What Happens if the Geeks are Compromised

By Kevin Freeman
May 29, 2017May 29, 2017

A failure of imagination. When the 9/11 Commission reported on the nature and causes of the worst terror attack on American soil in history, those four fateful words summed up the problem. There was a pre-9/11 mentality where the FBI assumed a plane hijacking was intended to get a ransom. The goal was to talk the hijackers into landing the plane. No one imagined that those taking over a plane did so with the purpose of dying. They never intended to land the plane. With 9/11 everything changed. Yet, despite this we still have a failure of imagination.

There is a coming cyber attack and it will make the WannaCry virus of a few weeks ago look like child's play. British Airways has been enduring a recent IT system failure that may be the result of a hack. Chipotle has admitted a serious compromise. These are normal weekend announcements. But all of these pale in comparison to what could be coming. There are enemies of the United States (even North Korea) that would love nothing more than to completely disrupt our economy and cripple our way of life.

One of the answers to the currently unprecedented level of cyber attacks is to hire professional help and install defensive measures. After all, simply "patching" the Microsoft XP operating system would have averted the problem experienced by 300,000 computers in 150 countries. So getting professional help is a must. The problem, however, is what happens when the geeks are compromised?

Recently, court records have shown how the FBI has been working with Best Buy's Geek Squad to bust child pornographers. Actually, that seems like a good thing although there are serious privacy issues. But what if the IT support is not on the American side?

There is a new report out from the Defense Science Board on Cyber Supply Chain vulnerabilities. It details the many risks in our modern weapons systems that are dependent on technology and cyber capabilities. It recognizes that vulnerabilities can be manufactured into weapons systems or inserted by contractors and suppliers at multiple points along an extremely complex chain. If this is a risk for the military, how much more so for private industry?

Basically, it seems that an enemy intent on doing us harm could purposely introduce cyber vulnerabilities. The fact that a major IT support group could work with our Federal Government naturally raises the risk that a different IT group might work with a different government, knowingly or unknowingly. Even if the overall firm wasn't compromised, even the insertion of a few agents along the way could bring risk. And, with sophisticated hacking tools, it would be possible for intruders to infect a major contractor at one job site that would unwittingly carry the infection to other clients.

From the May 21, 2017 Cipher Brief:

Last month, the UK's National Cyber Security Centre and cyber units at PwC and BAE Systems collaborated to identify a large-scale attack – beginning in 2014 but ramping up in 2016 – against suppliers of IT outsourcing by a group called APT10. Dubbed "Operation Cloud Hopper," the attackers methodically infiltrated supply chains for IT as a form of one-stop shopping, given that these firms service a wide array of businesses and sectors. According to the report, the IP addresses used in the attacks were traced back to China and, as with other Beijing-sponsored attacks, the hackers operated during the Chinese workday, regularly breaking for lunch at the scheduled hour. The scale and scope of the attack on European and U.S. firms, either directly or indirectly, has not yet been disclosed but what seems clear is that the Chinese government's assurance and promises to curtail its hacking activities are hollow.

The Cloud Hopper exposé is just another clarion call in a growing cacophony of attempts to get the government and private sector to wake up to the fact that the undermining of the U.S. economy by adversarial states (not just China) and actors is a national security threat of the first order.

Considering that, let's step back to a story just a few months old. There has been very little news on what should have been blockbuster headlines. While the mainstream media is obsessed with the theory of Russian ties to the White House, we have a major investigation into Pakistani IT staffers team working for Congressional Democrats. The allegations are serious enough to warrant a ban from the House computer network. Other House IT aides are seriously concerned about the damage that could have already been done.

The story has taken several bizarre turns and has serious elements of national intrigue. The potential risks are enormous. Can you imagine if trusted IT staffers were agents of a foreign government? While the Capitol Police have been investigating, Debbie Wasserman Schultz has objected strenuously even though she might be a victim. Yes, this is the same Congresswoman who was the head of the DNC, forced to resign right before the Democrat convention over the release of damaging information that showed a rigged primary system. It now appears she is protecting one of the accused staffers. The concern is that the House Democrats might engage in a cover up without serious media scrutiny.

We should demand that the major news outlets begin investigating this explosive story. We have strong reason to suspect that this IT scandal could be more genuine and more serious than the Russia collusion story. In fact, given the connection to Wasserman Schultz, can we rule out the idea that the Wikileaks of DNS documents came from this IT staffer breach rather than a Russian hack?

All of this is to suggest that there are multiple points of vulnerability in any IT system. It is imperative that our government and defense department apply serious scrutiny to anyone they allow to touch the network. As Edward Snowden taught us, contractors have access to all sorts of things. Likewise, private companies and even private citizens must be ever vigilant. We are far too dependent on the Internet to make additional mistakes here.

Be certain you can trust whoever provides your IT support. Companies should run thorough background checks. They should also look into the FBI's InfraGard program as an excellent resource for staying on top of ongoing threats. From the FBI website:

InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. Visit the InfraGard website for more information.

There are resources for helping protect your network. Let's hope that our government properly investigates this threat and gets to the bottom of the suspected IT intrusion without letting politics get in the way.