Election Interference and What Could Come Next

If I had to guess, I’d say there must be some disgruntled sports fans in Russia right now.  In what I can only assume is retaliation for the whole doping scandal that banned almost the entire Russian team from the Rio Olympics last month, cyber thieves have released information on athletes of other countries, including the medical records of Team USA stars like Simone Biles and Serena Williams.  The leaks attempted to disgrace the athletes by showing they were authorized to take prescriptions that are on the list of banned substances; however, it appears that the proper steps were followed for a legal exemption.

Indeed, Russian hackers continue to be in the news for a variety of incidents.  Meanwhile, the White House continues to remain silent in naming a definitive culprit behind the breach of the Democratic National Committee (and subsequent release of embarrassing files), despite insistence from lawmakers and analysts that the White House just come out and say it was Russian hackers.  The Administration’s hesitancy has not stopped others on Capitol Hill, however, from attempting to move forward in exploring the potential “role” Russia has played in the United States’ presidential election.  Apart from the ongoing FBI investigation into the DNC hack, the other week saw Sen. Jeanne Shaheen (D-N.H.) try to galvanize the Senate Foreign Relations Committee into holding a hearing on the alleged extranational interference.  The senator voiced the growing concern that Russia is possibly engaged in the same type of activity that it has used to influence elections in Ukraine and Georgia.

We have already seen the damage an organization can suffer from hackers exposing their secrets.  Committee chairs resign, and overall reputations take a blow; and all this occurs from the release of true information.  It doesn’t even take into consideration the next stage in this threat’s evolution, lurking, potentially, in the near future.  Because once a malicious actor decides to make subtle changes to stolen data or release false information, how does the target counter that, especially if the lies are packaged among other factual data?  Trying to weed out the fiction from truth would be a nightmare scenario for any victim, whether a breached company or a presidential candidate, as well as the media that reports on them.

As it happens, though, such propagandist forgery has been a tool Russian entities have deployed for some time, including, recently, creating a false narrative about Sweden trading in their neutrality for an alliance with NATO—which was itself accused of stockpiling nukes in Eastern Europe.  The disinformation campaign has apparently been successful enough so far that both NATO and the EU have created special offices tasked with sifting through the deceptions.

Who knows when the compromised data leaked from a breached business or political party will have an altered item just waiting to be discovered?  When it does, the effects will be much more difficult for even an Olympic hurdler to surmount.  What can an organization do to prevent this type of attack, or at least try to mitigate it in the event it does occur?  As leading cryptographer and computer security specialist, Bruce Schneier, commented to me, the answer is “Good computer and network security. Nothing magical.”  Agreed, Mr. Schneier.