By Khalida Sarwari
Though their methods were not as sophisticated as the 2016 hack of the Democratic National Committee, the same Russian hackers are believed to be responsible for the infiltration of a Ukrainian gas company at the center of President Donald Trump’s impeachment proceedings. Don’t be surprised if they strike again, says Engin Kirda, a cybersecurity professor at Northeastern who studies network security.
That’s because attacks of this nature don’t cost much nor require a whole lot of technical savviness, says Kirda. Additionally, plausible deniability enables foreign hackers to get away with cyber attacks again and again, he says.
“Nations often know who is behind an attack, but proving it to the public is often difficult because then you might have to say how you collected that potentially sensitive information, or how you know it. You would need to release your sources, which people rarely do,” says Kirda, a professor who holds joint appointments in Northeastern’s Khoury College of Computer Sciences and College of Engineering.
Area 1 Security, a cybersecurity company based in California, discovered the attack on Burisma Holdings, the Ukrainian gas company on whose board Hunter Biden served, and which is now at the center of the controversy involving Ukraine, on New Year’s Eve. The U.S. House of Representatives impeached Trump over allegations that he pressured Ukraine’s President Volodymyr Zelensky to investigate the Bidens’ connection to Burisma.
The hack—which Area 1connected to GRU, the Russian government’s spy agency—appears to be a simple phishing scheme that Kirda suggested could have been prevented if the company had enabled two-factor authentication, a common method of confirming users’ claimed identities by using a combination of two different factors.
“Based on the publicly available information, it actually didn’t sound like the company had two-factor authentication,” he says. “And it did sound like the attack was pretty straightforward and not very sophisticated.”
In a phishing scam, the target will typically receive a legitimate-looking email warning the recipient to log in to a website to perform a certain action. The email will contain a link to a legitimate-seeming website, and the recipient will be solicited for account details. The sender will then use that information to steal, commit fraud or retrieve more valuable information.
“It’s something you see all the time, right?” says Kirda. “People think, I’m not sending any sensitive emails, or what would happen if somebody would read my email? But there’s actually quite a bit of sensitive information that people can get from your emails, and they can actually use that email account as a stepping stone.”
Even if you or your emails are not particularly important or interesting, says Kirda, you likely know someone who is, and that’s who the hackers are ultimately targeting. Once they have the information they’re seeking, hackers will find a way to gain access to other systems and databases to launch a more sophisticated attack against the main target, he says.
In their discovery, Area 1, the cybersecurity firm, found parallels between the Burisma hack and another more sophisticated attack that was carried out against Democratic candidate Hillary Clinton’s campaign chairman and the Democratic National Committee during the 2016 presidential campaign. In that case, says Kirda, hackers were able to gain access to [Clinton campaign chairman John] Podesta’s emails because he had failed to activate two-factor authentication.
“It does sound like—based on all the information we have—that the Russians are actively attacking everyone that they can attack that has the potential to have interesting information,” Kirda says. “And I’m sure there are many companies that we haven’t heard of yet that have been attacked, that they have access to because this information can be used for industrial espionage or for political purposes. The Soviets have done this in the past. Now through the internet, and because everything is connected, in a way it’s easier to do.”
As the Burisma hack story continues to develop, Kirda says he’ll be watching to see if the attack was more sophisticated than it appears, and what kind of information was leaked. But, it’s possible that by the time this case is settled, we might be contending with a slew of new cyberattacks.
“We’re going to hear of these things a lot in the future,” Kirda says. “It’s not going to stop. Stories like this will keep appearing. We’re going to hear lots of disinformation as well. The only solution is to just be better prepared. Make sure your systems are secured. Invest in research.”