How cybersecurity is developing to combat Russian hackers

Leo Taddeo, chief information security officer at Cyxtera Technologies, discusses phishing and Russia's involvement in the 2016 US presidential election with CNET's Dan Patterson.

How cybersecurity is developing to combat Russian hackers

CNET's Dan Patterson interviewed Leo Taddeo, chief information security officer at Cyxtera Technologies and a former FBI special agent in charge of cyber operations in New York City, about Russia's involvement in the 2016 US presidential election. The following is an edited transcript of the interview.

Campaign 2018: Election Hacking is a weekly series from TechRepublic sibling sites, CBS News & CNET, about the cyber-threats and vulnerabilities of the 2018 midterm election.

Dan Patterson: Your expertise is Russia. Russians were certainly involved in 2016, can you help us understand what the Russians did? The technical aspect of what the Russians did as well as the influence campaigns that they ran.

Leo Taddeo: Right. So we can learn a lot from the indictments that have been brought by the special counsel, by Robert Mueller. I think there's an extraordinary amount of detail revealed in those indictments about the technical talent that was deployed, the tactics that were deployed and the objectives that the Russians had. So I think that's a very authoritative document for us to refer to when we're trying to figure out what happened. And if you look at it one of the things that jumps out is the Russians used only the techniques necessary to achieve what they were aiming for. So if a phishing campaign, which is fairly low tech tactic if you will, if a phishing campaign worked that's what they used.

SEE: Cybersecurity and the 2018 Midterms (TechRepublic Flipboard magazine)

If they required something a little bit more advanced in terms of network penetration you can tell from the indictment that they would elevate the tool set at their disposal and what they deployed to achieve whatever objective they had. So the Russians are very rational like many cyber criminals they'll only deploy the tools and reveal their capabilities as necessary. So from a technical point of view it's a very standard set of tools that were deployed against the DNC for example. Phishing and stealing of passwords to gain network access. So not very impressive from a technical point of view. Very impressive from a strategic objectives and strategic results point of view. My view with very little resources, perhaps in the millions, they were able to create not only confusion in the pre-election process but the massive amounts of discord and confusion in the post election environment in the United States continuing to this day and continuing to sow doubt running into the 2018 election cycle.

So for what appears to be a very small investment in terms of time and money and personnel. For an intelligence service to have such an impact is a tremendous, in my view, it's a tremendous success. I'm not saying I agree with what they did, I'm saying if we could mount something similar for a similar amount of money and a similar amount of staffing it would be very hard to turn down that kind of operation.

SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)

Dan Patterson: So I'm glad that you mentioned that these campaigns are ongoing. What can we anticipate in 2018 and beyond?

Leo Taddeo: Well we'll see more of the same. There's no reason to change your tactics if they're working. The intelligence community here in the United States has begun to shine a light on what the Russians are doing. We have private companies like Microsoft and other intelligence vendors shining a light on what the Russians are doing. My own company is deploying artificial intelligence and augmented intelligence to study some of the communications that the Russians are distributing on Twitter. And to identify the source of some of these information campaigns.

So I think the best... what we can expect is more of the same. More botnets, more information distribution to create divides within the American population within the voting population. And we'll have to keep our guard up, we'll have to shine a light on the Russian activity in order to inform voters, in order to inform our policy makers and politicians of course who are the main targets. And in that way we can counter the Russians and raise the cost and raise the risk of conducting this type of information campaign.

SEE: Can Russian hackers be stopped? Here's why it might take 20 years (cover story PDF) (TechRepublic)

Dan Patterson: Some of these influence campaigns are designed to undermine faith and confidence in institutions. Can you elaborate a little bit on what the tactics actually are and what are some of the goals in undermining the confidence in say the electoral system, in our faith in democracy and other institutions?

Leo Taddeo: Right. I think if you could be back at the GRU when they were discussing whether or not to conduct and influence campaign it would be hard for anyone, even someone experienced in the intelligence community, intelligence tactics and procedures. It would be hard for anyone to predict the outcome. So I don't think anybody at the GRU really knew how effective and how this would all play out. But they have been effective in for example undermining the credibility of the FBI. I don't think there's any doubt that America has changed its opinion about the FBI since the election.

As a former FBI agent I think that's very damaging to the United States because we need a law enforcement agency that has the credibility to present evidence to the American public and have that evidence stand up. And I think that if you were an intelligence service, especially an adversary service, if you can undermine that you've gone a long way to accomplishing your objective which is to weaken us.

Also see