Yesterday, Colonel Lang and I had a short email conversation extending over several hours.
PL: Do I understand that DoS has been wide open for penetration by any sort of phishing expedition in e-mail? And that the HC breach just happens to be the most obvious example? pl
TTG: In short, yes. The November 2014 hack required the entire DoS unclassified system to be taken off line for a weekend. NSA was still finding evidence of penetrations three months later. The Executive Office and JCS unclassified systems were also breached. The Russians were behind these. The Chinese were in the USPS and NOAA systems at the same time. NASA is perpetually hacked by everybody. Before that I knew INSCOM and army.mil were breached through their routers rather than any phishing attack. None of these systems are being left totally unprotected, but the defenses are inadequate.
PL: Well, isn’t that special! Did you write this up for us before? I can’t remember. pl
TTG: I’ve mentioned these things in various comments over the last few months. CP and I put out a collaborative post on the OPM hack back in 2015. I've done several hacking posts over the years. It's become a supremely political act to do so today.
PL: IMO we need to re-state reality. pl
Government and commercial networks are being breached all the time. It’s certainly not just Russia, China and other state hackers. Those router hackers I mentioned were an international group of like-minded fellows ranging from a drug-addled kid living in his mother’s basement to a cyber-security instructor for a major national law enforcement agency. That drug-addled kid was smart and disciplined enough to pass through three different compromised .edu routers before he did anything operational. He shut down a major ISP with his router botnet just to screw with another hacker group and monitored his progress by watching internet activity over several countries in real time. And this kid was one of the least accomplished members of his group. I keep this in mind whenever I hear the claim that only a nation state could pull off some hack.
Another point to keep in mind is that my small team was able to identify these router hackers through a relentless HUMINT operation over a long period of time. Add a robust SIGINT capability to this HUMINT effort and you will begin to understand how attribution is accomplished these days. Forensic investigations are not the answer. Those investigations could lead to deception just as easily as they could lead to valuable clues.
Finally, back to the Colonel’s and my conversation. The reality is that Clinton’s private email server was certainly open to penetration by a wide array of hackers, including Chinese state hackers. The DoS network was, and is, also open to penetration by these actors. The very nature of unclassified governmental email systems makes this a reality. They are open to any connection with the right email address. Those emails are then opened by fallible users who too often succumb to clever phishing attacks. Yes there are effective security measures for email, but unless users are willing to revert to a command line email client like pine and pull their heads out of their asses, email will remain an especially vulnerable service.