Anti-Malware , Data Breach , Data Loss

As the fallout from the leaked Democratic National Committee files continues, a new finding from an analysis of the more than 19,000 emails published by WikiLeaks suggests cyberattackers also had access to at least one staffer's personal email account.

See Also: How to Mitigate Credential Theft by Securing Active Directory

A DNC consultant saw several warnings that her Yahoo account may have been compromised by state-sponsored attackers, according to a story published on July 25 by Michael Isikoff, Yahoo's chief investigative correspondent .

The DNC consultant, Alexandra Chalupa, had been investigating connections between Republican presidential candidate Donald Trump's campaign chairman, Paul Manafort, and pro-Russian political leaders in the Ukraine, Isikoff wrote.

Meanwhile, the growing concern over the hacking of the DNC, first revealed in June, has prompted the FBI to depart from its normal protocol of staying silent about investigations.

"The FBI is investigating a cyber intrusion involving the DNC and is working to determine the nature and scope of the matter," the bureau says in a statement. "A compromise of this nature is something we take very seriously, and the FBI will continue to investigate and hold accountable those who pose a threat in cyberspace."

Democratic presidential candidate Hillary Clinton's campaign theorizes that the release of 19,252 emails and 8,034 attachments is a well-timed play by Russia intended to disrupt the Democratic Party and increase Donald Trump's standing before the November election. Although it's unlikely to ever be proven, the incident stands as a curious example of using stolen data to attempt to influence global events at a crucial political moment.

That has prompted calls from at least one expert for the U.S. government to take action, treat WikiLeaks as a counterintelligence target and come forward with more definitive evidence of who perpetrated the DNC attacks.

"American inaction now risks establishing a de facto norm that all election campaigns in the future, everywhere, are fair game for sabotage - sabotage that could potentially affect the outcome and tarnish the winner's legitimacy," writes Thomas Rid, a professor in the Department of War Studies at King's College in London, in Vice's MotherBoard.

"State-Sponsored Actors" Alert

Pictured: Screenshot of a Yahoo alert forwarded to DNC by consultant Alexandra Chalupa in May. (Source: WikiLeaks.)

Chalupa, the DNC's director of ethnic engagement, on May 3 wrote an email to Luis Miranda, the organization's communications director. It included a screenshot of a Yahoo warning, alerting her that her account might have been compromised by "state-sponsored actors."

"Since I started digging into Manafort, these messages have been a daily occurrence on my Yahoo account despite changing my password often," she wrote.

Yahoo first began providing alerts to users that their accounts might be the target of state-sponsored actors in December 2015. That was well after Google, which instituted such warnings in June 2012. In January 2010, Google was the first technology company to openly accuse China of coordinated attacks against Gmail accounts of activists, in the so-called Operation Aurora incident.

Chalupa's frustration in seeing the warning repeatedly would suggest that her computer was infected with malware. That would have made it easy for attackers to obtain her new passwords with a keystroke logger, rendering futile any subsequent attempts she might make to secure her Yahoo account.

Given attackers' apparent access to a wide range of DNC email accounts - as revealed by the WikiLeaks DNC leaks - compromising Chalupa's computer would theoretically have been easy. Attackers could have sent her a malware-laced document or malicious link from a legitimate DNC account, thus tricking her into falling for an exploit designed to give attackers persistent access to her machine.

Will the U.S. Respond?

Because of increasing concerns over the impact of state-funded hacking, the United States has previously confronted governments for hack attacks, particularly when cyberattacks have been directed at private companies.

In May 2014, U.S. prosecutors indicted five alleged members of Unit 61398, a Chinese Army signals intelligence unit, for allegedly stealing industrial trade secrets from six U.S. organizations over eight years. It was the first such indictment of its kind, intended to send a strong message to China that intellectual property theft would not be tolerated, although the accused still remain at large.

In December 2014, just a few weeks after Sony Pictures Entertainment experienced a devastating attack that stole gigabytes of information and destroyed computers, the U.S. government attributed the attack to North Korea.

Just two days after hackers were booted from the DNC's network, meanwhile, the DNC hired incident response firm CrowdStrike, which published a blog post saying it believed two Russian groups - nicknamed Cozy Bear and Fancy Bear - were responsible, based on forensic clues. Last year, Cozy Bear broke into the unclassified networks of the State Department, White House and Joint Chiefs of Staff. Fancy Bear, suspected to be linked with Russia's GRU intelligence unit, is believed to have attacked Germany's Parliament and France's TV5 Monde.

Rid, in his Vice report, summarizes what looks to be compelling technical evidence that there's a Russian connection to the DNC hack attacks and says that it's also possible that Guccifer 2.0 - who leaked DNC documents on a WordPress blog and claimed to have passed the emails to WikiLeaks - might be working with Russia. Guccifer 2.0 has claimed to have separately breached the DNC and to have been operating alone.

The influence of the leak and disruption of an ongoing campaign likely meets the "red line" for strong action by the U.S. government, says Justin Harvey, CSO of Fidelis Cybersecurity. "The American people deserve to know if the government has evidence that confirms this attack was state-sponsored," he says. "If it was, then a whole new level of foreign policy decisions must be made in relation to the leaks."

Christopher Soghoian, principal technologist with the American Civil Liberties Union, cast the DNC situation in a broader light on Twitter. "OK, now that serious people believe that a foreign government is trying to impact U.S. elections, can we agree that internet voting is too dangerous?"

It's easy to forget, but the CIA Director's AOL account was hacked by a teenager just a few months back. DC politicos are easy cyber prey.

Cybersecurity , Data Breach , Risk Management

Presented by Skyport Systems     60 minutes     Given the severity of credential hijacking currently taking place, securing Microsoft Active Directory Services and relevant privileged credentials has become a top business priority. In 2015, over 75 percent of all compromised records from data breaches was traced directly to the loss or theft of a privileged credential. Too often, attackers use these stolen credentials to access networks without detection for weeks, and sometimes months. Organizations lose revenue, suffer diminished reputation and experience operational havoc. However, perspective, guidance and effective tools are available to protect your organization and to help mitigate the impact of credential theft. This webinar, hosted by Skyport Systems, will walk you through these best practices and introduce its SkySecure Platform, designed specifically to protect your Microsoft Identity infrastructure. Credential appropriation and theft plagues many large enterprises, particularly those that use Microsoft Active Directory. Microsoft recently released a comprehensive set of cybersecurity guidelines for Credential Theft Mitigation, but the complexity and cost involved in implementing these advanced recommendations has been a barrier in deploying them. In this lively webinar, Doug Gourlay, Executive Vice President at Skyport Systems, will discuss: The threats and past cyberattacks that underscore the critical need of protecting your Microsoft Identity infrastructure; A prescriptive roadmap based on Microsoft's Best Practices Guidance that most organizations can easily implement; The ways in which Skyport's SkySecure Platform can protect your privileged credentials from theft. You might also be interested in … President's Cyber Response Directive Gets Mixed Reviews

Cybersecurity , Data Breach , Risk Management

Presented by Vasco     60 minutes     Healthcare is in the middle of a major evolution toward digital, personalized medicine and the empowered patient. This massive push toward digital medicine brings about numerous security and interoperability challenges, including a shift in thinking from "supposedly known users" to "secure and trusted identities." Ongoing regulatory and monetary incentive programs are driving healthcare providers to increase their EHR and E-Prescribing adoption. Additionally, the U.S. Office of the National Coordinator for Health Information Technology (ONC) is focused on strengthening identity-proofing and authentication of all participants in the healthcare system: providers, staff, business associates, and patients. With many organizations including HIMSS, AHIMA and CHIME calling for a nationwide unique patient identifier with support from the National Strategy for Trusted Identities in Cyberspace's (NSTIC), Identity Ecosystem Steering Group, a trusted digital identity will likely soon be on your IT agenda. Knowing who is accessing PHI at any point in time is beyond critical to ensure security. How can the healthcare community move closer to making this leap to digital medicine without sacrificing security and confidentiality? This exclusive webinar, sponsored by VASCO, will talk about ways your healthcare organization can create a secure bridge between the verified identity in the physical world and the online identity in the cyberspace on a state or national level. Co-hosts Michael Magrath, Director of Business Development at VASCO and a nationally recognized leader in the healthcare identity management field, and Andrew Showstead, Director of Technical Consultancy at VASCO, will discuss how your organization can deploy a unique, reusable and trusted digital patient credential that provides interoperability and links multiple players via a trust framework. In this exclusive webinar, Magrath and Showstead will also discuss: Different options to provide better patient and provider electronic authentication; How superior identity management naturally leads to improved HIPAA and HITECH compliance; How to implement remote ID verification; How to secure end-to-end communications between patients and providers. Slide Previews

Cybersecurity , Technology

Presented by Pulse Secure     60 minutes     Today's organization needs to provide its employees, partners, applications and even networks access to its data and IT environment regardless of how they access it. But trying to maintain security and compliance in this increasingly complex hybrid IT world becomes a challenge - particularly if those solutions end up limiting productivity and hobble innovation and competitiveness. Identity management and device compliance is essential to today's organizations, whether they are accessing information via traditional enterprise applications or through cloud services on their personal devices. That's why centrally managed "Secure Access," the ability to safeguard credentials across hybrid IT infrastructures, is the best method for ensuring data security and compliance for your organization. Register for this session to hear from David Goldschlag, Senior Vice President of Strategy and CTO at Pulse Secure, to learn why secure access and flexibility go hand in hand in forming a successful and secure IT network. To ensure that your employees and partners maintain data security no matter how they access your hybrid IT infrastructure, you need to have a central authentication and compliance solution in place. And leveraging a solution like Pulse Connect Secure enables organizations to deliver fast, secure, and optimized access to data center applications and cloud services while ensuring a consistent native-user experience across any device. In this informative webinar, Pulse Secure CTO David Goldschlag will discuss: The importance of having a single authentication and compliance policy for your hybrid IT infrastructure; How to improve visibility and context to filter traffic and enforce secure access policies; Real-world examples of how Pulse Secure's Secure Access architecture enables users to securely access Microsoft Office365 and SAP from iOS devices. You might also be interested in … President's Cyber Response Directive Gets Mixed Reviews