November 18th, 2008
What really happened to the candidates' computers?
Now that two weeks have passed since the end of the presidential campaigns, it is worthwhile to take a look at what I think should have one of the biggest cybercrime stories of the year. As Ryan blogged the day after the election, both the McCain and the Obama campaigns’ systems were compromised by an external party, and this compromise lead to a massive data exfiltration. If these reports turn out to be true, the attack is a huge coup for the attacking party.
Shortly after the election, Newsweek reported that both the Obama and the McCain campaigns’ systems were heavily infiltrated by a “foreign entity”. While details are still sparse, it appears that the style of attack is incredibly similar to those provided in BusinessWeek that were waged against systems of government contractors. The attacks described all began with an e-mail containing a malicious attachment, where the body of the e-mail contains an exceptionally well crafted pitch. For example, the e-mail may appear to come from an old coworker asking about a project for which you used to be responsible. The response rate on an unsolicited e-mail is high enough that the attacker is pretty much guaranteed to gain a foothold on the network. After that, all bets are off.
Let’s suppose for a second that a foreign government was responsible for the break-in. Having access to all the documents from the computer system of future American policy writers provides a huge advantage in any future diplomatic situation. Negotiators for foreign governments can assign a relative value to every issue that is encountered at the bargaining table before negotiations even begin. Long-lead military expenditures can be optimized based upon expected points of conflict. Even non-government agencies can benefit. Public relations can be crafted with uncanny precision, and market-neutral investment strategies can be created that favor the incoming administration’s pet projects.
Given that BusinessWeek was able to provide a deep level of investigation into the previous attack, I expect that this compromise will be thoroughly reported as well. We will have to wait until then before we will know what the final cost of this break in is to our government.
Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
