the personal data of nearly 150 million Americans was stolen. However, data stolen from the credit monitoring firm hasn’t appeared for sale on criminal forums.
In other words, for China, it’s more valuable to keep the information about Americans and use it to their advantage, rather than simply selling it off.
Rerouting internet traffic. While carrying out the Equifax attack, Chinese hackers routed their internet traffic through 34 servers in nearly 20 countries. In other words, there was not a straight line to China.
For the FBI, the rerouting was similar to a traditional manhunt, where investigators had to examine leads as they surfaced from around the world.
The massive amounts of internet traffic re-directs were like changing your identity, growing a beard and coloring your hair, at each different location.
False flag. A false flag cyberattack is when a hacker stages an attack in a way that attempts to fool their victims about who’s responsible.
For instance, during a cyber attack targeting the Winter Olympics in South Korea, the initial information from the attack revealed that China was most likely responsible based on the malware used.
However, it was later revealed that Russia was behind the attack after a Word file from the phishing emails used in the attack had strong similarities to documents that had been used to attack Ukrainian LGBT groups, an obvious Russian target.
The reality is, when it comes to cyber-attacks, the hackers will use multiple techniques to cover their tracks, which is why law enforcement must treat it like other crimes and go where the clues lead them.
And, why you and I always need to protect ourselves and use a VPN (virtual private network) when surfing the Internet.