Will Russians try more cyber attacks?

Tommy Tucker, WWL First News
Friday, July 20th

Tommy talks to Jason Glassberg, co-founder of Casaba Security, about Russian cyberattacks.


Transcript - Not for consumer use. Robot overlords only. Will not be accurate.

Retirement security right now we hear about so much meddling in. Of Russia in the election. And cyber attacks in India how exactly can have on our friend Jason glass berg joins us co-founder of cassava security good morning sir. Boring. Takers in two. Election hacking or Russian hacking 101. And explain from the beginning what are we talking about here because I think it is again monitors things. About which everybody is aware but maybe we don't know a lot about. Well I think we've got you know can threats if if you can compartmentalize. That you've got. Threats against the voting machines in the voting infrastructure. And you've got these nefarious social media campaigns which look to sow discord. Amongst the various you know candidates and their supporters. And I think that's really where. Bill the last indictment. That just came out a couple of days ago. Talks more acutely Russian efforts in the social media and disruption and attacks against other political parties. More so than attacks against the voting machines than our actual voting infrastructure still. Really what we're looking at our. These social media campaigns Twitter campaign FaceBook campaigns selling fake news that get people really annoyed and other. And caused people not to trust. The outcome of the election. So. You begin. I'm trying to go from law and order here is so they signed the body Lenny makes is Smart comment men may solve the murder right in triumph. In this case of a cyber attack I guess once you realize you've been attacked. That's that is an essence to carry the metaphor forward the body and then from there. Well I guess you even have a body how do you determine that you've been a tagged in and how you tell who did them from that point. Well you know in the case. These last indictments we had a situation where DNC. Was. Even now that are board became quite famous. Or leaked and that information was made public and the people who wrote those milk. Or weren't the ones who had release these things for the assumption there. Was that they were in fact packed and they were able to build forensically a trail. Of great tunes right they found evidence of the machines being broken into. Probably found evidence of Phishing emails that allowed them to get passwords into these males. And they were able cheap trades. Where these attacks came from and where these where these state. So be. The prevailing thought that was obviously proven and some level of court where is that this was committed by these Russian folk. In terms of accessing databases I know we had conversations at the time whether former secretary of state saying that. I am paraphrasing here I don't think the information was online suing could have been hacked. Will Letterman learned from the indictments about. Should try need tapping into voter rolls or what exactly were they trying to do and it was airway that they could happen. Well there's you know any mean that touches the Internet. Is always susceptible to attack. And it any of those systems that ties the Internet also cut its speed data they are theoretically. Subject to attack there was mention of 21 states. Being attacked that those states were not named. And the purposes of those attacks are not known. Well voter information in order to have a social media campaign or it could've been. To actually go in an effect. Those voter rules either add or remove folks. On the bad part was not discussed there is never been any proof that the actual voting infrastructure. Or is attacked or somehow compromised by any our adversaries that you know that's an important point so. It's not like voting machines have been packed and falling down all over the country because there's absolutely no proof that. Bullet there that's proof of is that folks went out and got information often candidates most. Both parties. And try to use that information to sow discord. And and create all sorts of fervor are about what kind of undermine people's faith in our our election system. So. In terms of what could be happening. A bomb and the intelligence agencies says it's continuing for the 2018 elections are an advance of them. Oh it's so much the same kind of thing or is this the type of of the intrusion. Hacking one hand views cyber attack. That expands exponentially. Because of the technology involves as it evolves slowly. Well I think what how what's what's happening is but you know. Elections and there there are over 8000 election jurisdictions in the US right. Every one of them is controlled by the local jurisdiction it is is it's not a federal we can't just wave a magic Juan the government can't just say. Everett everybody's got to fix these machines but you've got. Qaeda different counties in different states and have different levels of sophistication. And so. You know you run to a problem of having some very antiquated equipment out there and clearly those those. Kinds of machines and those kinds of systems are certainly at risk. But again I think what we're gonna she gonna continue to see is more of this kind of fake news. Kind of dirt being dug up been released anonymously. And that causes people to say hey you know what's going on here is is it for legitimate election I I think the other. Area that ordered the is going to be at risk of its wings like in denial of service attacks. Imagine. A very close national election comes down to Florida and Florida's suddenly finds itself all offline. All right you've been a deep people accuse one side. Of the other having some kind of plane it and the whole country's gonna be open arms because since election can be resolved and in and it's the kind of attack. That causes people to lose faith. In our ability to hold fair and and and and you know regularly elections and I think that's where the risk life. Let me make this perfectly clear to borrow a phrase. This is not about collusion this has nothing to do with collusion in this is about the incontrovertible fact and correct me if I'm wrong Jason. That the Russians were up to some Internet shenanigans when it came to the election correct. I absolutely agree that yes Yorker. This has nothing to do is anybody taken pardon and this is just something that Russia. Decided to do Jason glass burger gas co-founder of cassava security. With that disclaimer give end. A text comes in and says if hackers don't work. Won't let their location. If they don't want their location to be discovery won't play in every be sending this text from Russia if I wanna do with simple networking tools. So should the Internet be country segregated because gold bull people believe fake news. On social media as an interesting question what you think. Well I would say yes if you take proper precautions to hide your tracks and one of the interest and pieces of evidence that was released. Was that there's there's a technology called VP and right began as a virtual private network which allows you hygiene network traffic. Now normally when you connect to the server connect to a male. You would turn your VP and service on and India becomes very not impossible but very very difficult to Trace where that. Communication came from. In the case. One of these email traces. It turns out that one of the Russian officers did not turn on. Is BP had a real rookie mistake he'd really did not turn on his VPN and battle happened to trade. The communication all the way back did the what FSB headquarters gee are you had one of the Russian. Security into these back to their headquarters in Moscow and that really was kind of a watershed moment. In you know unraveling of decay so the fact that they didn't turn their BP and on they were able to Trace it back. To this actual IP address location meant that they had some hard evidence that this was not something that was domestic this was something that had originated out in Russia. So your listeners is correct in the sense that you can make it very difficult to Trace that. But the fact is that they committed a rookie mistake. Right and it ultimately is Ian doing a lot of criminals right the smartest minds in the world are sometimes look and that's what happened in this particular Kate's. So is that had not happened there would be no. Indication that this is the Russians are no link to the Russians. No there are other there were other avenues again you know I think it investigation. And forensic investigation it's all a little piece of evidence about detained the bigger picture. Right it turns out that they that the indeed this Russian group was buying. The uses servers to store their data. And they were paying for it in big calling and they were able to Trace their bitcoin wallets back to this this group of rushed. Right so again it is. Little these little pieces of evidence is that it in it and criminal case right. All add up. And and trying to think in this picture that they were able to you. Show and you know these indictments citizenship conjecture. This has this was something that had to go through. A federal United States in order to it to get these indictments so certainly not just someone out there are speculating. In humility. You have to. And our country's ability to you to prosecute criminals and that's what this is being treated as this about a political case this is criminal prosecution. Was it was there. Bitcoin manipulation and help fund some of his sermon Megan that up. No no that's exactly what it was indeed they were able to buy. Serb. They were they were collecting lots of data right they had collected all of these emails they have broken into these accounts. They are big compromise these these these machines of any place. Out from and so in order to ray cook that servers states. They paid for it would big court. Tell me about your work last year is that basically what you've been speaking out. No way out and one that we we will working as a as a company wins. A number of institutions trying to formulate ways of having effective on line voting that could be considered secure. And so we were testing a number of online systems but could potentially solve the problem. Of how you would be able to do this you know very much like you you can have a certain amount of trusting your banking. Because it goes to a level of review and and and and testing we were doing testing with the various online. Voting systems and it turns out you can make them quite secure. The problem is I. Access you know it's easy for a lot of us because we have peak season we have phones and so but there are a lot of Americans who don't have ready access. Two terminals to be able to do on line voting and it becomes a difficult problem because you know it constitutionally. He he he it's right it's not a privilege. And so. You know who who would ultimately contribute voting systems and who would ultimately be the one to maintain them. Become kind of a state going issue because again visas. Theater are our systems that need to be run by the states the various voting jurisdictions it it's not a federal program. So who he who you what do you do to stop the computer should chicanery going on our and our Internet chicanery going on with the Russians for the 2018 election. Well I think one you know people need to understand our. It is never the case or anything proven that some are actually higher end voting machines and change the tabulated vote. Right so that that's something that does not happen that's not what any of these investigations or any of these talks are about. On that's person or I think the bit the second thing it's people need to work just. Understand that they we look there are folks out there whose prime motivation is just to make gets angry at one another right and some. Aren't I get CN on the next cumin and Jason I can see it now words say it. The attacks are coming in about Hillary you know about this and about that and all we're talking about is the technical aspect year. Exactly I mean that that's the problem would be dismissed that ultimately the problem cook with this entire topic is it becomes political right yeah. And and that that could kill everything I mean last year. There was the huge uproar because the government wanted the classified voting systems is critical infrastructure right just like you would have a nuclear reactors gave him a wanna protect them against. You know for an attack. And there was a huge a war. Because all of the state attorney general's. Bought back is that no you can call this critical infrastructure because that means the Department of Homeland Security of federal and the well they have you know oversight over these systems. And it is just simply speaking patently ridiculous because. We've got this national issue right I mean incontrovertible. That they are foreign entities who were trying to affect our voting. Right and yet we can as a country agree because ultimately it's a political. He becomes central political problem right because nothing could be more political vote saying you ignore political. Jason I appreciate your time I really do and again for those of you taxing in with the conspiracy theories there's that they did it. We're just started about technically how it happened that solve we're talking about.