Report on Russian hacking leaves many questions unanswered

Security experts have been pouring over the Joint Analysis Report released two weeks ago by the Department of Homeland Security and the Federal Bureau of Investigation, but there isn't enough detail in the public document to help organizations defend themselves against other Russian attacks.

The report contains lists of indicators of compromise - technical signs that the Russians are hacking into a system. But most of these were already familiar, and more interesting information was left out, according to security experts.

"There would be some indicators that are held back, because revealing everything would compromise sources or methods," said Eddie Schwartz, president and COO at White Ops.

If the attackers know that they are leaving certain kinds of digital fingerprints, they'll be more careful to hide them next time. In addition, the intelligence agencies also use other means of collecting information, such as intercepted communications or even moles in the enemy organizations.

"They are classified in nature," said Schwartz. "But some could be provided to certain partners in the community, like the Financial Services Information Sharing and Analysis Center."

[ RELATED: Making the GRIZZLY STEPPE Joint Action Report useful ]

Companies that might be targeted by Russian groups should join such organizations, and not just to get access to more government data.

"It's always valuable to get together," he said. "the power of many collaborating on indicators is far better than one company trying to figure it out."

Looking beyond the IOCs

The indicators in the report are of very limited practical use, agreed Rebekah Brown, threat intelligence lead at Rapid7.

"Some of the IOCs were clearly bad, and should not be used for alerting or blocking," she added. "It is important to vet the lists before utilizing the intelligence."

That might improve in future reports, she added.

"I do think that the government learned from the feedback about the IOCs, and the next report they release will likely have more indicators that defenders can easily utilize," she said.

Where the report could be most useful to security professionals is in the information about the goals, motivations and targets of the Russian attackers.

"CISOs can use this information to identify if their organization would fit into the model that the report describes," she said.

Time to get proactive

The report also demonstrated that the U.S. is playing defense when it comes to cyberattacks, and needs to get more organized.

The interesting thing about the hacking of the U.S. Democratic National Committee is the delay in detecting and responding to the breach, he said.

"This wasn't sufficiently prioritized and resourced," he said. "We have a very talented set of organizations capable of excellent intelligence gathering, but they have been partially tied down and restricted from using all of their skills. We have an enormous amount of resources that we don’t permit our intelligence organizations to leverage to the best of their abilities."

The U.S. needs to not only improve its defensive tactics and tools but also focus on offensive capabilities, signals intelligence, and cooperation from other governments, he said.

IDG Insider


« Brian Eno: Reflection review: A chance to experience Eno's music as he intended it


DARPA wants to create secure data-sharing tech »
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends


Do you think your smartphone is making you a workaholic?