On Tuesday, it was revealed that the Russian government is implicated in a security breach of the Democratic National Committee's computer network, through which opposition research on the bombastic presidential candidate was lifted.
"Every world leader is trying to figure out who Mr. Trump [is], especially if he's elected president, and they want to know what his foreign policies would be. Russia is no exception," says Dmitri Alperovitch, co-founder and CTO of CrowdStrike. His firm was hired to manage the breach. "The actors are also interested in any other information the DNC might have in their opposition research to use it against Trump if he becomes president," says Alperovitch, who leads the Intelligence, Technology and CrowdStrike Labs teams.
As he points out, it's Trump's political influence that makes him a tempting target for hackers. However, the personal attack should serve as a cautionary tale for any entrepreneur--particularly those in the public eye.
"Organizations, whether they are nonprofits or enterprise, need to be aware that nation-states are coming after them for political espionage, economic espionage, or destructive attacks," says Alperovitch. "We need to be prepared to confront these bad actors. This is the first time since the Revolutionary War where you have Americans fighting governments on U.S. soil. We are doing this in cyberspace, unlike in the Revolutionary War, but it is serious nonetheless."
The DNC was breached by two different well-known hackers who are "most likely Russian intelligence operators," suggests Alperovitch. The hacker groups are known as Cozy Bear and Fancy Bear. Alperovitch says Fancy Bear is believed to work for the GRU, which is Russia's military intelligence service, and was in the DNC's network since April. Cozy Bear, meanwhile, is thought to be working for the Federal Security Service, Russia's security agency, and was in the network for about a year. Alperovitch says that the hackers were not working together and had been doing different things, until Crowdstrike removed the hacker-spies from the network over the weekend--though not before the hackers read emails and stole research on Trump.
"Cozy Bear actors infiltrated the DNC last summer and targeted their communications systems and was able to read their emails," says Alperovitch. "In April, Fancy Bear, working completely separate from Cozy Bear, went straight for the opposition research on the Donald Trump campaign. They were able to exfiltrate those files."
The DNC confirmed the breach, the Washington Post reports.
The Russian Embassy did not return emails or phone calls in time for publication.
The hackers probably got into the network through a so-called spearphishing campaign, Alperovitch says, meaning the spies would have sent emails that seemed to be from an employees' boss or colleague but actually contained malware that allowed the spies to breach the network.
This is not Cozy Bear's first rodeo, Alperovitch says. The group successfully breached the White House, State Department and the U.S. Joint Chiefs of Staff last year. The organization has also hacked agencies in the defense, energy, finance, legal, insurance, pharmaceuticals and tech sectors and other countries in Asia, Europe and South America, says Alperovitch. Fancy Bear has also been around since the early 2000s and has waged campaigns against the aerospace, defense, energy, and other government and enterprise sectors, Alperovitch says.
"These are highly sophisticated actors, some of the best we've ever encountered," says Alperovitch.
George Kurtz, who was the former CTO at McAfee, and Alperovitch, who was McAfee's vice president of threat research, founded CrowdStrike in 2011. The Irvine, California-based company makes cloud-based cybersecurity solutions and boasts some of the largest banks, oil companies, insurance companies and brands as clients. Google Ventures led a $100 million Series C round last summer.
Even though CrowdStrike kicked the hackers out of the network, Alperovitch says the spies will be back. Russia's interest in the U.S. political system is not going to disappear and it will strengthen as the general election season gets closer, he says.
As for U.S. companies, Alperovitch says this attack should signal to every business that hackers and spies from Russia and other countries are breaching networks all over the country. "Assume they are inside your network," he says.