Yes, Donald Trump, you can catch hackers not in the act – USA TODAY
Donald Trump appeared on Fox News Sunday to discuss the CIA claims of Russian hacking, his call with Taiwan and his stance on daily intelligence briefings.
SAN FRANCISCOÂ â Cybersecurity professionals respectfully disagree, President-elect Trump:Â You can catch hackers even when they’re not in the act.
In tweets sent Monday morning discounting U.S. intelligence agencies’ assertion that Russia was behind attempts to interfere with the U.S. presidential election, Trump said it was almost impossible to determine who was actually behind a hack unless they were caught in the act.
That’s not a view embraced by the thousands who have made their job ferreting out hackers.
â”Cyber criminals always leave evidence behind and forensic cybersecurity capabilities have advanced to the point where we can identify and analyze hacks faster than ever before,â said BarakÂ Klinghofer, co-founder and chief product officer with Hexadite, a Boston-based company that does cyber threat incident response.
No less an authority that Kevin Mitnick,Â a hacker who spent five years in prison for computer-related crimes, tweeted that Trump was wrong and that hackers can be caughtÂ after the act.
“Take it from someone who knows this fact very well,” said Mitnick, who now has his own consulting company, Mitnick Security.
Some criminals are, indeed, caught in the act. Security firm CrowdStrike, which was hired by the Democratic National Committee to investigate a hack attack in May, says it watched the hackers while they were in the system.
The company was, âable to watch everything that the adversaries were doing while we were working on a full remediation plan to remove them from the network,” said the companyâs chief technology officerÂ Dmitri Alperovitch, CrowdStrike CTO.
When the company analyzed the methodology and affiliation with known adversary tradecraft,Â it was able to assert with a high degree of confidence the adversaries were affiliated with Russian intelligence agencies.
One clue: time off for Russian holidays
Knowing whoâs behind an attack involves combining forensics, data and psychology, said Nick Rossmann, a senior production manager at FireEye iSIGHT Intelligence. FireEye is often brought in to do post-attack forensics in large breaches.
âThreat intelligence is an art form,â said Rossman.
Analysts look at what software the attackers are using, what platforms and what address theyâre coming from.
âYou look at what tools theyâre using. Is it a certain kind of malware that requires skill to use? Was it custom-built to penetrate a specific network?â he said.
They also look at motivations, what information was stolen and who it might be useful to.
Finally, timing is often a clue. In an investigation of one hacking group, FireEye observed that all the activity took place during the work hours in St. Petersburg and Moscow, and the attackers also took Russian national holidays off.
Rossmann added that U.S. intelligence agencies are well-supplied with staffers who have the necessaryÂ knowledge and background to do these types of investigations.
âWe hire people right from the government for a reason.Â They have the skills to do this,â Rossman said.
Trump disagrees with U.S. intelligence community
The CIA concluded in a secret assessment that Russia intervened in the 2016 election on behalf of Trump.
Trump’s transition team respondedÂ t, “these are the same people that said Saddam Hussein had weapons of mass destruction.”
Senate Majority Leader Mitch McConnell saidÂ Monday that two Senate committees will investigate CIA allegations.
President Obama on FridayÂ orderedÂ the nation’s intelligence agencies to conduct a full review of attempts by foreign hackers to influence U.S. elections.
The entire U.S. intelligence community, which includes 16 different agencies, as well asÂ at least three private computer security companies,Â have independently investigatedÂ security breaches associated with the U.S. presidential election, concluding that the Russian government was behind the hacks.
In a joint statement from the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security released on October 7, U.S. intelligence agencies said they were “confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.”
The specific instances outlined in the statement included:
âº Emails stolen from the Democratic National Committee.
âº Emails from that hack given to WikiLeaks.
âº Scanning and probing of state election-related systems.
On Sunday, Trump dismissedÂ the link asÂ “ridiculous,” telling Fox News Sunday “I think it’s just another excuse,” addingÂ “I don’t believe it … Every week it’s another excuse.”