Hackers shift tactics after 2016 US election: CrowdStrike

Undeterred by sanctions imposed on Russia by the US in response to cyber attacks, hackers are likely to leak altered information they steal, says CrowdStrike CTO Dmitri Alperovitch


CrowdStrike linked the attackers to Russian intelligence agencies, a finding echoed by the US government, which said the campaign was ordered by Russian President Vladimir Putin. Photo: iStockphoto
CrowdStrike linked the attackers to Russian intelligence agencies, a finding echoed by the US government, which said the campaign was ordered by Russian President Vladimir Putin. Photo: iStockphoto

Washington: It’s not just the Democratic Party learning lessons from cyber attacks linked to Russia during the 2016 US election: Hackers, too, are shifting their tactics, according to the co-founder of computer security company CrowdStrike Inc.

Undeterred by tighter sanctions imposed on Russia by the US in response to last year’s attacks, hackers are increasingly likely to leak altered information they steal from both individuals and companies, said Dmitri Alperovitch, who serves as CrowdStrike’s chief technology officer (CTO).

“I’m sure they’ve been taking notes about how they can try to extort individuals, companies and leverage the same trade craft that’s been used so successfully in the last year,” Alperovitch said in an interview Tuesday in San Francisco. “We will see leaks from companies, perhaps political entities, this year and we need to be very careful about believing everything that we see.”

ALSO READ: India is vulnerable to web-application attack: Akamai report

While high-profile cyber attacks against Sony Corp. and Target Corp. have drawn attention to the risks of hacking, computer experts say the US is still quite vulnerable to breaches. A report last month by the Center for Strategic and International Studies said “advanced attackers can still penetrate most American networks,” with the authors singling out critical infrastructure—including energy, telecommunications and finance—as most at risk.

The Democratic National Committee called CrowdStrike last year to respond to a cyber breach in its networks that led to disclosures of the committee’s e-mails and other internal data, resulting in then-DNC chairwoman Debbie Wasserman Schultz’s decision to step down.

CrowdStrike linked the attackers to Russian intelligence agencies, a finding echoed by the US government, which said the campaign was ordered by Russian President Vladimir Putin. Many Democrats blame Hillary Clinton’s defeat by Trump on the hacks and subsequent leaks, while Russia has denied the allegations.

Altering data could be as simple as dropping a phrase or changing a word in a sentence. Hackers could target not just highly sensitive personal information, but even e-mails whose content they could change and then release.

ALSO READ: Pentagon hires hackers to target sensitive internal systems

Alperovitch said his forecast for increased breaches and data alteration is based partly on intrusions CrowdStrike continues to monitor, many of which he blames on Russia-based hackers. The company has tracked a few recent intrusions on the public sector in which Russian hackers have attempted to break in and manipulate data.

“It shows that they’re thinking of this,” he said, adding that other nation-states and criminal groups could also employ this technique.

In one example, billionaire George Soros’s philanthropy, the Open Society Foundations, was the victim of a cyber breach and leak of documents which CrowdStrike also pinned on Russian hackers. In that case, Alperovitch said attackers were able to change a single line in the spreadsheet listing organizations funded by Soros’s group, adding Russian opposition leader Alexei Navalny to the roster.

The spillover of geopolitical tensions into the cyber sphere can also be seen in the Middle East. Saudi Arabia has experienced increased hacking attacks in recent months, including against the central bank, which is believed to have been the result of the computer-killing malware known as Shamoon. There has been a “reemergence” of Shamoon—linked to Iran—in Saudi Arabia as recently as two weeks ago, according to Alperovitch. CrowdStrike is working with some clients in Saudi Arabia, though it would not disclose more details. Bloomberg

More From Livemint