October 24, 2016 • 20 mins
Donald Trump insists that we don't know who was behind the cyber attack on the Democratic National Committee. Is he right? Bloomberg Technology's Jordan Robertson talks to Mike Buratowski, who oversaw the investigation into malicious code that spied on emails sent by DNC officials and others. After examining the hints left behind, they tackle the big issue: If hackers backed by Russia really were the perpetrators, what more could they do to mess with Americans' votes and U.S. democracy?
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
On Friday, October seven, the U S Department of Homeland
Security and the Office of the Director of National Intelligence
released a statement, and it was a pretty stunning announcement.
Barely two and a half months after a cyber attack
was revealed on the Democratic National Committee, the Obama administration
laid the blame at the feet of Russia's President Vladimir
Putin with a strongly the US government publicly blaming a
(00:23):
foreign country for attacking a U S entity, that's an
incredibly rare thing. I was surprised when I saw the
statement come out, even though it's something that the private
cybersecurity experts have been talking about for a while. Uh,
the government formally blaming a foreign entities only happened a
handful of times, and specifically here, the US was accusing
Russia of hacking the Democratic Party right as voters prepared
(00:45):
to go to the polls on November eight. It's a
scary prospect. Could hackers tamper with or even obliterate our votes.
So here's my question. We are so close now to
election day, and you can tell because that's really all
you see on TV right now. So how do we
know for sure what we think we know about these hacks.
This is a perpetual problem in cybersecurity, and it reminds
(01:07):
me of the famous New Yorker cartoon that goes on
the internet. Nobody knows you're a dog, But when you're
investigating a cybersecurity breach, uh, nobody knows whether you're a
Russian hacker or a Chinese hacker pretending to be a
Russian hacker, or even a US hacker pretending to be
a Chinese hacker pretending to be a Russian hacker, or,
as Donald Trump put it so delicately, I don't think
(01:30):
anybody knows it was Russia that broke into the d
n C. She's saying Russia, Russia, Russia, but I don't
Maybe it was. I mean, it could be Russia, but
it could also be China, could also be lots of
other people. It also could be somebody sitting on the
bed that weighs four hundred pounds. Okay, And how is
the US or anyone else, for that matter, so certain
that the Russians are trying to hijack our elections? What
(01:52):
should an ordinary voter do? And should we even care? Hi,
am Akito, and I'm George Robertson and this week on Decrypted,
we're going to take you inside the hunt for the
people who have the Democratic National Committee. It's a sort
(02:15):
of tale of how two of the world's great superpowers
have found themselves locked in an escalating information war just
weeks before millions of Americans go to the polls, and
the stakes they really couldn't be any higher. Not only
is this the most divisive election we've seen in recent memory,
with Hillary Clinton and Donald Trump advocating for completely different
visions of America, but also hanging in the balance is
(02:38):
the democratic process itself. What happens to a country's sovereignty
in the age of the Internet. Our story today starts
in April when the i T staff at the Democratic
National Committee noticed something a little weird going on in
their network. For our non American listeners, this is the
official organization behind the Democratic Party, the d n SEE,
(03:00):
and the i T staff there. They escalated their concerns,
their executives and a cyber security firm called CrowdStrike what's
called in to investigate so CrowdStrike is one of a
small group of digital forensics firms that really all they
do is investigate data breaches, and they went in they
(03:21):
installed software in the DNC servers, essentially allowing them to
spy on the spies, and it didn't take them long
to pin the attacks on true groups of hackers associated
with the Russian government. They called these groups Cozy Bear
and Fancy Bear. Cozy Bear and Fancy Bear. Is this
some kind of industry inside joke. Yeah, The cybersecurity industry
(03:41):
has a lot of kind of goofy, funny names for groups.
Their thematic often associated with a region. Uh. Some others
are called deep Panda and things like that. I love that.
Then CrowdStrike closed all the security holes that had allowed
the attackers to breach the DNC servers, and so the
hackers wouldn't be able to read the stay ask emails anymore. Now,
normally you don't really disclose this kind of thing unless
(04:05):
you absolutely have to. It's certainly embarrassing for the d
n C, especially when, as we learned later, they were
warned about their networks vulnerabilities and ended up ignoring those
early warnings. But the d n C may have had
a hint that some of this information was about to
be leaked on the internet, so they dropped this bomb show.
But first, the Democratic National Committee said today, Russian government
(04:27):
hackers have penetrated its computer network. Breaches by two separate
groups allowed hackers to access emails, internal chats, and opposition research.
Democrats have compiled unpresumptive Republican nominee Donald Trump. That's PPS
News Hour reporting the hack. On June fourteenth, the day
this all became public, and it hit the US political
(04:50):
system like a bolt of lightning. People were furious, how
dare Russia try to mess with America that type of thing?
And then one day after the DNC announcement, someone or
a group of people who go by the name goose
offer Too Datto came out in a blog post and
basically laughed in the DNC's face. This person was like, no,
(05:10):
you idiots, I am the lone hacker that infiltrated the
DNC and this had nothing to do with the Russians.
And goosefer Too Datto released a bunch of documents that
he claimed he had stolen from the d n C
as evidence that he was behind it, and from there
it was chaos. Was it the Russians with some lunar
kid who had too much time on his hands? And
(05:31):
that's when crowd Strait called in this guy for help.
My name is Mike Bartowski. I'm the senior vice president
of cybersecurity services at Fidela Cybersecurity here in Maryland. I
lead a incident response team of about thirty individuals and
we've handled some of the largest breaches that have have
(05:53):
occurred over the past decade or so. So I've known
Mike for several years now, and he's a really interesting guy.
Used to be a cop with the Montgomery County Police
Department in Maryland, and he looks like at X cop.
He's got the short cropped haircut, solidly built guy at
very friendly and uh, you know, very genial. Even before
his time in the private sector, he had this long
(06:14):
experience of tracking down criminals. Mike's now an incident responder
in cybersecurity speak, that means he flies out at the
drop of a hat to companies that believe they've been
breached and he helps investigate and fix their networks. So,
like the computer nerd version of c s I or
Law and Order right and Mike and Fidelis, his job
was to independently verify the group of people who attack
(06:36):
the DNC, and this cybersecurity version of the who done it? Investigation.
It's called attribution in the industry, and CrowdStrike had asked
Fidelis and to other firms to check their work. So
so we had, um, you know, we got five pieces
of now where we had a team of four reverse engineers.
That's all they do is reverse engineering, so we had
(06:56):
them bang on it. Jordan, I think we should have
slain the store listeners. Sure, So crowd Strike sent Mike's
team five files of the computer code that was on
the DNC servers and was responsible for stealing information from
the emails. And the job of Fidelis and these two
other firms was to look at this code in what's
called a virtual environment, like a parallel universe. Right, it's
(07:20):
a simulated computer system where the code can't do any
damage on the real servers. Hackers used all kinds of
tricks to prevent their malware from even opening in that
kind of hall of mirrors. So a key job of
an investigator is decoding all of those techniques to see
how the attack code actually behaves. Okay, and then Mike's
team they compared that behavior. Two documented code in the
(07:44):
past that was linked to the two hacker groups associated
with the Russian government and crowd Strait called these two
groups Cozy Bear and Fancy Bear, and the clues surface immediately.
You know, really there were a couple of things that
that we looked at, So you look at the complexity
of of what the malware was able to do. The
fact that it had the ability to m basically terminate
(08:08):
itself and wipe its its tracks, hide its tracks. You know,
that's not stuff you see in commoditized malware. Really, it
kills itself. It kills itself. Yeah, and actually one of
the functions within the one of the pieces of malware
UM had had a terminology for essentially Harry Carey UM
to kill itself. So this automatic suicide switch, this is
(08:30):
something that's incredibly sophisticated, right, I mean, this is one
of the reasons that Fidelist and CrowdStrike and the other
forensics researchers were so taken aback by this malware. You know,
there's a there's a black market for pre built malware
on the Internet that even somebody like me can piece together,
so like malware can be like legos. But this feature
(08:52):
of killing yourself to avoid getting detected, that's really complicated stuff.
And that's when Mike's team knew they were dealing with
real pros here. You know, there aren't ton of people
around the world who have this level of sophistication. And
there were a bunch of other things that packed up
this conclusion to the level of access that the malware
gave the malicious user, UM was pretty astonishing. Uh. It
(09:15):
was also written very very um well, I think I
guess elegant is probably a good way to to say it.
It was not sloppy by any stretch of the imagination. UM.
And again, so you start looking at, Okay, who would
have had the capability to do that? And you know,
we we talked earlier how you know, Yeah, you can
have somebody on the inside do something, but they may
(09:35):
not be the best at it. So you have, uh,
you've got to have people who are a lot of
experience doing it or a lot of training to do it.
And um, it was. It was a very complex piece
of malware that the average person probably couldn't use. Uh.
It's also not something that we've seen out in the
wild necessarily, it's very targeted pieces of malware, very limited
(09:59):
and can't buy it on the black market. You can't
buy these components not that. No, not that we've come across. Okay, okay,
so so far we know that this attack was orchestrated
by someone really really good, someone really really experienced, and
that immediately limited the pool of people who could be
(10:19):
responsible for this. It really limited the pool of people
to someone with the kind of resources with backing from
an entire government. And on top of that, there were
a bunch of things that pointed to the code being
written in Russia. Yeah, some of these details are really interesting.
So one of the most fascinating for me is, you know,
from the way the code was written, it was clear
(10:40):
that it was written on a Russian language keyboard, and
the dates and times that the code was compiled was
during normal business hours in Russia, and that's consistent with
the code that's already been traced back to the Russian
government backed hackers in the past. And that's not something
that you can easily fake, right, like change the time
stamps or something. Yeah, that was my question too, but
(11:01):
Mike said, there's so many different things that you'd have
to consistently change to successfully pull off that spoof. You're
dealing with a situation that if it was a one off,
easier to change, you know, same same thing with you know,
you can change the day in time on your computer. Absolutely,
you could do that, and it would potentially throw an
investigator off consistently across five pieces of hour, okay, you know,
(11:21):
probably a little more difficult across x number of pieces
of malware across how many incidents and to all have
them point to the same place. And that's why Mike
doesn't buy Trump's theory of this four pound man sitting
on the bed orchestrating this incredibly sophisticated attack, and why
he doesn't buy Gooseifer two Dato's claim that he was
a lone hacker. Okay, is it a script, kiddiers, it's
(11:44):
somebody who bought a piece of malware? Or is it
you know, somebody drinking mountain doing, eating twinkies and mom's basement. No,
it really needs a level of operational discipline that you
don't see really in the wild. And you're right, the
number of people who could pull it off it becomes
dramatically narrower. So Icky, are you convinced? I mean I
(12:09):
think so. I don't know. I keep on expecting a twist,
like you're you're tricking me, Like in law and order
when the guy who seems really suspicious turns out to
be innocent in the end. Yeah, I like that. Well,
here's maybe the most important part. Then you need to
look at the target, the victim of this hack, which
was the d n C, and it later turned out
a broad cross section of the U. S political system,
(12:30):
everyone from lobbyists to lawyers to Hillary Clinton's campaign. And
going back to Mike's background of working in law enforcement,
you have to ask who would have had the motive
to pour this kind of effort into spying on key
members of American politics. Sure, an opportunistic hacker, you know,
(12:50):
putting a feather in their caps, saying, hey, we you know,
we broke into the d n C. Okay, yeah, I
mean that that could potentially happen. Um. But then releasing
the emails the evening before the convention started, Well then again,
now you now you're looking at it, Okay, Well, you
know that really smacks like an information operation. And here
(13:13):
I think we should remind our listeners of the chronology
of the events that took place just a few weeks
after the d n C announced the hack in mid June.
I mean, this was a time when the Republican Party
was still in complete disarray, but things were looking pretty
good for the Democrats. This was a time when Hillary
Clinton UM was trying to solidify her support and you
(13:35):
have this forest fire raging on the internet about this issue.
You have Wiki leaks and Goosea for Toutato publishing a
stream of emails that turned out to be really embarrassing
for the d n C. At you know what couldn't
have been a worse time for them, Yeah, like that
one from when Bernie Sanders was still in the primary
race with Hillary Clinton and a senior staff were at
(13:55):
the DNC talked about how they should try to paint
Sanders as an atheists, try to question his Jewish faith
and the party itself is supposed to be neutral. And
that led to a lot of turmoil within the party.
I mean the Democratic Convention that took place at the
end of July that was kind of a mess, at
least at the beginning. All these Bernie supporters were protesting
(14:16):
and booing down speakers on stage, and ultimately d n
C Chairwoman Debbie Wasserman Schultz, who was a rising young
star in the party, she resigned. And bringing this back
to our story, today. Like you said, Jordan's this really
does point to motive. I mean, who would really want
to introduce this kind of turmoil to the democratic process
(14:36):
itself in America, which is, you know, really the sacristanic thing.
Who would want to do this thing that would make
you question the fairness of the system that we've developed
over the years. Yeah, this project has been interesting to
me because I consider myself, you know, a pretty serious
skeptic on a lot of these claims. It's it's just
way too easy for a hacked entity to throw out, oh,
the Russians did this, and the Chinese did that or whatever. Yeah,
(14:59):
kind of like is get at a jail free card
when your company has been hacked? Right, these really sophisticated,
organized hackers backed by a whole government. If if someone
like that tries to target you, what could you have
possibly done. It's like when we reported about Yahoo's breach,
which was this massive, you know, more than five million
customer accounts getting hacked, we reported that the company's claim
(15:22):
of the attack being state sponsored, you know, isn't so
iron clad. But this one with the d n C.
After talking to Mike, after talking to all these other experts,
Jordan Are you convinced. Yeah, I'm pretty convinced. I mean,
it takes a lot to clear that hurdle of you've
got this piece of malware and this is evidence that
the Russians did it. Uh, you know, but Mike will
(15:44):
be the first to tell you this. Well, it's it's
always risky. I mean, you know, when you're when you're
you're doing attribution, you're really never saying a hundred percent
that it's this person, because, you know, barring seeing somebody
at the keyboard and actually doing it or a confession,
you're you're relying on that circumstantial evidence. This all comes
(16:07):
down to Mike's days as a cop. Can you prove
to a jury beyond a reasonable doubt that the Russians
did this? And his answer was yes. And now the
US government has come out and officially blame the Russian government.
And there are lots of reasons potentially for that happening.
There are ways that the government can really know what's
(16:28):
going on intercepted phone calls, intercepted emails, human and signals
intelligence sources in a way that no private cybersecurity could
ever match. Sounds a little sinister, Well, we don't know
for sure. But here's what Rob Owens, who was an
industry analyst at Pacific Press Securities, told me. Nation States
do hack. I think the US government hacks as well.
(16:49):
A well known fact within the industry that, uh, everybody's
hacking everybody to some degree. So maybe the US government
was buying on Russia while Russia was buying on the
d n C. Well, we know that both countries fired
each other all the time, but in this case, we
don't know exactly what the evidence is. But it's fair
(17:10):
to assume that that's the case. And that's why at
the top of the show today you called it an
information war like the Cold War of our generation exactly.
So if we've managed to keep our listeners till now
through this complicated journey inside the d n C hack,
first of all, thanks for sticking with us. And second
of all, I think the burning question everyone has now
(17:33):
is what's next. So far, it's been about introducing turmoil
into the democratic process. And you know, I'm not a
US citizen, but my girlfriend is, and I don't think
I know anyone who's more excited about voting in November
as she is. Could these Russian hackers, could they tamper
with her vote. That's one really really important point here.
(17:54):
In reality, it's very hard to hack actual votes. That
that's why information warfare like we are potentially seeing here
is so much easier to do. To do any real
damage to the votes, you'd have to actually hack the
vote tabulators, and these are computers that sit inside county
and state offices counting votes, and those are never supposed
(18:15):
to be connected to the Internet. Does that mean you
can't hack them ever? Of course not. It would just
be a huge undertaking. So I wouldn't worry too much
about the hacker stealing your vote. It could happen, it's
just not the most likely attack. So what should we
be worried about, Well, the biggest threat is actually that
the hackers could try to mess with your voter registration records,
(18:35):
not your actual vote. If you wanted to actually tamper
with the election results, you drop people from the voter
rolls and make it harder for them to vote, you know,
you change their polling locations to someplace far away, those
kinds of things. But I wonder, you know, are the
Russians what they want to do? Is it really tampering
with these results or is it more about traditional espionage.
(18:57):
Is it more about influencing the public perception of these
really important people in our democracy. My sense is that
if the goal here was to inject kind of chaos
into the into the system and to undermine confidence in
the democratic system. Uh, you know, then that's a really
powerful weapon. And it's been wielded pretty effectively here. And
(19:20):
in the meantime, Wiki leaks is saying that it still
has more emails at paint Hillary Clinton in a pretty
bad light. And I think we're all on edge here
waiting for that bombshell to drop. Yeah, we hear all
kinds of things about you know, it won't be an
October surprise. It will be a November surprise. There will
be more emails, and you know, with with hacked communications,
you almost never know what you're gonna get. All right, Well, Mike,
(19:45):
anything else you wanted to say about the the industry
or specifically, you know, what we what what voters should
expect going into November. Um, I would expect it will
be a wild rug. Yeah, that's what I was going
to say. Put your seat belt on, because you never
know what's gonna what's gonna turn up. You know, hopefully
it'll beyond eventful, but uh, it wouldn't surprise me if
it wasn't. Well, that's it for this week's episode of Decrypted.
(20:10):
Thanks for listening, and if you have an iPhone, be
sure to subscribe to the show on iTunes or any
of your favorite podcast apps out there. And while you're there,
please take a moment to rate and review our show.
These ratings and reviews really help get our show in
front of more listeners and let us know what you
thought of today's show. I'm on Twitter at Aki seven
and I met at Jordan's Are one thousand and Our
(20:31):
technology team here at Bloomberg is on Twitter at Technology.
This episode was produced by Pierre Getkari Magnus Hendrickson, and
Liz Smith, with help from Emily A view So. Alec
McCabe is head of Bloomberg Podcasts. We'll see you next week.
On Friday, October seven, the U S Department of Homeland
Security and the Office of the Director of National Intelligence
released a statement, and it was a pretty stunning announcement.
Barely two and a half months after a cyber attack
was revealed on the Democratic National Committee, the Obama administration
laid the blame at the feet of Russia's President Vladimir
Putin with a strongly the US government publicly blaming a
(00:23):
foreign country for attacking a U S entity, that's an
incredibly rare thing. I was surprised when I saw the
statement come out, even though it's something that the private
cybersecurity experts have been talking about for a while. Uh,
the government formally blaming a foreign entities only happened a
handful of times, and specifically here, the US was accusing
Russia of hacking the Democratic Party right as voters prepared
(00:45):
to go to the polls on November eight. It's a
scary prospect. Could hackers tamper with or even obliterate our votes.
So here's my question. We are so close now to
election day, and you can tell because that's really all
you see on TV right now. So how do we
know for sure what we think we know about these hacks.
This is a perpetual problem in cybersecurity, and it reminds
(01:07):
me of the famous New Yorker cartoon that goes on
the internet. Nobody knows you're a dog, But when you're
investigating a cybersecurity breach, uh, nobody knows whether you're a
Russian hacker or a Chinese hacker pretending to be a
Russian hacker, or even a US hacker pretending to be
a Chinese hacker pretending to be a Russian hacker, or,
as Donald Trump put it so delicately, I don't think
(01:30):
anybody knows it was Russia that broke into the d
n C. She's saying Russia, Russia, Russia, but I don't
Maybe it was. I mean, it could be Russia, but
it could also be China, could also be lots of
other people. It also could be somebody sitting on the
bed that weighs four hundred pounds. Okay, And how is
the US or anyone else, for that matter, so certain
that the Russians are trying to hijack our elections? What
(01:52):
should an ordinary voter do? And should we even care? Hi,
am Akito, and I'm George Robertson and this week on Decrypted,
we're going to take you inside the hunt for the
people who have the Democratic National Committee. It's a sort
(02:15):
of tale of how two of the world's great superpowers
have found themselves locked in an escalating information war just
weeks before millions of Americans go to the polls, and
the stakes they really couldn't be any higher. Not only
is this the most divisive election we've seen in recent memory,
with Hillary Clinton and Donald Trump advocating for completely different
visions of America, but also hanging in the balance is
(02:38):
the democratic process itself. What happens to a country's sovereignty
in the age of the Internet. Our story today starts
in April when the i T staff at the Democratic
National Committee noticed something a little weird going on in
their network. For our non American listeners, this is the
official organization behind the Democratic Party, the d n SEE,
(03:00):
and the i T staff there. They escalated their concerns,
their executives and a cyber security firm called CrowdStrike what's
called in to investigate so CrowdStrike is one of a
small group of digital forensics firms that really all they
do is investigate data breaches, and they went in they
(03:21):
installed software in the DNC servers, essentially allowing them to
spy on the spies, and it didn't take them long
to pin the attacks on true groups of hackers associated
with the Russian government. They called these groups Cozy Bear
and Fancy Bear. Cozy Bear and Fancy Bear. Is this
some kind of industry inside joke. Yeah, The cybersecurity industry
(03:41):
has a lot of kind of goofy, funny names for groups.
Their thematic often associated with a region. Uh. Some others
are called deep Panda and things like that. I love that.
Then CrowdStrike closed all the security holes that had allowed
the attackers to breach the DNC servers, and so the
hackers wouldn't be able to read the stay ask emails anymore. Now,
normally you don't really disclose this kind of thing unless
(04:05):
you absolutely have to. It's certainly embarrassing for the d
n C, especially when, as we learned later, they were
warned about their networks vulnerabilities and ended up ignoring those
early warnings. But the d n C may have had
a hint that some of this information was about to
be leaked on the internet, so they dropped this bomb show.
But first, the Democratic National Committee said today, Russian government
(04:27):
hackers have penetrated its computer network. Breaches by two separate
groups allowed hackers to access emails, internal chats, and opposition research.
Democrats have compiled unpresumptive Republican nominee Donald Trump. That's PPS
News Hour reporting the hack. On June fourteenth, the day
this all became public, and it hit the US political
(04:50):
system like a bolt of lightning. People were furious, how
dare Russia try to mess with America that type of thing?
And then one day after the DNC announcement, someone or
a group of people who go by the name goose
offer Too Datto came out in a blog post and
basically laughed in the DNC's face. This person was like, no,
(05:10):
you idiots, I am the lone hacker that infiltrated the
DNC and this had nothing to do with the Russians.
And goosefer Too Datto released a bunch of documents that
he claimed he had stolen from the d n C
as evidence that he was behind it, and from there
it was chaos. Was it the Russians with some lunar
kid who had too much time on his hands? And
(05:31):
that's when crowd Strait called in this guy for help.
My name is Mike Bartowski. I'm the senior vice president
of cybersecurity services at Fidela Cybersecurity here in Maryland. I
lead a incident response team of about thirty individuals and
we've handled some of the largest breaches that have have
(05:53):
occurred over the past decade or so. So I've known
Mike for several years now, and he's a really interesting guy.
Used to be a cop with the Montgomery County Police
Department in Maryland, and he looks like at X cop.
He's got the short cropped haircut, solidly built guy at
very friendly and uh, you know, very genial. Even before
his time in the private sector, he had this long
(06:14):
experience of tracking down criminals. Mike's now an incident responder
in cybersecurity speak, that means he flies out at the
drop of a hat to companies that believe they've been
breached and he helps investigate and fix their networks. So,
like the computer nerd version of c s I or
Law and Order right and Mike and Fidelis, his job
was to independently verify the group of people who attack
(06:36):
the DNC, and this cybersecurity version of the who done it? Investigation.
It's called attribution in the industry, and CrowdStrike had asked
Fidelis and to other firms to check their work. So
so we had, um, you know, we got five pieces
of now where we had a team of four reverse engineers.
That's all they do is reverse engineering, so we had
(06:56):
them bang on it. Jordan, I think we should have
slain the store listeners. Sure, So crowd Strike sent Mike's
team five files of the computer code that was on
the DNC servers and was responsible for stealing information from
the emails. And the job of Fidelis and these two
other firms was to look at this code in what's
called a virtual environment, like a parallel universe. Right, it's
(07:20):
a simulated computer system where the code can't do any
damage on the real servers. Hackers used all kinds of
tricks to prevent their malware from even opening in that
kind of hall of mirrors. So a key job of
an investigator is decoding all of those techniques to see
how the attack code actually behaves. Okay, and then Mike's
team they compared that behavior. Two documented code in the
(07:44):
past that was linked to the two hacker groups associated
with the Russian government and crowd Strait called these two
groups Cozy Bear and Fancy Bear, and the clues surface immediately.
You know, really there were a couple of things that
that we looked at, So you look at the complexity
of of what the malware was able to do. The
fact that it had the ability to m basically terminate
(08:08):
itself and wipe its its tracks, hide its tracks. You know,
that's not stuff you see in commoditized malware. Really, it
kills itself. It kills itself. Yeah, and actually one of
the functions within the one of the pieces of malware
UM had had a terminology for essentially Harry Carey UM
to kill itself. So this automatic suicide switch, this is
(08:30):
something that's incredibly sophisticated, right, I mean, this is one
of the reasons that Fidelist and CrowdStrike and the other
forensics researchers were so taken aback by this malware. You know,
there's a there's a black market for pre built malware
on the Internet that even somebody like me can piece together,
so like malware can be like legos. But this feature
(08:52):
of killing yourself to avoid getting detected, that's really complicated stuff.
And that's when Mike's team knew they were dealing with
real pros here. You know, there aren't ton of people
around the world who have this level of sophistication. And
there were a bunch of other things that packed up
this conclusion to the level of access that the malware
gave the malicious user, UM was pretty astonishing. Uh. It
(09:15):
was also written very very um well, I think I
guess elegant is probably a good way to to say it.
It was not sloppy by any stretch of the imagination. UM.
And again, so you start looking at, Okay, who would
have had the capability to do that? And you know,
we we talked earlier how you know, Yeah, you can
have somebody on the inside do something, but they may
(09:35):
not be the best at it. So you have, uh,
you've got to have people who are a lot of
experience doing it or a lot of training to do it.
And um, it was. It was a very complex piece
of malware that the average person probably couldn't use. Uh.
It's also not something that we've seen out in the
wild necessarily, it's very targeted pieces of malware, very limited
(09:59):
and can't buy it on the black market. You can't
buy these components not that. No, not that we've come across. Okay, okay,
so so far we know that this attack was orchestrated
by someone really really good, someone really really experienced, and
that immediately limited the pool of people who could be
(10:19):
responsible for this. It really limited the pool of people
to someone with the kind of resources with backing from
an entire government. And on top of that, there were
a bunch of things that pointed to the code being
written in Russia. Yeah, some of these details are really interesting.
So one of the most fascinating for me is, you know,
from the way the code was written, it was clear
(10:40):
that it was written on a Russian language keyboard, and
the dates and times that the code was compiled was
during normal business hours in Russia, and that's consistent with
the code that's already been traced back to the Russian
government backed hackers in the past. And that's not something
that you can easily fake, right, like change the time
stamps or something. Yeah, that was my question too, but
(11:01):
Mike said, there's so many different things that you'd have
to consistently change to successfully pull off that spoof. You're
dealing with a situation that if it was a one off,
easier to change, you know, same same thing with you know,
you can change the day in time on your computer. Absolutely,
you could do that, and it would potentially throw an
investigator off consistently across five pieces of hour, okay, you know,
(11:21):
probably a little more difficult across x number of pieces
of malware across how many incidents and to all have
them point to the same place. And that's why Mike
doesn't buy Trump's theory of this four pound man sitting
on the bed orchestrating this incredibly sophisticated attack, and why
he doesn't buy Gooseifer two Dato's claim that he was
a lone hacker. Okay, is it a script, kiddiers, it's
(11:44):
somebody who bought a piece of malware? Or is it
you know, somebody drinking mountain doing, eating twinkies and mom's basement. No,
it really needs a level of operational discipline that you
don't see really in the wild. And you're right, the
number of people who could pull it off it becomes
dramatically narrower. So Icky, are you convinced? I mean I
(12:09):
think so. I don't know. I keep on expecting a twist,
like you're you're tricking me, Like in law and order
when the guy who seems really suspicious turns out to
be innocent in the end. Yeah, I like that. Well,
here's maybe the most important part. Then you need to
look at the target, the victim of this hack, which
was the d n C, and it later turned out
a broad cross section of the U. S political system,
(12:30):
everyone from lobbyists to lawyers to Hillary Clinton's campaign. And
going back to Mike's background of working in law enforcement,
you have to ask who would have had the motive
to pour this kind of effort into spying on key
members of American politics. Sure, an opportunistic hacker, you know,
(12:50):
putting a feather in their caps, saying, hey, we you know,
we broke into the d n C. Okay, yeah, I
mean that that could potentially happen. Um. But then releasing
the emails the evening before the convention started, Well then again,
now you now you're looking at it, Okay, Well, you
know that really smacks like an information operation. And here
(13:13):
I think we should remind our listeners of the chronology
of the events that took place just a few weeks
after the d n C announced the hack in mid June.
I mean, this was a time when the Republican Party
was still in complete disarray, but things were looking pretty
good for the Democrats. This was a time when Hillary
Clinton UM was trying to solidify her support and you
(13:35):
have this forest fire raging on the internet about this issue.
You have Wiki leaks and Goosea for Toutato publishing a
stream of emails that turned out to be really embarrassing
for the d n C. At you know what couldn't
have been a worse time for them, Yeah, like that
one from when Bernie Sanders was still in the primary
race with Hillary Clinton and a senior staff were at
(13:55):
the DNC talked about how they should try to paint
Sanders as an atheists, try to question his Jewish faith
and the party itself is supposed to be neutral. And
that led to a lot of turmoil within the party.
I mean the Democratic Convention that took place at the
end of July that was kind of a mess, at
least at the beginning. All these Bernie supporters were protesting
(14:16):
and booing down speakers on stage, and ultimately d n
C Chairwoman Debbie Wasserman Schultz, who was a rising young
star in the party, she resigned. And bringing this back
to our story, today. Like you said, Jordan's this really
does point to motive. I mean, who would really want
to introduce this kind of turmoil to the democratic process
(14:36):
itself in America, which is, you know, really the sacristanic thing.
Who would want to do this thing that would make
you question the fairness of the system that we've developed
over the years. Yeah, this project has been interesting to
me because I consider myself, you know, a pretty serious
skeptic on a lot of these claims. It's it's just
way too easy for a hacked entity to throw out, oh,
the Russians did this, and the Chinese did that or whatever. Yeah,
(14:59):
kind of like is get at a jail free card
when your company has been hacked? Right, these really sophisticated,
organized hackers backed by a whole government. If if someone
like that tries to target you, what could you have
possibly done. It's like when we reported about Yahoo's breach,
which was this massive, you know, more than five million
customer accounts getting hacked, we reported that the company's claim
(15:22):
of the attack being state sponsored, you know, isn't so
iron clad. But this one with the d n C.
After talking to Mike, after talking to all these other experts,
Jordan Are you convinced. Yeah, I'm pretty convinced. I mean,
it takes a lot to clear that hurdle of you've
got this piece of malware and this is evidence that
the Russians did it. Uh, you know, but Mike will
(15:44):
be the first to tell you this. Well, it's it's
always risky. I mean, you know, when you're when you're
you're doing attribution, you're really never saying a hundred percent
that it's this person, because, you know, barring seeing somebody
at the keyboard and actually doing it or a confession,
you're you're relying on that circumstantial evidence. This all comes
(16:07):
down to Mike's days as a cop. Can you prove
to a jury beyond a reasonable doubt that the Russians
did this? And his answer was yes. And now the
US government has come out and officially blame the Russian government.
And there are lots of reasons potentially for that happening.
There are ways that the government can really know what's
(16:28):
going on intercepted phone calls, intercepted emails, human and signals
intelligence sources in a way that no private cybersecurity could
ever match. Sounds a little sinister, Well, we don't know
for sure. But here's what Rob Owens, who was an
industry analyst at Pacific Press Securities, told me. Nation States
do hack. I think the US government hacks as well.
(16:49):
A well known fact within the industry that, uh, everybody's
hacking everybody to some degree. So maybe the US government
was buying on Russia while Russia was buying on the
d n C. Well, we know that both countries fired
each other all the time, but in this case, we
don't know exactly what the evidence is. But it's fair
(17:10):
to assume that that's the case. And that's why at
the top of the show today you called it an
information war like the Cold War of our generation exactly.
So if we've managed to keep our listeners till now
through this complicated journey inside the d n C hack,
first of all, thanks for sticking with us. And second
of all, I think the burning question everyone has now
(17:33):
is what's next. So far, it's been about introducing turmoil
into the democratic process. And you know, I'm not a
US citizen, but my girlfriend is, and I don't think
I know anyone who's more excited about voting in November
as she is. Could these Russian hackers, could they tamper
with her vote. That's one really really important point here.
(17:54):
In reality, it's very hard to hack actual votes. That
that's why information warfare like we are potentially seeing here
is so much easier to do. To do any real
damage to the votes, you'd have to actually hack the
vote tabulators, and these are computers that sit inside county
and state offices counting votes, and those are never supposed
(18:15):
to be connected to the Internet. Does that mean you
can't hack them ever? Of course not. It would just
be a huge undertaking. So I wouldn't worry too much
about the hacker stealing your vote. It could happen, it's
just not the most likely attack. So what should we
be worried about, Well, the biggest threat is actually that
the hackers could try to mess with your voter registration records,
(18:35):
not your actual vote. If you wanted to actually tamper
with the election results, you drop people from the voter
rolls and make it harder for them to vote, you know,
you change their polling locations to someplace far away, those
kinds of things. But I wonder, you know, are the
Russians what they want to do? Is it really tampering
with these results or is it more about traditional espionage.
(18:57):
Is it more about influencing the public perception of these
really important people in our democracy. My sense is that
if the goal here was to inject kind of chaos
into the into the system and to undermine confidence in
the democratic system. Uh, you know, then that's a really
powerful weapon. And it's been wielded pretty effectively here. And
(19:20):
in the meantime, Wiki leaks is saying that it still
has more emails at paint Hillary Clinton in a pretty
bad light. And I think we're all on edge here
waiting for that bombshell to drop. Yeah, we hear all
kinds of things about you know, it won't be an
October surprise. It will be a November surprise. There will
be more emails, and you know, with with hacked communications,
you almost never know what you're gonna get. All right, Well, Mike,
(19:45):
anything else you wanted to say about the the industry
or specifically, you know, what we what what voters should
expect going into November. Um, I would expect it will
be a wild rug. Yeah, that's what I was going
to say. Put your seat belt on, because you never
know what's gonna what's gonna turn up. You know, hopefully
it'll beyond eventful, but uh, it wouldn't surprise me if
it wasn't. Well, that's it for this week's episode of Decrypted.
(20:10):
Thanks for listening, and if you have an iPhone, be
sure to subscribe to the show on iTunes or any
of your favorite podcast apps out there. And while you're there,
please take a moment to rate and review our show.
These ratings and reviews really help get our show in
front of more listeners and let us know what you
thought of today's show. I'm on Twitter at Aki seven
and I met at Jordan's Are one thousand and Our
(20:31):
technology team here at Bloomberg is on Twitter at Technology.
This episode was produced by Pierre Getkari Magnus Hendrickson, and
Liz Smith, with help from Emily A view So. Alec
McCabe is head of Bloomberg Podcasts. We'll see you next week.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Intentionally Disturbing
Join me on this podcast as I navigate the murky waters of human behavior, current events, and personal anecdotes through in-depth interviews with incredible people—all served with a generous helping of sarcasm and satire. After years as a forensic and clinical psychologist, I offer a unique interview style and a low tolerance for bullshit, quickly steering conversations toward depth and darkness. I honor the seriousness while also appreciating wit. I’m your guide through the twisted labyrinth of the human psyche, armed with dark humor and biting wit.