Yes, Donald Trump, you can catch hackers not in the act

Cybersecurity professionals respectfully disagree, President-elect Trump: You can catch hackers even when they're not in the act.

In tweets sent Monday morning discounting U.S. intelligence agencies' assertion that Russia was behind attempts to interfere with the U.S. presidential election, Trump said it was almost impossible to determine who was actually behind a hack unless they were caught in the act.

Donald J. Trump ✔ @realDonaldTrump
Can you imagine if the election results were the opposite and WE tried to play the Russia/CIA card. It would be called conspiracy theory!
8:17 AM - 12 Dec 2016
34,148 34,148 Retweets   106,407 106,407 likes

 Donald J. Trump ✔ @realDonaldTrump
Unless you catch "hackers" in the act, it is very hard to determine who was doing the hacking. Why wasn't this brought up before election?
8:21 AM - 12 Dec 2016
 15,590 15,590 Retweets   58,262 58,262 likes
That's not a view embraced by the thousands who have made their job ferreting out hackers.

"Cyber criminals always leave evidence behind and forensic cybersecurity capabilities have advanced to the point where we can identify and analyze hacks faster than ever before,” said Barak Klinghofer, co-founder and chief product officer at Hexadite, a Boston-based company that does cyber-threat incident response.

No less an authority that Kevin Mitnick, a hacker who spent five years in prison for computer-related crimes, tweeted that Trump was wrong and that hackers can be caught after the act.  "Take it from someone who knows this fact very well," said Mitnick, who now has his own consulting company, Mitnick Security.

Some criminals are, indeed, caught in the act. Security firm CrowdStrike, which was hired by the Democratic National Committee to investigate a hack attack in May, says it watched the hackers while they were in the system.  The company was, “able to watch everything that the adversaries were doing while we were working on a full remediation plan to remove them from the network," said the company’s chief technology officer Dmitri Alperovitch, CrowdStrike CTO.

One clue: Time off for Russian holidays

But hackers leave plenty of clues cyber security professionals can use to identify the perpetrators after the fact.  Knowing who’s behind an attack involves combining forensics, data and psychology, said Nick Rossmann, a senior production manager at FireEye iSIGHT Intelligence. FireEye is often brought in to do post-attack forensics in large breaches.

“Threat intelligence is an art form,” said Rossman.  Analysts look at what software the attackers are using, what platforms and what address they’re coming from.  “You look at what tools they’re using. Is it a certain kind of malware that requires skill to use? Was it custom-built to penetrate a specific network?” he said.  They also look at motivations, what information was stolen and who it might be useful to.  Finally, timing is often a clue. In an investigation of one hacking group, FireEye observed that all the activity took place during the work hours in St. Petersburg and Moscow, and the attackers also took Russian national holidays off.

Rossmann added that U.S. intelligence agencies are well-supplied with staffers who have the necessary knowledge and background to do these types of investigations.  “We hire people right from the government for a reason. They have the skills to do this,” Rossman said.

Trump disagrees with U.S. intelligence community

The CIA concluded in a secret assessment that Russia intervened in the 2016 election on behalf of Trump.  Trump's transition team responded, "these are the same people that said Saddam Hussein had weapons of mass destruction."

Senate Majority Leader Mitch McConnell said Monday that two Senate committees will investigate the CIA's allegations.  Republican leaders join outrage at Russia, will investigate hacks
President Obama on Friday ordered the nation's intelligence agencies to conduct a full review of attempts by foreign hackers to influence U.S. elections.

The entire U.S. intelligence community, which includes 16 different agencies, as well as at least three private computer security companies, have independently investigated security breaches associated with the U.S. presidential election, concluding that the Russian government was behind the hacks.  In a joint statement from the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security released on October 7, U.S. intelligence agencies said they were "confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations."

The specific instances outlined in the statement included:

  • Emails stolen from the Democratic National Committee.
  • Emails from that hack given to WikiLeaks.
  • Scanning and probing of state election-related systems.

On Sunday, Trump dismissed the link as "ridiculous," telling Fox News Sunday "I think it's just another excuse," adding "I don't believe it ... Every week it's another excuse."


Topics: Dmitri Alperovitch, cybersecurity expert, hackers, hackers can be caught, large breaches, Mitch McConnell, post-attack forensics, President Trump, Russian interference, security awareness training, U.S. presidential election, CIA allegations, CrowdStrike CTO, Barak Klinghofer, Kevin Mitnick, Nick Rossmann

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›

Understanding Post-Inoculation Cybersecurity Attack Vectors

If you’ve recently improved your cybersecurity posture, you should know that the work to protect your company’s data is not over.

Read more ›

Password Management Best Practices: How Secure Are Password Managers?

Password managers are convenient tools for storing, organizing, and accessing passwords. But are they safe from cyber attacks?

Read more ›