End-to-end encryption could be key to securing future elections – The Hill (blog)

Whatever your preference of candidates might have been, one thing was clear from the 2016 U.S. presidential election: the Russian government targeted American political organizations of both parties with an aggressive wave of cyber intrusions. Bothprivate sector analystsand theU.S. Intelligence Communityagree on this point.

Furthermore, FBI Director James Comey recently told a congressional committee that theyll be back in 2020they may be back in 2018. The head of the NSA, Admiral Mike Rogers, concurred, saying that he fully expect[s] they will maintain this level of activity.

Faced with a potential onslaught from persistent and technically advanced adversaries, political organizations should use end-to-end encrypted email and file-sharing applications that are easy to use. These applications must have three characteristics:

First, they must encrypt every message and file end-to-end. This means that even if an adversary successfully breaches an organizations server, as in the case of the Democratic National Committee (DNC), doing so will not reveal any information.

Second, these applications should not allow privileged super-users. By exploiting the vulnerability of super-user accounts in the DNC network, hackers were able to steal and leak thousands of internal communications.

Third, these applications must not use passwords, which are themselves major security vulnerabilities. People often create passwords that are easy to guess, and they divulge them too readily.

How end-to-end encryption protects user data even if a server is hacked

When messages areencrypted end-to-end, the information stored on the server is secure even if the server is hacked. Each message should beautomaticallyencrypted with auniquekey before it leaves the users deviceand onlydecrypted when it reaches its recipient.

If attackers breach the walls protecting the server such as traditional password portals and firewalls all they will find is encrypted, useless gibberish. This was not the case at the DNC,nor is it standard practicefor most major communications providers, which store their customers information on their servers unencrypted.

The DNC Breach and The Risk of Super Users

In lead up to the 2016 elections, two independent and advanced cyber actors targeted the DNCs computer servers. The first one to strike, known asAdvanced Persistent Threat (APT) 29orCOZY BEAR, was an unidentified Russian grouppossibly affiliatedwith the countrys internal security service.

The second one, known asFANCY BEARorAPT 28in cybersecurity circles, was probably a component of Russias military. The former groupsent a stringofspear phishingemails to people working at American government and nonprofit organizations in the summer of 2015, likely including someone with legitimate access to the DNC network.

The latter one waged a massive campaign in parallel; from October 2015 to May 2016, itsent almost 9,000spear phishing emails with malicious links to nearly 4,000 similar targets. As the two attackers didnot appear to be working together, one or more people at the DNC clicked on embedded links from each group, giving the Russiansaccessto the network.

One of the attackers eventually gained control of aprivileged administrator account, and was able to steal tens of thousands of sensitive emails. Instead of giving administrators super-user privileges to access vast amounts of information, new encrypted email applications use the concept of Approval Groups. With this paradigm, only a predetermined combination of trusted individuals can retrieve the decryption keys for messages on the server.Instead of giving administrators super user privileges to view vast amounts of information one of the reasons the DNC attackers were able to steal so much material a model that allows only a predetermined combination of trusted individuals to recreate the decryption keys of other users should be used.

This restriction, which gives cryptographic shards of keys to certain individuals, prevents a single hijacked administrator from wreaking havoc on an organizations information technology systems. It would also require attackers to gain control of the individual devices of approval group members, which is far more difficult.

Furthermore, messages that areencrypted end-to-endare secure even if the server they are sitting on is hacked. If attackers breach the walls protecting the server such as traditional password portals and firewalls all they will find is encrypted, useless gibberish. This is because with end-to-end encryption, you are the sole owner of the keys needed to decrypt the information.

This was not the case at the DNC,nor is it standard practicefor most major communications providers, which store their customers information on their servers unencrypted.

Finally, in the DNC hack, FANCY BEAR/APT 28 tookadvanced counter-forensic measuressuch as corrupting and deleting internal server logs to obscure its presence. Logs of all communications should be encrypted to prevent exactly this from happening.

Whether Democrat, Republican, or Independent, everyone should understand that systems that leave sensitive data unencrypted while at rest, as well as those that allow for super users, are vulnerable to advanced cyber intrusions like the one the DNC suffered.

Why passwords make systems vulnerable

While they were attacking the DNCs servers, members of FANCY BEAR/APT 28 were also busy at work attempting to breach other systems, namely the personal email accounts of Democratic Party officials and staff members.

Perhaps the most attractive target was then-candidate Hillary ClintonHillary Rodham ClintonOvernight Cybersecurity: Comey testifies on Clinton probe, surveillance | Officials grilled over financial aid breach | Massive phishing attack hits Gmail users Budowsky: A fascist-friendly POTUS When will Hillary Clinton grow up and take responsibility? MOREs campaign manager John Podesta. Like many busy and important people, he did not have time to remember a slew of different passwords for every web site he used. He occasionally asked his aides toremind himof his passwords via email and probablyre-used themamong multiple different applications.

Passwords can be a security liability as well as a hassle for users, which is why politicians, candidates and their political aids should use strong cryptographic keys instead. These keys, which are dozens of digits long, can be automatically created and stored on users computers and phones. The keys are so complex that it would take all the supercomputers on earth billions of years to guess.

Unfortunately, Podestas Gmail account used passwords to decrypt his emails instead of cryptographic keys stored locally.Receiving anemail alert probably from the Russians warning him that an unauthorized user was trying to access his Gmail account, he or one of his staff members reached out to the campaigns information technology support team. After getting someconfusing advice, either Podesta or one of his assistantsclicked on an embedded malicious linkto a fake password reset portal. He fell for the ruse and entered his credentials, giving them to the attackers.

The FANCY BEAR/APT 28 actors were then able to access and download nearlyten years worth of private communications. The Russians later used the stolen materials to create another October Surprise for the campaign by againproviding the information to WikiLeaks.

It is unfortunate that, in retrospect, using end-to-end encryption with strong cryptographic keys could have prevented all of this. By keeping encryption keys only on a users device, there is no need for passwords to access ones communications. Not having to remember and type them in all the time makes it impossible toaccidentally give them to hackerstoo.

Get ready for 2018 by securing your systems today

Although the 2016 election is in the books, the cybersecurity lessons we can learn from it are critical for future cycles. We know that at least one foreign country will take active measures, like hacking political organizations and campaigns, to support itspreferred candidate. Regardless of whom you support, every American should be able to agree that sensitive internal communications like campaign emails must remain private and secure. With an end-to-end encrypted messaging protocol, political organizations of every stripe can do just that.

Walter Haydock works forPreVeil, a Boston based cybersecurity companywhere he interfaces with political campaigns, think tanks, and other government-facing clients.Previously, he served as a staff member for the House of Representatives as well as an officer in the Marine Corps. The views expressed in this article do not necessarily reflect the official policy or position of the United States government.

The views expressed by contributors are their own and are not the views of The Hill.

See original here:
End-to-end encryption could be key to securing future elections – The Hill (blog)

Related Post

Comments are closed.