Go to the profile of Andy Green
Andy Green
Privacy and data security blogger for Varonis Systems. Fighting the future one day at a time.

Watergate 2.0: Where have you gone Frank Wills?

Watergate: Quaint target for bumbling analog hackers (Andrew Bossi)

After the recent political hackings, I’ve been thinking about how a digital version of Watergate might come to pass for millenials. We’ve already seen enough precursors to sketch out a likely scenario. Maybe something like the following.

Our future candidate starts out in college relying on the cyber skills of his frat friends to pull off a few digital pranks while running for student counsel. Really harmless stuff, like a video of his opponent showing her picking her nose in class appearing mysteriously on Youtube. And then, on election day, somehow the online voting app would occasionally leave out his opponent’s name as an option. Lolz!

Our future trickster candidate brings his college crew with him as he runs for ever higher offices. But now the pranks get more deadly, say, a DDoS on his opponent’s site or a ransomware hack that encrypts the donor database.

Finally, the big day comes, and our political personality is now President of the United State. And this paranoid POTUS with his gang of ratf#@!ers as advisers realizes that the US government has its own group of super-hackers that work for a very well-funded agency.

Soon Nixon 2.0 is committing virtual Watergate attacks on a massive scale against the opposition party, nosy journalists, and any occupy group that offends them. Eventually every reference to Eastasia being an ally of Oceania is removed, and Google now reports back search results that “Oceania was always at war with Eastasia” …

It’s Already Started

I’m well aware of the long pre-digital history of political dirty trick — ever since the first ballot box was stuffed with more than votes than people living in the county.

However, the hacking activity that’s been showing up in the political world is very frightening — though not at Orwellian levels (yet).

As is always the case when silicon is involved, computers can perform mindless tasks, like for example political dirty tricks, better than clumsy humans. Disruption, disinformation, and monitoring scale better in the virtual world.

Even more depressing is that the skill set for doing this kind of work can be hired or learned by the right kind of digital cyber-politico operatives.

To refresh our memories: over the summer, the Democratic National Committee (DNC) was hacked by groups likely connected with Russian intelligence. The techniques used — spear phishing, remote access trojans, implants, C2 servers — are familiar tools of the trade for hackers extracting credit numbers or other useful personal data.

In this case, the hackers instead went after emails, which were then published on the Web for maximum public exposure and to inflict maximum damage.

Of course, we’ve seen a similar type of doxing in the Sony incident.

Just as we were getting over the DNC attack, along comes another politically motivated revenge attack. In this incident, a domestic conservative online publication obtained emails hacked from Hillary Clinton’s campaign computers: they published an audio email attachment of Clinton addressing a fundraising gathering.

Email: Bring on the Embarrassing

These recent attacks highlight something that security pros in the corporate sector have known — emails are a one stop-shop for sensitive information of a personal nature.

And that makes lots of sense.

As a blogger for a tech security company and one who’s been closely following corporate breaches, the treasure is in the personally identifiable information (PII) in documents and presentations scattered throughout a file system. To hunt this down requires advanced skills in navigating around the system and searching for the monetizable data.

But for those seeking a quick score, the easiest route is email servers and personal email accounts. In effect, the hackers have a digital window into unguarded conversations, which in the analog era would have required a physical intervention and messy wire clips.

Remember the data source of the most news-worthy (and occasionally hilarious) content in the Sony breach?

They were the emails between executives, and executives and stars in which erratic behaviors, incredible salaries, and juicy gossip were discussed.

Political operatives have also long known the good stuff is in phone conversations, letters, and other communications.

By the way, it was thought that one of the motivations of the Watergate burglars was to replace a defective wire tap that had been previously placed on one of the phones in the DNC’s office.

There’s nothing new in obtaining political muck to throw at your opponents by listening in on conversations.

Frank Wills: Early Proponent of Monitoring as a Defense

As some politicians like to say, don’t waste a crisis.

It should be apparent by now that US organizations have serious gaps in learning when they’ve been breached, discovering what’s been exposed, and then sharing information about the cyber incident.

I’ve been long obsessed with why so many countries except the US have national data security regulations, with minimally a breach notification requirement.

Something like the Personal Data Notification & Protection Act (or similar legislation that’s been floating around Congress for years) would go a long way toward improving baseline standards. And preventing or limiting the next OPM, Target, or political HQ breach

With these attacks against politicians, will our lawmakers finally be nudged by, well, self-interest to put such a law into place?

I’m not sure. But it has been noted that when a certain jurist’s privacy was violated back in the video store-age, a new privacy law went into effect pretty darn quickly.

While we’re waiting for such a law, we can take a cue from Frank Wills, the security guard who spotted the Watergate burglar-hackers.

No doubt the Watergate complex could have installed better perimeter defenses — improved locks, windows, etc. — but they at least had a fallback defense with their on-the-ground security team.

Wills employed an analog form of what IT security folks know as event monitoring software. Maybe monitoring as a secondary defense won’t appeal to the build-higher-walls guys — routers, firewalls, segments — but it does the job.

Wills was just simply observing and seeing if anything out of the ordinary was happening. In other words, if you can’t prevent the thieves from getting it, at least spot and stop them before they get the goodies.

This is exactly what sharp-eyed Wills did: he noticed duct tape placed on one of the door locks. Suspecting a burglary, he notified the DC police who upon arrival discovered five men inside the offices of the DNC.

And the rest as they say is history.