Even though hackers responsible for the cyberattack on the Democratic Party and Hillary Clinton’s campaign weren’t caught in the act, it doesn’t mean they can’t be identified as President-elect Donald Trump has asserted.
Michael Borohovski, a cybersecurity expert with experience working with the intelligence community and Chief Technology Officer of Tinfoil Security, says investigators have methods of uncovering the identity of attackers long after they’re gone.
“It’s actually significantly harder to catch somebody in the act than it is to catch somebody after the fact,” Borohovski told Business Insider. “Unfortunately it’s not like in the movies where as soon as someone is attacking, big red alarms go off.”
In a Fox News interview last month, Trump cast doubt on the CIA’s recent findings that Russia was involved in cyberattacks against the Democratic Party to help him win the election, calling it “ridiculous” and an excuse for the opposing party’s loss.
“Hacking is very interesting. Once they hack, if you don’t catch them in the act, you’re not going to catch them,” Trump said. “They have no idea if it’s Russia or China or somebody. It could be somebody sitting in a bed some place.”
The president-elect claimed to “know things that other people don’t know,” on Saturday without explaining what he meant.
Much like investigators at the scene of a crash can piece together clues about the incident, cybersecurity experts can use digital forensics to gain information about intruders, Borohovski said.
“You start looking through logs, you start looking through, at a high level, digital breadcrumbs that were left by attackers and over time, you slowly figure precisely what occurred, where it came from, and who did it,” he said.
Discovering criminals in the act is not impossible, however.
In May, the Democratic National Committee hired security firm CrowdStrike after a cyberattack and were able to monitor hackers after they breached a network, USA Today reported.
NBC News reported in December that US intelligence officials believe Russian President Vladimir Putin was directly involved in the hacking campaign that targeted Democratic Party leaders and organizations during the US presidential election. The hack led to the release of thousands of emails that damaged the party’s nominee, Hillary Clinton, and was orchestrated by Russia in an attempt to sway the election in Trump’s favor.
In December, officials who spoke to CNN said Russia’s cyberattacks targeting US political organizations have continued unabated, weeks after the election.
“Certainly if they attack a system or an email server, they would not have stopped there,” Borohovski said. They would have attempted to gain what is called persistence in an attempt to figure out how they can continue gleaning data and not just have a snapshot in time.”
Despite the findings from intelligence officials, Trump has repeatedly dismissed the possibility of Russia influencing the election.
According to a Washington Post report, an attempt to form a bipartisan coalition to publicly accuse Russia of meddling was met with opposition from skeptical Republicans. Senate Majority Leader Mitch McConnell went as far as to suggest he would accuse the Obama administration of partisan politics if the White House spoke up.
The White House did not push the issue because it believed Clinton would beat Trump and win the presidency, according to an unnamed US official cited by NBC News.
Democrats like outgoing Senate Minority Leader Harry Reid have urged for a full investigation of Russia’s impact on the election, comparing the seriousness to Watergate or the 9/11 terrorist attacks. A US intelligence review is underway and will likely last several weeks, according to a statement from Office of the Director of National Intelligence (DNI).
The FBI and the DNI affirmed the CIA’s findings about Russia’s involvement.
The White House announced sweeping new sanctions against Russia on Thursday as punishment for the cyberattacks, which included the expulsion of 35 Russian diplomats from the US.