7/26/16, "Democrats Ignored Cybersecurity Warnings Before Theft," Bloomberg, Michael Riley
"The Democratic National Committee was warned last fall that its
computer network was susceptible to attacks but didn’t follow the
security advice it was given, according to three people familiar with
The missed opportunity is another blow to party
officials already embarrassed by the theft and public disclosure of
e-mails that have disrupted their presidential nominating convention in
Philadelphia and led their chairwoman to resign.
consultants hired by the DNC made dozens of recommendations after a
two-month review, the people said. Following the advice, which would
typically include having specialists hunt for intruders on the network,
might have alerted party officials that hackers had been lurking in
their network for weeks -- hackers who would stay for nearly a year.
Instead, officials didn’t discover the breach until April. The theft ultimately led to the release of almost 20,000 internal e-mails through WikiLeaks last week on the eve of the convention.
The e-mails have devastated party leaders. Representative Debbie
Wasserman Schultz, the DNC chairwoman, has agreed to resign at the end
of this week’s convention. She was booed off the stage on opening day
after the leaked e-mails showed that party officials tried to undermine
the presidential campaign of Senator Bernie Sanders in favor of Hillary
Clinton, who was formally nominated on Tuesday evening. Party officials
are supposed to remain neutral on presidential nominations.
Federal Bureau of Investigation is examining the attack, which law
enforcement officials and private security experts say may be linked to
the Russian government. President Barack Obama suggested on Tuesday that
Russia might be trying to interfere with the presidential race. Russian
officials deny any involvement in the hacking and say they’re not trying to influence the election.
Donald Trump, the Republican presidential nominee, said
Wednesday that he didn’t think Russia was behind the attack. But he
also said he hoped the Russians would get their hands on e-mails that
Clinton exchanged using a private server while she was secretary of
state, to expose any e-mails she might have deleted.
The consultants briefed senior DNC leaders on the security problems
they found, the people familiar with the matter said. It’s unclear
whether Wasserman Schultz was present. Now, she is likely to face
criticism over not only the content of the e-mails -- including one in
which a party official proposes pushing stories in the news media
questioning Sanders’s Jewish faith -- but also the failure to take steps
to stop the theft in the first place.
“Shame on them. It looks
like they just did the review to check a box but didn’t do anything with
it,” said Ann Barron-DiCamillo, who was director of US-Cert, the
primary agency protecting U.S. government networks, until last February.
“If they had acted last fall, instead of those thousands of e-mails
exposed it might have been much less.”
The assessment by Good
Harbor Security Risk Management, headed by the former Clinton and Bush
administration official Richard Clarke, occurred over two months
beginning in September 2015, the people said. It included interviews
with key staff members and a detailed review of the security measures in
place on the organization’s network, they said.
review found problems ranging from an out-of-date firewall to a lack of advanced malware detection technology on individual computers,
according to two of the people familiar with the matter.
recommended taking special precautions to protect any financial
information related to donors and internal communications including
e-mails, these people said.
The DNC paid $60,000 for the assessment, according to federal filings.
Paustenbach, a spokesman for the DNC, declined to comment on the Good
Harbor report. Emilian Papadopoulos, president of Washington-based Good
Harbor, said he couldn’t comment on work done for a specific client.
security review commissioned by the DNC was perhaps the most detailed
of a series of missed warnings. Officials at both the Republican
National Committee and the DNC received government briefings on
espionage and hacking threats beginning last year, and then received a
more specific briefing this spring, according to another person familiar
with the matter.
Cyber-security assessments can be a mixed
blessing. Legal experts say some general counsels advise organizations
against doing such assessments if they don’t have the ability to quickly
fix any problems the auditors find, because customers and shareholders
could have cause to sue if an organization knowingly disregards such
Papadopoulos said a risk analysis by his firm is
designed to “help an organization’s senior leadership answer the
questions, ‘What are our unique and most significant cyber security
risks, how are we doing managing them, and what should we improve?’”
firm typically recommends that clients conduct a so-called breach
assessment to determine whether hackers are already lurking in the
network, Papadopoulos said. He wouldn’t confirm whether such a
recommendation was among those delivered to the DNC.
recommendations on governance, policies, technologies and crisis
management,” he said. “For organizations that have not had a compromise
assessment done, that is one of the things we often recommend.”
isn’t certain a breach assessment would have spotted the hackers,
according to Barron-DiCamillo, but it would have increased the chances.
“"Why spend the money to have Good Harbor come in and do the
recommendations and then not act on them?,” she asked."
Added: NASA's most secure files were hacked at least 13 times in 2011 alone. NASA computers weren't encrypted.
Saturday, December 17, 2016
DNC ignored professional cybersecurity warnings it was given before emails leaked, such as it had out-of-date firewalls. Knowingly disregarding warnings can cause lawsuits. DNC was already greatly embarrassed and needed to divert attention from its negligence-Bloomberg, Riley, July 26, 2016. (Desperately needing to blame someone for "hacking into" its system, the DNC chose the Russians)
Posted by susan at 2:19 AM