Security

Visualizing the Russian cyberattack

Cybersecurity experts explain how the data breach happened, and Twitter chatter reveals what competing social media factions are saying about the election hack.

affiniorussiahack.jpg
Image: Affinio


"Everybody has hacking capability. And probably every intelligence service is hacking in the territory of other countries. But who exactly does what? That would be a very sensitive piece of information. But it's very difficult to communicate about it because nobody wants to admit the scope of what they're doing. And I don't doubt that the Russians are hacking us, and I hope we're doing some hacking there."

Former Secretary of State Henry Kissinger

CBS News Face the Nation - December 18th, 2016

On the eve of Donald Trump's ascension to the presidency, driven by near-confirmation of Russian election cyber-mischief and revelations of another major breach at Yahoo, hacking and cybersecurity are now paramount concerns for the public, business, and government.

Election hacking played a prominent role during the campaign, but for months the story boiled in a narrative stew that also included voluble news and social media conversations about Donald Trump's controversies and Hillary Clinton's email server.

"The experts are in unanimous agreement: In an unprecedented action, Russian actors interfered with the US presidential election," affirmed Patrick Peterson, Founder & Executive Chairman at security firm Agari. "The cybersecurity community is unanimous in this assessment ... [our] analysis correlates with CrowdStrike's and SecureWorks' analysis, clearly indicating Cozy Bear and Fancy Bear Russian state actor responsibility for these identity-impersonating, credential-stealing attacks."

SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)

Consumers and businesses should note that email was the critical flaw that exposed the hack, Peterson said. "Analysis of the most noteworthy hack, that of John Podesta's personal gmail account ... shows the messages were sourced from Russian provider Yandex with tradecraft identical to similar attacks ... this includes use of a Cyrillic character looking like an 'o' to obfuscate the word 'password' in the emails." Peterson explained that the phishing attacks included spoofed Google URLs like "accounts.googlemail.com", a subdomain Google does not use but that looks very similar to "accounts.google.com", a subdomain that Google does use.

Adam Meyer, chief security strategist at SurfWatch Labs, agrees that phishing and social engineering are common tactics deployed by a variety of attackers at an ever-expanding market of hackable targets. "Today, it is much easier, cheaper, safer, and faster to simply social engineer individuals using common technology by spear phishing," Meyer said. "Once the individual is duped, a digital level of presence is established and the adversary will then be in a position to act on their intentions. This is what happened to the DNC and continues to happen to thousands of other organizations every single day."

With the confirmation of the DNC attack came a fresh flurry of online chatter. TechRepublic and Affinio, a firm that creates audience intelligence and marketing applications for enterprise and media companies, partnered to analyze web, news, and social media data about cybersecurity. Using Gnip, the Affinio algorithm devours data from Twitter directly and then, according to a process-focused blog post, "segments audiences into interest-based segments... content data is then appended to the analysis to understand the content that each cluster engages with."

SEE: Russian hack almost brought the U.S. military to its knees (CBS News)

After that, clusters are joined and sorted by interest patterns. In each sub-segment the company identifies resonating content coupled with information related to post interconnectedness density, metadata like location and timestamp, and user demographic profiles.

Our survey ran from December 14th through December 16th and sampled 44,009 users selected from the entire Twitter database. The sample shared, on average, 109 Tweets per month and used keywords like "russia," "USA,"cybersecurity," and "hacking."

The resulting graphs detail how information about the Russian hack percolated and was shared through online communities.

The graph above demonstrates that the primary groups discussing the hack are:

  • Democratic news and political junkies
  • Foreign policy news and political junkies
  • Christian conservatives
  • Techies
  • Spammers
  • Gamers
  • Marketers

Perhaps indicating a social media self-selecting confirmation bias, topical groups tend to converse and share information internally. Trump supporters and Christian conservatives, for example, communicate with each other but rarely with gamers. Democratic supporters talk often with social activists but rarely with conservative groups. Spammers too segregate and communicate along party lines.

russiahacklocations.png
Image: Affinio

Conversation about the hack, unsurprisingly, emanates primarily from east coast metropolitan hubs.

russiahacktopics.png
Image: Affinio

The top hashtags related to conversations about the Russian hack are:

  • #trump
  • #nodapl
  • #auditthevote
  • #resist
  • #standingrock
russiahackinfluencers.png
Image: Affinio

The Russian hack conversation on Twitter is driven primary by traditional and social media news and political influencers.

SEE: How risk analytics can help your organization plug security holes (Tech Pro Research)

The high volume of conversation related to the Russian hack by major influencers has pushed cybersecurity into the mainstream, yet cybersecurity experts agree that consumers and companies remain vulnerable. "While we cannot control what tactics, techniques and procedures that our adversaries leverage," said SurfWatch's Adam Meyer, "we can control the opportunities we present to them. We control how many doors we leave open; we control how much opportunity we present. We should be mindful that many of the hacks today are preventable if we simply used the intelligence about how the criminals operate more effectively."

Read more

About Dan Patterson

Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.

Editor's Picks

Free Newsletters, In your Inbox