WEBVTT - How Experts Traced the DNC Hack to Russian Spies 0:00:00.360 --> 0:00:03.440 On Friday, October seven, the U S Department of Homeland 0:00:03.440 --> 0:00:06.760 Security and the Office of the Director of National Intelligence 0:00:06.800 --> 0:00:09.719 released a statement, and it was a pretty stunning announcement. 0:00:10.119 --> 0:00:12.639 Barely two and a half months after a cyber attack 0:00:12.720 --> 0:00:16.480 was revealed on the Democratic National Committee, the Obama administration 0:00:16.560 --> 0:00:19.320 laid the blame at the feet of Russia's President Vladimir 0:00:19.360 --> 0:00:23.000 Putin with a strongly the US government publicly blaming a 0:00:23.040 --> 0:00:25.799 foreign country for attacking a U S entity, that's an 0:00:25.840 --> 0:00:28.200 incredibly rare thing. I was surprised when I saw the 0:00:28.240 --> 0:00:31.080 statement come out, even though it's something that the private 0:00:31.080 --> 0:00:33.959 cybersecurity experts have been talking about for a while. Uh, 0:00:34.000 --> 0:00:36.879 the government formally blaming a foreign entities only happened a 0:00:36.880 --> 0:00:40.360 handful of times, and specifically here, the US was accusing 0:00:40.440 --> 0:00:45.040 Russia of hacking the Democratic Party right as voters prepared 0:00:45.080 --> 0:00:47.360 to go to the polls on November eight. It's a 0:00:47.400 --> 0:00:50.880 scary prospect. Could hackers tamper with or even obliterate our votes. 0:00:51.440 --> 0:00:54.440 So here's my question. We are so close now to 0:00:54.480 --> 0:00:57.360 election day, and you can tell because that's really all 0:00:57.440 --> 0:01:00.600 you see on TV right now. So how do we 0:01:00.680 --> 0:01:03.800 know for sure what we think we know about these hacks. 0:01:04.600 --> 0:01:07.840 This is a perpetual problem in cybersecurity, and it reminds 0:01:07.880 --> 0:01:10.520 me of the famous New Yorker cartoon that goes on 0:01:10.560 --> 0:01:13.160 the internet. Nobody knows you're a dog, But when you're 0:01:13.160 --> 0:01:17.200 investigating a cybersecurity breach, uh, nobody knows whether you're a 0:01:17.280 --> 0:01:20.560 Russian hacker or a Chinese hacker pretending to be a 0:01:20.640 --> 0:01:24.120 Russian hacker, or even a US hacker pretending to be 0:01:24.120 --> 0:01:27.319 a Chinese hacker pretending to be a Russian hacker, or, 0:01:27.400 --> 0:01:30.479 as Donald Trump put it so delicately, I don't think 0:01:30.480 --> 0:01:32.959 anybody knows it was Russia that broke into the d 0:01:33.040 --> 0:01:35.240 n C. She's saying Russia, Russia, Russia, but I don't 0:01:35.560 --> 0:01:37.480 Maybe it was. I mean, it could be Russia, but 0:01:37.520 --> 0:01:39.679 it could also be China, could also be lots of 0:01:39.680 --> 0:01:41.720 other people. It also could be somebody sitting on the 0:01:41.880 --> 0:01:45.800 bed that weighs four hundred pounds. Okay, And how is 0:01:45.880 --> 0:01:49.360 the US or anyone else, for that matter, so certain 0:01:49.520 --> 0:01:52.520 that the Russians are trying to hijack our elections? What 0:01:52.560 --> 0:02:04.880 should an ordinary voter do? And should we even care? Hi, 0:02:05.000 --> 0:02:09.160 am Akito, and I'm George Robertson and this week on Decrypted, 0:02:09.240 --> 0:02:11.600 we're going to take you inside the hunt for the 0:02:11.600 --> 0:02:15.400 people who have the Democratic National Committee. It's a sort 0:02:15.440 --> 0:02:17.919 of tale of how two of the world's great superpowers 0:02:17.919 --> 0:02:21.240 have found themselves locked in an escalating information war just 0:02:21.400 --> 0:02:24.200 weeks before millions of Americans go to the polls, and 0:02:24.240 --> 0:02:27.400 the stakes they really couldn't be any higher. Not only 0:02:27.480 --> 0:02:30.520 is this the most divisive election we've seen in recent memory, 0:02:31.000 --> 0:02:34.720 with Hillary Clinton and Donald Trump advocating for completely different 0:02:34.760 --> 0:02:37.800 visions of America, but also hanging in the balance is 0:02:38.040 --> 0:02:42.800 the democratic process itself. What happens to a country's sovereignty 0:02:42.800 --> 0:02:46.840 in the age of the Internet. Our story today starts 0:02:46.840 --> 0:02:49.639 in April when the i T staff at the Democratic 0:02:49.720 --> 0:02:53.280 National Committee noticed something a little weird going on in 0:02:53.320 --> 0:02:56.680 their network. For our non American listeners, this is the 0:02:56.800 --> 0:03:00.280 official organization behind the Democratic Party, the d n SEE, 0:03:00.720 --> 0:03:04.080 and the i T staff there. They escalated their concerns, 0:03:04.200 --> 0:03:08.320 their executives and a cyber security firm called CrowdStrike what's 0:03:08.360 --> 0:03:14.080 called in to investigate so CrowdStrike is one of a 0:03:14.160 --> 0:03:18.359 small group of digital forensics firms that really all they 0:03:18.400 --> 0:03:21.880 do is investigate data breaches, and they went in they 0:03:21.919 --> 0:03:25.040 installed software in the DNC servers, essentially allowing them to 0:03:25.080 --> 0:03:27.720 spy on the spies, and it didn't take them long 0:03:27.800 --> 0:03:30.600 to pin the attacks on true groups of hackers associated 0:03:30.600 --> 0:03:33.519 with the Russian government. They called these groups Cozy Bear 0:03:33.600 --> 0:03:37.120 and Fancy Bear. Cozy Bear and Fancy Bear. Is this 0:03:37.240 --> 0:03:41.760 some kind of industry inside joke. Yeah, The cybersecurity industry 0:03:41.960 --> 0:03:44.360 has a lot of kind of goofy, funny names for groups. 0:03:44.400 --> 0:03:48.520 Their thematic often associated with a region. Uh. Some others 0:03:48.520 --> 0:03:51.840 are called deep Panda and things like that. I love that. 0:03:52.240 --> 0:03:55.600 Then CrowdStrike closed all the security holes that had allowed 0:03:55.600 --> 0:03:58.480 the attackers to breach the DNC servers, and so the 0:03:58.520 --> 0:04:01.760 hackers wouldn't be able to read the stay ask emails anymore. Now, 0:04:01.800 --> 0:04:05.480 normally you don't really disclose this kind of thing unless 0:04:05.520 --> 0:04:08.440 you absolutely have to. It's certainly embarrassing for the d 0:04:08.600 --> 0:04:12.280 n C, especially when, as we learned later, they were 0:04:12.360 --> 0:04:16.080 warned about their networks vulnerabilities and ended up ignoring those 0:04:16.080 --> 0:04:18.960 early warnings. But the d n C may have had 0:04:18.960 --> 0:04:21.039 a hint that some of this information was about to 0:04:21.040 --> 0:04:23.680 be leaked on the internet, so they dropped this bomb show. 0:04:24.040 --> 0:04:27.840 But first, the Democratic National Committee said today, Russian government 0:04:27.880 --> 0:04:32.480 hackers have penetrated its computer network. Breaches by two separate 0:04:32.480 --> 0:04:37.720 groups allowed hackers to access emails, internal chats, and opposition research. 0:04:38.040 --> 0:04:43.320 Democrats have compiled unpresumptive Republican nominee Donald Trump. That's PPS 0:04:43.400 --> 0:04:46.560 News Hour reporting the hack. On June fourteenth, the day 0:04:46.600 --> 0:04:50.000 this all became public, and it hit the US political 0:04:50.040 --> 0:04:54.200 system like a bolt of lightning. People were furious, how 0:04:54.279 --> 0:04:57.160 dare Russia try to mess with America that type of thing? 0:04:58.839 --> 0:05:02.440 And then one day after the DNC announcement, someone or 0:05:02.480 --> 0:05:04.880 a group of people who go by the name goose 0:05:04.880 --> 0:05:07.200 offer Too Datto came out in a blog post and 0:05:07.240 --> 0:05:10.320 basically laughed in the DNC's face. This person was like, no, 0:05:10.440 --> 0:05:12.760 you idiots, I am the lone hacker that infiltrated the 0:05:12.839 --> 0:05:15.440 DNC and this had nothing to do with the Russians. 0:05:15.800 --> 0:05:18.440 And goosefer Too Datto released a bunch of documents that 0:05:18.520 --> 0:05:20.200 he claimed he had stolen from the d n C 0:05:20.839 --> 0:05:24.400 as evidence that he was behind it, and from there 0:05:24.680 --> 0:05:28.279 it was chaos. Was it the Russians with some lunar 0:05:28.400 --> 0:05:31.360 kid who had too much time on his hands? And 0:05:31.480 --> 0:05:34.039 that's when crowd Strait called in this guy for help. 0:05:37.040 --> 0:05:39.359 My name is Mike Bartowski. I'm the senior vice president 0:05:39.360 --> 0:05:45.240 of cybersecurity services at Fidela Cybersecurity here in Maryland. I 0:05:45.400 --> 0:05:50.080 lead a incident response team of about thirty individuals and 0:05:50.400 --> 0:05:53.120 we've handled some of the largest breaches that have have 0:05:53.160 --> 0:05:57.080 occurred over the past decade or so. So I've known 0:05:57.120 --> 0:05:59.279 Mike for several years now, and he's a really interesting guy. 0:05:59.480 --> 0:06:01.800 Used to be a cop with the Montgomery County Police 0:06:01.800 --> 0:06:04.720 Department in Maryland, and he looks like at X cop. 0:06:04.760 --> 0:06:08.480 He's got the short cropped haircut, solidly built guy at 0:06:08.680 --> 0:06:11.960 very friendly and uh, you know, very genial. Even before 0:06:11.960 --> 0:06:14.240 his time in the private sector, he had this long 0:06:14.279 --> 0:06:18.360 experience of tracking down criminals. Mike's now an incident responder 0:06:18.480 --> 0:06:21.200 in cybersecurity speak, that means he flies out at the 0:06:21.240 --> 0:06:23.360 drop of a hat to companies that believe they've been 0:06:23.400 --> 0:06:26.760 breached and he helps investigate and fix their networks. So, 0:06:26.920 --> 0:06:29.600 like the computer nerd version of c s I or 0:06:29.920 --> 0:06:33.160 Law and Order right and Mike and Fidelis, his job 0:06:33.200 --> 0:06:36.120 was to independently verify the group of people who attack 0:06:36.160 --> 0:06:41.200 the DNC, and this cybersecurity version of the who done it? Investigation. 0:06:41.440 --> 0:06:45.880 It's called attribution in the industry, and CrowdStrike had asked 0:06:45.880 --> 0:06:49.040 Fidelis and to other firms to check their work. So 0:06:49.160 --> 0:06:51.760 so we had, um, you know, we got five pieces 0:06:51.760 --> 0:06:54.600 of now where we had a team of four reverse engineers. 0:06:54.600 --> 0:06:56.680 That's all they do is reverse engineering, so we had 0:06:56.720 --> 0:06:59.960 them bang on it. Jordan, I think we should have 0:07:00.040 --> 0:07:04.479 slain the store listeners. Sure, So crowd Strike sent Mike's 0:07:04.480 --> 0:07:07.839 team five files of the computer code that was on 0:07:07.880 --> 0:07:11.200 the DNC servers and was responsible for stealing information from 0:07:11.240 --> 0:07:13.920 the emails. And the job of Fidelis and these two 0:07:13.960 --> 0:07:16.400 other firms was to look at this code in what's 0:07:16.400 --> 0:07:20.960 called a virtual environment, like a parallel universe. Right, it's 0:07:20.960 --> 0:07:23.640 a simulated computer system where the code can't do any 0:07:23.680 --> 0:07:26.760 damage on the real servers. Hackers used all kinds of 0:07:26.800 --> 0:07:30.280 tricks to prevent their malware from even opening in that 0:07:30.360 --> 0:07:32.840 kind of hall of mirrors. So a key job of 0:07:32.880 --> 0:07:36.160 an investigator is decoding all of those techniques to see 0:07:36.160 --> 0:07:40.080 how the attack code actually behaves. Okay, and then Mike's 0:07:40.120 --> 0:07:44.320 team they compared that behavior. Two documented code in the 0:07:44.360 --> 0:07:47.640 past that was linked to the two hacker groups associated 0:07:47.640 --> 0:07:51.160 with the Russian government and crowd Strait called these two 0:07:51.160 --> 0:07:55.320 groups Cozy Bear and Fancy Bear, and the clues surface immediately. 0:07:56.600 --> 0:07:58.520 You know, really there were a couple of things that 0:07:58.520 --> 0:08:00.680 that we looked at, So you look at the complexity 0:08:00.800 --> 0:08:03.280 of of what the malware was able to do. The 0:08:03.320 --> 0:08:08.560 fact that it had the ability to m basically terminate 0:08:08.600 --> 0:08:12.320 itself and wipe its its tracks, hide its tracks. You know, 0:08:12.360 --> 0:08:15.440 that's not stuff you see in commoditized malware. Really, it 0:08:15.520 --> 0:08:17.720 kills itself. It kills itself. Yeah, and actually one of 0:08:17.760 --> 0:08:20.120 the functions within the one of the pieces of malware 0:08:20.600 --> 0:08:25.680 UM had had a terminology for essentially Harry Carey UM 0:08:25.920 --> 0:08:30.160 to kill itself. So this automatic suicide switch, this is 0:08:30.200 --> 0:08:33.920 something that's incredibly sophisticated, right, I mean, this is one 0:08:33.960 --> 0:08:37.160 of the reasons that Fidelist and CrowdStrike and the other 0:08:37.320 --> 0:08:41.880 forensics researchers were so taken aback by this malware. You know, 0:08:41.880 --> 0:08:44.600 there's a there's a black market for pre built malware 0:08:45.400 --> 0:08:48.760 on the Internet that even somebody like me can piece together, 0:08:48.960 --> 0:08:52.040 so like malware can be like legos. But this feature 0:08:52.080 --> 0:08:55.640 of killing yourself to avoid getting detected, that's really complicated stuff. 0:08:56.120 --> 0:08:58.120 And that's when Mike's team knew they were dealing with 0:08:58.160 --> 0:09:00.480 real pros here. You know, there aren't ton of people 0:09:00.480 --> 0:09:03.400 around the world who have this level of sophistication. And 0:09:03.440 --> 0:09:05.120 there were a bunch of other things that packed up 0:09:05.120 --> 0:09:09.480 this conclusion to the level of access that the malware 0:09:09.520 --> 0:09:15.000 gave the malicious user, UM was pretty astonishing. Uh. It 0:09:15.080 --> 0:09:19.360 was also written very very um well, I think I 0:09:19.360 --> 0:09:22.319 guess elegant is probably a good way to to say it. 0:09:22.320 --> 0:09:25.640 It was not sloppy by any stretch of the imagination. UM. 0:09:25.679 --> 0:09:28.120 And again, so you start looking at, Okay, who would 0:09:28.160 --> 0:09:30.040 have had the capability to do that? And you know, 0:09:30.120 --> 0:09:33.040 we we talked earlier how you know, Yeah, you can 0:09:33.080 --> 0:09:35.760 have somebody on the inside do something, but they may 0:09:35.760 --> 0:09:38.480 not be the best at it. So you have, uh, 0:09:38.679 --> 0:09:40.640 you've got to have people who are a lot of 0:09:40.679 --> 0:09:42.760 experience doing it or a lot of training to do it. 0:09:42.800 --> 0:09:46.840 And um, it was. It was a very complex piece 0:09:46.840 --> 0:09:50.160 of malware that the average person probably couldn't use. Uh. 0:09:50.200 --> 0:09:53.920 It's also not something that we've seen out in the 0:09:53.960 --> 0:09:59.040 wild necessarily, it's very targeted pieces of malware, very limited 0:09:59.040 --> 0:10:00.720 and can't buy it on the black market. You can't 0:10:00.720 --> 0:10:07.520 buy these components not that. No, not that we've come across. Okay, okay, 0:10:07.559 --> 0:10:10.839 so so far we know that this attack was orchestrated 0:10:10.880 --> 0:10:15.480 by someone really really good, someone really really experienced, and 0:10:15.800 --> 0:10:19.000 that immediately limited the pool of people who could be 0:10:19.080 --> 0:10:21.920 responsible for this. It really limited the pool of people 0:10:22.480 --> 0:10:26.040 to someone with the kind of resources with backing from 0:10:26.080 --> 0:10:28.720 an entire government. And on top of that, there were 0:10:28.760 --> 0:10:30.640 a bunch of things that pointed to the code being 0:10:30.640 --> 0:10:33.840 written in Russia. Yeah, some of these details are really interesting. 0:10:34.600 --> 0:10:37.840 So one of the most fascinating for me is, you know, 0:10:37.880 --> 0:10:40.480 from the way the code was written, it was clear 0:10:40.640 --> 0:10:43.600 that it was written on a Russian language keyboard, and 0:10:43.640 --> 0:10:46.719 the dates and times that the code was compiled was 0:10:46.800 --> 0:10:49.920 during normal business hours in Russia, and that's consistent with 0:10:49.960 --> 0:10:52.320 the code that's already been traced back to the Russian 0:10:52.360 --> 0:10:55.560 government backed hackers in the past. And that's not something 0:10:55.559 --> 0:10:58.920 that you can easily fake, right, like change the time 0:10:58.960 --> 0:11:01.640 stamps or something. Yeah, that was my question too, but 0:11:01.679 --> 0:11:03.760 Mike said, there's so many different things that you'd have 0:11:03.840 --> 0:11:08.520 to consistently change to successfully pull off that spoof. You're 0:11:08.559 --> 0:11:10.880 dealing with a situation that if it was a one off, 0:11:11.120 --> 0:11:13.760 easier to change, you know, same same thing with you know, 0:11:13.800 --> 0:11:16.199 you can change the day in time on your computer. Absolutely, 0:11:16.200 --> 0:11:18.240 you could do that, and it would potentially throw an 0:11:18.280 --> 0:11:21.920 investigator off consistently across five pieces of hour, okay, you know, 0:11:21.960 --> 0:11:25.199 probably a little more difficult across x number of pieces 0:11:25.200 --> 0:11:27.720 of malware across how many incidents and to all have 0:11:27.880 --> 0:11:32.360 them point to the same place. And that's why Mike 0:11:32.400 --> 0:11:35.240 doesn't buy Trump's theory of this four pound man sitting 0:11:35.280 --> 0:11:38.959 on the bed orchestrating this incredibly sophisticated attack, and why 0:11:39.000 --> 0:11:41.520 he doesn't buy Gooseifer two Dato's claim that he was 0:11:41.559 --> 0:11:44.280 a lone hacker. Okay, is it a script, kiddiers, it's 0:11:44.280 --> 0:11:46.280 somebody who bought a piece of malware? Or is it 0:11:46.480 --> 0:11:50.360 you know, somebody drinking mountain doing, eating twinkies and mom's basement. No, 0:11:50.720 --> 0:11:55.960 it really needs a level of operational discipline that you 0:11:56.040 --> 0:12:00.480 don't see really in the wild. And you're right, the 0:12:00.559 --> 0:12:02.360 number of people who could pull it off it becomes 0:12:02.440 --> 0:12:09.040 dramatically narrower. So Icky, are you convinced? I mean I 0:12:09.160 --> 0:12:11.920 think so. I don't know. I keep on expecting a twist, 0:12:12.000 --> 0:12:14.760 like you're you're tricking me, Like in law and order 0:12:14.800 --> 0:12:17.560 when the guy who seems really suspicious turns out to 0:12:17.600 --> 0:12:20.640 be innocent in the end. Yeah, I like that. Well, 0:12:20.920 --> 0:12:23.120 here's maybe the most important part. Then you need to 0:12:23.120 --> 0:12:25.240 look at the target, the victim of this hack, which 0:12:25.280 --> 0:12:27.559 was the d n C, and it later turned out 0:12:27.600 --> 0:12:30.320 a broad cross section of the U. S political system, 0:12:30.360 --> 0:12:34.520 everyone from lobbyists to lawyers to Hillary Clinton's campaign. And 0:12:34.600 --> 0:12:37.160 going back to Mike's background of working in law enforcement, 0:12:37.200 --> 0:12:39.880 you have to ask who would have had the motive 0:12:39.920 --> 0:12:42.640 to pour this kind of effort into spying on key 0:12:42.679 --> 0:12:50.320 members of American politics. Sure, an opportunistic hacker, you know, 0:12:50.400 --> 0:12:52.760 putting a feather in their caps, saying, hey, we you know, 0:12:52.920 --> 0:12:56.160 we broke into the d n C. Okay, yeah, I 0:12:56.200 --> 0:12:59.920 mean that that could potentially happen. Um. But then releasing 0:13:00.040 --> 0:13:05.520 the emails the evening before the convention started, Well then again, 0:13:05.600 --> 0:13:07.840 now you now you're looking at it, Okay, Well, you 0:13:07.880 --> 0:13:13.520 know that really smacks like an information operation. And here 0:13:13.640 --> 0:13:16.679 I think we should remind our listeners of the chronology 0:13:16.720 --> 0:13:19.560 of the events that took place just a few weeks 0:13:19.640 --> 0:13:22.200 after the d n C announced the hack in mid June. 0:13:22.600 --> 0:13:25.560 I mean, this was a time when the Republican Party 0:13:25.679 --> 0:13:29.360 was still in complete disarray, but things were looking pretty 0:13:29.360 --> 0:13:31.400 good for the Democrats. This was a time when Hillary 0:13:31.440 --> 0:13:35.200 Clinton UM was trying to solidify her support and you 0:13:35.240 --> 0:13:38.200 have this forest fire raging on the internet about this issue. 0:13:38.320 --> 0:13:41.120 You have Wiki leaks and Goosea for Toutato publishing a 0:13:41.240 --> 0:13:44.239 stream of emails that turned out to be really embarrassing 0:13:44.240 --> 0:13:46.200 for the d n C. At you know what couldn't 0:13:46.240 --> 0:13:48.960 have been a worse time for them, Yeah, like that 0:13:49.040 --> 0:13:52.280 one from when Bernie Sanders was still in the primary 0:13:52.400 --> 0:13:55.880 race with Hillary Clinton and a senior staff were at 0:13:55.920 --> 0:13:58.480 the DNC talked about how they should try to paint 0:13:58.559 --> 0:14:02.079 Sanders as an atheists, try to question his Jewish faith 0:14:02.200 --> 0:14:04.520 and the party itself is supposed to be neutral. And 0:14:04.559 --> 0:14:07.040 that led to a lot of turmoil within the party. 0:14:07.440 --> 0:14:10.040 I mean the Democratic Convention that took place at the 0:14:10.120 --> 0:14:12.800 end of July that was kind of a mess, at 0:14:12.840 --> 0:14:16.280 least at the beginning. All these Bernie supporters were protesting 0:14:16.520 --> 0:14:19.640 and booing down speakers on stage, and ultimately d n 0:14:19.720 --> 0:14:22.840 C Chairwoman Debbie Wasserman Schultz, who was a rising young 0:14:22.880 --> 0:14:26.760 star in the party, she resigned. And bringing this back 0:14:26.760 --> 0:14:29.440 to our story, today. Like you said, Jordan's this really 0:14:29.520 --> 0:14:33.000 does point to motive. I mean, who would really want 0:14:33.040 --> 0:14:36.480 to introduce this kind of turmoil to the democratic process 0:14:36.560 --> 0:14:39.680 itself in America, which is, you know, really the sacristanic thing. 0:14:40.520 --> 0:14:42.440 Who would want to do this thing that would make 0:14:42.520 --> 0:14:45.880 you question the fairness of the system that we've developed 0:14:45.920 --> 0:14:48.600 over the years. Yeah, this project has been interesting to 0:14:48.640 --> 0:14:51.040 me because I consider myself, you know, a pretty serious 0:14:51.080 --> 0:14:52.960 skeptic on a lot of these claims. It's it's just 0:14:53.040 --> 0:14:55.720 way too easy for a hacked entity to throw out, oh, 0:14:55.760 --> 0:14:59.440 the Russians did this, and the Chinese did that or whatever. Yeah, 0:14:59.520 --> 0:15:01.800 kind of like is get at a jail free card 0:15:01.840 --> 0:15:05.800 when your company has been hacked? Right, these really sophisticated, 0:15:06.000 --> 0:15:09.640 organized hackers backed by a whole government. If if someone 0:15:09.680 --> 0:15:12.080 like that tries to target you, what could you have 0:15:12.200 --> 0:15:15.680 possibly done. It's like when we reported about Yahoo's breach, 0:15:15.760 --> 0:15:18.680 which was this massive, you know, more than five million 0:15:18.720 --> 0:15:22.440 customer accounts getting hacked, we reported that the company's claim 0:15:22.480 --> 0:15:25.280 of the attack being state sponsored, you know, isn't so 0:15:25.320 --> 0:15:28.400 iron clad. But this one with the d n C. 0:15:28.680 --> 0:15:32.080 After talking to Mike, after talking to all these other experts, 0:15:32.960 --> 0:15:36.440 Jordan Are you convinced. Yeah, I'm pretty convinced. I mean, 0:15:36.480 --> 0:15:38.920 it takes a lot to clear that hurdle of you've 0:15:38.920 --> 0:15:41.840 got this piece of malware and this is evidence that 0:15:41.880 --> 0:15:44.960 the Russians did it. Uh, you know, but Mike will 0:15:44.960 --> 0:15:47.360 be the first to tell you this. Well, it's it's 0:15:47.360 --> 0:15:50.000 always risky. I mean, you know, when you're when you're 0:15:50.320 --> 0:15:53.640 you're doing attribution, you're really never saying a hundred percent 0:15:54.200 --> 0:15:58.840 that it's this person, because, you know, barring seeing somebody 0:15:58.880 --> 0:16:02.080 at the keyboard and actually doing it or a confession, 0:16:02.960 --> 0:16:07.440 you're you're relying on that circumstantial evidence. This all comes 0:16:07.440 --> 0:16:09.680 down to Mike's days as a cop. Can you prove 0:16:09.720 --> 0:16:12.920 to a jury beyond a reasonable doubt that the Russians 0:16:12.960 --> 0:16:16.720 did this? And his answer was yes. And now the 0:16:16.800 --> 0:16:20.480 US government has come out and officially blame the Russian government. 0:16:22.920 --> 0:16:25.640 And there are lots of reasons potentially for that happening. 0:16:26.160 --> 0:16:28.240 There are ways that the government can really know what's 0:16:28.240 --> 0:16:32.520 going on intercepted phone calls, intercepted emails, human and signals 0:16:32.520 --> 0:16:36.840 intelligence sources in a way that no private cybersecurity could 0:16:36.840 --> 0:16:39.880 ever match. Sounds a little sinister, Well, we don't know 0:16:39.960 --> 0:16:42.040 for sure. But here's what Rob Owens, who was an 0:16:42.040 --> 0:16:45.480 industry analyst at Pacific Press Securities, told me. Nation States 0:16:45.520 --> 0:16:48.880 do hack. I think the US government hacks as well. 0:16:49.880 --> 0:16:54.920 A well known fact within the industry that, uh, everybody's 0:16:54.960 --> 0:16:59.640 hacking everybody to some degree. So maybe the US government 0:16:59.760 --> 0:17:02.880 was buying on Russia while Russia was buying on the 0:17:02.960 --> 0:17:06.280 d n C. Well, we know that both countries fired 0:17:06.320 --> 0:17:07.960 each other all the time, but in this case, we 0:17:08.000 --> 0:17:10.360 don't know exactly what the evidence is. But it's fair 0:17:10.400 --> 0:17:12.479 to assume that that's the case. And that's why at 0:17:12.480 --> 0:17:14.520 the top of the show today you called it an 0:17:14.560 --> 0:17:19.520 information war like the Cold War of our generation exactly. 0:17:20.520 --> 0:17:22.720 So if we've managed to keep our listeners till now 0:17:22.800 --> 0:17:25.760 through this complicated journey inside the d n C hack, 0:17:26.160 --> 0:17:30.040 first of all, thanks for sticking with us. And second 0:17:30.040 --> 0:17:33.000 of all, I think the burning question everyone has now 0:17:33.160 --> 0:17:37.440 is what's next. So far, it's been about introducing turmoil 0:17:37.520 --> 0:17:40.680 into the democratic process. And you know, I'm not a 0:17:40.760 --> 0:17:43.360 US citizen, but my girlfriend is, and I don't think 0:17:43.400 --> 0:17:47.040 I know anyone who's more excited about voting in November 0:17:47.119 --> 0:17:50.879 as she is. Could these Russian hackers, could they tamper 0:17:50.960 --> 0:17:54.000 with her vote. That's one really really important point here. 0:17:54.240 --> 0:17:57.720 In reality, it's very hard to hack actual votes. That 0:17:57.720 --> 0:18:01.200 that's why information warfare like we are potentially seeing here 0:18:01.640 --> 0:18:04.160 is so much easier to do. To do any real 0:18:04.280 --> 0:18:06.840 damage to the votes, you'd have to actually hack the 0:18:06.920 --> 0:18:11.440 vote tabulators, and these are computers that sit inside county 0:18:11.520 --> 0:18:15.320 and state offices counting votes, and those are never supposed 0:18:15.320 --> 0:18:17.800 to be connected to the Internet. Does that mean you 0:18:17.840 --> 0:18:20.119 can't hack them ever? Of course not. It would just 0:18:20.200 --> 0:18:23.320 be a huge undertaking. So I wouldn't worry too much 0:18:23.320 --> 0:18:26.280 about the hacker stealing your vote. It could happen, it's 0:18:26.359 --> 0:18:28.879 just not the most likely attack. So what should we 0:18:28.960 --> 0:18:32.359 be worried about, Well, the biggest threat is actually that 0:18:32.400 --> 0:18:35.360 the hackers could try to mess with your voter registration records, 0:18:35.400 --> 0:18:38.560 not your actual vote. If you wanted to actually tamper 0:18:38.640 --> 0:18:41.680 with the election results, you drop people from the voter 0:18:41.880 --> 0:18:44.760 rolls and make it harder for them to vote, you know, 0:18:44.800 --> 0:18:47.800 you change their polling locations to someplace far away, those 0:18:47.880 --> 0:18:50.399 kinds of things. But I wonder, you know, are the 0:18:50.480 --> 0:18:53.320 Russians what they want to do? Is it really tampering 0:18:53.359 --> 0:18:57.000 with these results or is it more about traditional espionage. 0:18:57.520 --> 0:19:01.840 Is it more about influencing the public perception of these 0:19:01.920 --> 0:19:05.679 really important people in our democracy. My sense is that 0:19:06.280 --> 0:19:09.080 if the goal here was to inject kind of chaos 0:19:09.240 --> 0:19:12.800 into the into the system and to undermine confidence in 0:19:12.920 --> 0:19:16.720 the democratic system. Uh, you know, then that's a really 0:19:16.800 --> 0:19:20.159 powerful weapon. And it's been wielded pretty effectively here. And 0:19:20.200 --> 0:19:22.680 in the meantime, Wiki leaks is saying that it still 0:19:22.760 --> 0:19:25.520 has more emails at paint Hillary Clinton in a pretty 0:19:25.520 --> 0:19:28.560 bad light. And I think we're all on edge here 0:19:28.560 --> 0:19:31.480 waiting for that bombshell to drop. Yeah, we hear all 0:19:31.600 --> 0:19:33.560 kinds of things about you know, it won't be an 0:19:33.600 --> 0:19:35.880 October surprise. It will be a November surprise. There will 0:19:35.920 --> 0:19:38.960 be more emails, and you know, with with hacked communications, 0:19:39.000 --> 0:19:45.639 you almost never know what you're gonna get. All right, Well, Mike, 0:19:45.640 --> 0:19:47.680 anything else you wanted to say about the the industry 0:19:47.760 --> 0:19:50.480 or specifically, you know, what we what what voters should 0:19:50.480 --> 0:19:53.679 expect going into November. Um, I would expect it will 0:19:53.720 --> 0:19:55.560 be a wild rug. Yeah, that's what I was going 0:19:55.600 --> 0:19:57.360 to say. Put your seat belt on, because you never 0:19:57.400 --> 0:19:59.800 know what's gonna what's gonna turn up. You know, hopefully 0:19:59.840 --> 0:20:03.439 it'll beyond eventful, but uh, it wouldn't surprise me if 0:20:03.480 --> 0:20:10.280 it wasn't. Well, that's it for this week's episode of Decrypted. 0:20:10.400 --> 0:20:12.840 Thanks for listening, and if you have an iPhone, be 0:20:12.880 --> 0:20:14.920 sure to subscribe to the show on iTunes or any 0:20:14.960 --> 0:20:18.120 of your favorite podcast apps out there. And while you're there, 0:20:18.200 --> 0:20:20.320 please take a moment to rate and review our show. 0:20:20.720 --> 0:20:22.840 These ratings and reviews really help get our show in 0:20:22.880 --> 0:20:24.840 front of more listeners and let us know what you 0:20:24.880 --> 0:20:27.960 thought of today's show. I'm on Twitter at Aki seven 0:20:28.359 --> 0:20:31.680 and I met at Jordan's Are one thousand and Our 0:20:31.720 --> 0:20:35.600 technology team here at Bloomberg is on Twitter at Technology. 0:20:35.720 --> 0:20:39.359 This episode was produced by Pierre Getkari Magnus Hendrickson, and 0:20:39.440 --> 0:20:42.159 Liz Smith, with help from Emily A view So. Alec 0:20:42.240 --> 0:20:45.360 McCabe is head of Bloomberg Podcasts. We'll see you next week.