Why International Spies Want Your Password

The Russian hacking of national politicians' emails is indicative of a much broader trend

By Elijah Woodward  |   Aug 2, 2016
Share on Facebook34Tweet about this on TwitterShare on LinkedIn1Share on Google+0Email this to someonePrint this page

One of the most fascinating turn of events in this year’s political campaign has been the use of information warfare and hacking to try and influence this year’s presidential election. This has marked a sudden, shocking development in a lot of ways, and not the least of which is the extreme interest the Russian government seems to be taking in our election this year.

A couple of things are happening before our very eyes right now, and we might be blind to it.

First, the game of shadows that espionage traditionally occupied seems to be coming in to regular society increasingly. Whether it’s the Snowden leaks in 2014, the FBI indicting members of the Chinese military for hacking and cyber espionage (publicly calling out the Chinese government), or even videos from a 1985 spy swap in Germany getting posted to YouTube, this stuff isn’t as hard to find out about as it used to be.

Second, electronic communications are not as secure as we’d like to think. If there’s one thing we should have learned by now, it’s that encryption is not an impenetrable wall: It’s a speed bump. In the hands of the right adversary, your super-protected and encrypted database will be opened up and its secrets spilled, given enough time and resources. Diligence may slow down the release of that information, but don’t count on it being permanent.

We should have learned this during WWII when Alan Turing cracked German encryption, but we still keep finding out that for however clever you think you hid your secrets, someone else is out there just as clever as you, and they’re working against you.

Finally, local political animals are probably watching how the big boys are playing, and my guess is that they’re getting ready to start using the same tactics. What are you going to do when the mayor in your town running for reelection gets his emails hacked, and word comes out about his affair and clandestine drug ring? Is that admissible evidence? Are you going to pursue a case based on hacked information? Will the chief or sheriff of your agency just be good with the resignation of said public official?

Interesting note: A sheriff under indictment did have his emails hacked earlier this year. Your agency will have an email breach. Start communicating as if there was no redaction process now.

All that being said, I especially wanted to focus on my first point: Espionage has come front and center.

They Want Your Data

According to a paper from May of this year (Putin’s Hydra: Inside Russia’s Intelligence Agencies) the Russian Federal Security Service, or FSB (think KGB 2.0) and GRU (Foreign Intelligence) have a little problem with oversight. During KGB days, the politburo still remembered the Stalin secret police purges so they mandated political officers be embedded with KGB units. That doesn’t even exist today. This lack of oversight creates an environment ripe with opportunity for the enterprising agent to make money off of sensitive information that they may have access to.

For example: “An interesting case in point relates to the GRU’s tasking of their Canadian agent. Along with the usual fare of military, political, and economic information, he was asked to use his position at a military intelligence centre to find out what information the Royal Canadian Mounted Police had on Russian gangsters operating in Canada.”

The document goes on to explain that it’s believed that information was used to extort Russian criminals operating abroad.

Now think for a second about all of the embarrassing, sensitive, awkward, and uncomfortable details of peoples’ lives law enforcement are entrusted with during the course of their duties. You know, things like the domestic violence incident that comes about because somebody was caught looking at a really embarrassing website that made the other half infuriated. I’ll let you fill in the blanks.

Now imagine if someone with interests in extorting or influencing people had access to this sort of information. To the business-minded GRU officer, your police database is not only interesting information for political or national security reasons, it’s a goldmine waiting to be cracked open.

And, oh yeah—I’m sure there’s something in there we could use to extort people and get them to do some spying. Keep in mind, spying these days doesn’t even take a lot of effort. It could be as simple as asking someone to stick a thumb drive in to the work computer (you don’t even need to click or open anything, the autorun program will take care of all that for you).

Conclusion

Moral of the story: this stuff about Russians isn’t just a concern for national politicians. This is going to be something that will filter down to local police, because it already has. And it will continue to.

And Russia is just the first country we can talk about doing this stuff. It’s a big, big world out there.

The following two tabs change content below.
Elijah Woodward
Elijah Woodward teaches Cyber Security for Calibre Press. He has been a police officer in Arizona since 2007. During this time he has worked in patrol, motors, and now works in community resources. He is a member of the FBI’s InfraGard program, and the High Technology Crime Investigator’s Association. He’s also an accomplished bagpipe player and can be found most weekends during the summer traveling the western U.S. in a kilt. It is his belief law enforcement is in a prime position to address the issues of cyber crime and fraud, and it will be cops at the local level who will have the greatest impact on these new crimes as they continue to plague our communities. Reach him at Elijah@CalibrePress.com.
Elijah Woodward

Latest posts by Elijah Woodward (see all)