While the Republicans and Democrats are arguing whether the Russians hacked the DNC and affected the outcome of the presidential election, former Chairman of the Joint Chiefs Martin Dempsey, in an interview with CBS, spoke about a Russian hack which has mostly been rumors up until now.
I think we can reasonably accept that the Chairman of the Joint Chiefs can probably speak with authority on this subject.
Dempsey said that in August 2015, the Russians hacked into the unclassified portion of the Joint Chiefs own network and stole both passwords and electronic keys used to sign messages.
Dempsey heard about the breach in the early morning hours by a phone call from the head of the NSA, Admiral Mike Rogers.
Once they got in, it only took the Russians an hour to take over the network. The network is used by over 3,000 Pentagon employees.
The Pentagon was forced to shut down the network completely.
How did they get in? The Russians sent 30,000 emails to a west coast University, FOUR of which got forwarded to the Pentagon and ONE of which was opened.
ONE email did the Pentagon’s Joint Chief’s network. One email.
Think about your company. Could a hacker get an employee to open a malicious email?
Why did the Russians do this? It is believed that the Russians were mad at U.S. sanctions of Russia for their invasion of Crimea. They wanted to cause the Pentagon as much pain, expense and embarrassment as possible.
The network was down for two weeks while they replaced hardware, rebuilt systems and added extra controls to try and keep the Russians out.
As far as we know, they have not gotten back in to that network.
This story emphasizes that employee education and training is critical. If the four employees at the University in California did not forward the malicious email or the one employee at the Pentagon did not open it, this story would not exist. If the IT department supporting the DNC did not give Podesta the wrong instructions, the outcome of the Presidential election might have been different.
It is a very fragile balance and the hackers have the advantage. The good guys have to do right all the time – 1 out of 30,000 emails was enough to take the Joint Chiefs network down.
Information for this post came from CBS News.