It looks like the Nikolaus Cruz who left the Youtube comment last September has a Google ID. Since this person looks like they used their actual name, I cannot help but wonder if this person filled out their personal information, too. Maybe subconsciously this Nikolaus Cruz was hoping the FBI would find him before he succeeded in becoming a “professional school shooter”. Since we are second guessing the FBI actions, did the FBI ask Google for help identifying this user?
As an old IT guy, I keep wondering what Crowdstrike was doing during the DNC Hack? It looks like a Lifelock commercial. Here is the Crowdstrike timeline.
- In 2015 Crowdstrike knows that DNC information was transmitted to Russia.
- On April 29th, 2016, the DNC suspects they have been hacked.
- On May 4th, 2016, Crowdstrike installs “monitoring software”.
- On June 10th, 2016, Crowdstrike changes passwords at the DNC.
If Crowdstrike knew the DNC was hacked in 2015 and information was transmitted back to Russia, why did they install a security monitor in May 2016? Why did they wait until June to actually fix the problem? It looks like Crowdstrike set up the DNC network as a “bad” honeypot. Traditionally a honeypot consists of a network site that appears to be legitimate but is actually isolated, monitored, and contains non-vital data. Crowdstrike used the real DNC network as the lure. If Fusion GPS and Crowdstrike are the private contractors who had unsupervised access to raw FISA information on FBI systems, they had to know what the Russians were doing. Were their actions negligent, stupid, or an attempt to divert the attention from the damaging Podesta emails that the Russians were boasting about? Since the Podesta emails were far more damaging to the Clinton campaign, it looks like Crowdstrike felt it was more important to attribute the hack on the Russians than to protect the DNC data.
DNC Hack Timeline
The American people want to believe that both political parties and our journalists will not lie, cheat, steal, or tolerate those who do. Instead they found out that:
- Glenn Thrush is actually a political hack masquerading as a journalist.
- From time to time Donna Brazile gets debates questions in advance and had no ethical problems passing it on to the Clinton campaign.
- The supposedly neutral DNC was actively trying to undermine the Bernie Sanders presidential campaign despite telling everyone they were not doing that.
This loss of innocence was one of the major reasons behind the success of Mr. Trump’s “Drain the Swamp” theme. Although the intelligence community is trying to divert attention from the gross incompetence and ethical shortcomings of the DNC, Mr. Podesta, and those journalists, I feel it is my responsibility as an old IT guy to remind both political parties and journalists that you are the first line of defense in cybersecurity. Gross stupidity can easily defeat the best cybersecurity plan. So here are my tips:
Stop Doing Ethically Stupid Stuff And Writing About It In Emails
It is better to be thought a cheater than to write an email that removes all doubt! As an example the Donna Brazile “From time to time” email could have been written a thousand different ways that would obscure the source while preparing Ms. Clinton for the subject matter. A simple rephrasing of the question would have at least given Ms. Brazile plausible deniability as a cheater. Ms. Clinton’s worst debate answers are far better than the stigma from being caught cheating. Of course, a more ethical person would not have divulged the question to Ms. Clinton. Most of the journalists mentioned in the Wikileaks releases doing ethically stupid stuff probably regret writing about it in an email. The lesson that should have been learned is that embarrassing emails in the wrong hands are very valuable. You have just provided the reason for even more hacking attempts!
Treat All Communication Devices As Non-Secure
Whether you are in the privacy of your home or at Starbucks you should assume that someone is trying to intercept your communications. It could be the NSA, Russian intelligence, or just some script kiddie having fun. If only a small portion of your emails are about yoga and wedding preparations, you really should not have a private email server. Who were the adults in the room advising Ms. Clinton about the security risks associated with the Secretary of State having a private email server? Brian Krebs of KrebsOnSecurity sums it up best.
There are some fairly simple, immutable truths that each of us should keep in mind, truths that apply equally to political parties, organizations and corporations alike:
- If you connect it to the Internet, someone will try to hack it.
- If what you put on the Internet has value, someone will invest time and effort to steal it.
- Even if what is stolen does not have immediate value to the thief, he can easily find buyers for it.
- The price he secures for it will almost certainly be a tiny slice of its true worth to the victim.
- Organizations and individuals unwilling to spend a small fraction of what those assets are worth to secure them against cybercrooks can expect to eventually be relieved of said assets.