Cyberterrorism Expert: 'Poor' Democratic National Committee Security, Hack Of Hillary Clinton Campaign Manager Impacted Presidential Election

Cyberterrorism expert Eric O'Neill, who was key in capturing notorious Russian spy Robert Hanssen, told CRN that "poor" Democratic National Committee (DNC) endpoint security – which resulted in the hack of Hillary Clinton Campaign Manager John Podesta's Gmail account – influenced the presidential election.

"The DNC failed in every sense in protecting themselves from cyberattacks," said O'Neill after a keynote address Friday at the Whalley Computer Associates (WCA) technology conference at the Foxwoods Resorts.

The irony is that the DNC was warned by the FBI of a potential cyberterrorism attack by the likes of Russia, said O'Neill."They knew that Russia was coming after them," said O'Neill of the DNC. "Russia has attacked every single campaign for president. They should have taken better steps to secure their information across the board."

[Related: What A Trump Presidency Could Mean For Net Neutrality, Cybersecurity And Telecom Consolidation]

id
unit-1659132512259
type
Sponsored post

"Of course it influenced the election," said O'Neill of the impact the alleged Russia hack had on the presidential election. "Both parties conduct opposition research. Hillary had some real zingers about (President-elect Donald) Trump but they were negated by the horrible things that were coming out that the DNC was doing. Imagine how many (Democratic Presidential candidate) Bernie (Sanders) supporters who might have voted for Hillary decided not to when they found out the DNC was doing everything they could to tank his campaign."

The hack of Podesta's Gmail account resulted in the release of thousands of emails that were made available via WikiLeaks, provided voters with a political insider's view of how the Clinton campaign was dealing with the Sanders' candidacy, among many other issues.

"I think had the Hillary campaign spent more time protecting themselves they could have had a better chance of winning," said O'Neill, now a national security strategist for Carbon Black, a next-generation endpoint security vendor exhibiting at the WCA Tech Conference, which attracted about 1,000 IT buyers and 300 vendors.

O'Neill is the former FBI agent portrayed by actor Ryan Phillippe in the film "Breach," which depicted O'Neill's investigation of Hanssen and the arrest of the Russian spy responsible for what has been called the most damaging breach ever of U.S. intelligence information.

The release of Podesta's emails on WikiLeaks represented a direct attack on the Democratic process, said O'Neill. "That is not typical," he said. "Sometimes espionage is about disruption. It is about causing us to not trust information. It is about causing us to not even trust our own democracy which is what happened. I like to say our democracy is at risk if spies can knock around in it."

It is "very likely" that the full extent of the DNC cyberattack has yet to play out, said O'Neill. "We don’t know what the Russians will do with that information," he said. "The short game was screwing around with our election by dropping it on WikiLeaks."

Podesta fell prey to what is referred to as a spear phishing attack that appears to be from a trusted business or individual. The Podesta attack involved using a fake Gmail security alert to trick him into revealing his password.

Podesta was not using a "secure network or a secure email system," said O'Neill. "It was an unsecured Gmail account. In his case it was his private email he was using for business."

The spear phishing attack of the DNC targeted the personal accounts of many government employees, said O'Neill. "It was sort of a carpet bomb approach where you send these spear phishing emails and then you see who clicks," he said. "Assuming it is the Russians – and we are pretty sure it is – they must have been extremely excited when they found out he (Podesta) clicked."

The ultimate defense against such spear phishing attack is "zero trust," said O'Neill. That means never clicking on a link or open attachment unless you personally verify it. "If your brother sends you a picture from the night out you had, you call him and ask him did he send the email?" said O"Neill.

Besides zero trust, all businesses and government agencies need better security software and tools, said O'Neill, protecting their IT environments from hackers. "When they land in your network or system, you are God there," said O'Neill. "You should have the security professionals and the technology that can defeat them. What you want is visbility. You need to be able to see them when they land and the breach occurs."

Carbon Black protects a number of government agencies which have never been breached, said O'Neill.

O'Neill said he is troubled that, as a nation, America has not invested enough in cyberdefense. "This election cycle has shown us that we as a nation are not prepared for the cyberwar we are currently fighting and losing," he said. "A lot of people will say we are in a cyber Cold War. We are not. We are in a war."

O'Neill's haunting prediction for 2017: America is going to "finally have an attack that affects us to the extent that we treat it with the concern that we would a physical attack."

Michael Charland, IT security officer and infrastructure manager for Masonicare, a Wallingford, Conn. provider of healthcare, homecare, hospice and senior living, said ONeill's address strikes at the heart of the security challenges facing businesses.

"It's a constant challenge," said Charland. "I really appreciated everything he had to say about the law enforcement side as well as information security. Whalley Computer Associates bringing O'Neill here to speak really helps us get the information security message out."

Furthermore, Charland said, Whalley Computer Associates' role as a trusted advisor has been critical in help Masonicare be successful with its IT security efforts. "Their reps are always looking out for best interests," he said.