Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Ex-FBI Agent on DNC Breach InvestigationFormer Cybercrime Special Agent Details Bureau's Investigation Strategies
As the FBI investigates a series of breaches targeting the Democratic National Committee, the law enforcement agency will employ vast resources unavailable to other organizations, including those that have identified Russians as the perpetrators behind the cyberattacks, says a former FBI anti-cybercrime leader.
"That's because the FBI partners with the rest of the U.S. intelligence community and the intelligence community of all our allied nations," says Leo Taddeo, a former FBI special agent in charge of the bureau's New York cybercrime division. "We have an extraordinary ability to collect signals intelligence around the world."
In June, the Democratic National Committee said two Russian-based groups with possible ties to the country's intelligence agencies were believed to be responsible for high-profile hacks, a surprising revelation in the midst of a heated election campaign (see Leaked DNC Emails Show Lax Cybersecurity).
Just days after the DNC's announcement, a hacker going by the name Guccifer 2.0 leaked sensitive DNC documents and claimed to be the sole intruder into the organization's networks. He then claimed to have passed more than 19,000 emails to WikiLeaks, which released the emails just ahead of the Democratic National Convention, throwing the party into turmoil.
Definitely Attributing Attack to Russians
The FBI is investigating the compromise of the DNC and related party organizations. The big question is whether the FBI will be able to definitively attribute the various hacks to Russia. A positive confirmation could have a deep impact on U.S.-Russia relations and set a new bar for an act of cyber espionage.
While at least four cybersecurity companies have said it appears the DNC hacks came from two known and suspected Russian cyberattackers, nothing is definitive. But Taddeo says the FBI has access to resources that private companies do not, which may enable it to attribute the hack attacks.
Of course, private companies generate and have access to exceptional amounts of intelligence relating to cyberattacks. In fact, Taddeo says, it's the only crime-related realm in which private security companies produce data that's on par, quality-wise, with that generated by law enforcement agencies.
In this audio interview, Taddeo discusses:
- Why groundbreaking data breaches similar to the DNC hack will likely continue;
- Why the FBI may have more success than private companies in definitively attributing cyberattacks; and
- How the FBI will investigate the DNC hacks.
Taddeo is chief security officer at Cryptzone, which is a network security and protection vendor. He served as an FBI special agent from 1995 through 2015, ending his career as head of New York's cyber/special operations division, overseeing 400 agents.