Cybersecurity in the United States: The Takeaway
Implications for US CyberSecurity
As pointed out by the president of CrowdStrike, Shawn Henry, it would be difficult, if not impossible, to eliminate attacks such as these. Most likely, the groups that coordinated these attacks had the backing and resources of a "skilled and determined state."
Hillary Clinton, the Democratic candidate for President, says that, "Whether it's Russia, or China, Iran, or North Korea, more and more countries are using hacking to steal our information and use it to their advantage."
Spearfishing and Its Dangers
Nonetheless, perhaps human error rather than technological weaknesses ultimately allowed the attacks to happen, at least this time. Dmitri Alperovitch, CrowdStrike's CEO, said that the cybersecurity firm believes that a tactic known as "spearphishing" may have been in use to breach the systems. These attacks require users to click on what appear to be legitimate communications from reputable users, but instead install malicious software.
These attacks weren't the first, or even the first initiated by these two groups, nor will they be the last. The most important takeaway from this for the U.S. is the understanding that cyberespionage is here to stay. Alperovitch describes the growth of cyberspying as "a thousand-fold increase." Undoubtedly, the resources that the country devotes to protecting its information and its citizens from espionage will be increasing as well.
The Rise of Professional Hackers
However, elite teams of hackers are not the only ones that pose a threat. A group of hackers known as "Crackas with Attitude" was responsible for hacking into the emails of CIA Chief John Brennan and the Director of National Intelligence, James Clapper. Two members of this group were Americans: Andrew Otto Boggs (22) and Justin Gray Liverman (24), both of North Carolina. The remainder of the group consisted of teenagers living in Britain.
They used the information to "dox" (or make public the private information of) law enforcement officers. Once again, the belief is that social engineering played a more prominent role in the breach than mere technological prowess. The hackers called ISPs, posing as employees, to obtain the personal information of their targets, and then used that information to deduce their passwords.