Who is hacking US election databases and why are they so difficult to identify?

The FBI has said that government-affiliated Russian hackers are responsible for both intrusions. Yet the hackers’ motivation is unclear. We don’t know whether the hackers were engaging in espionage, attempting to manipulate the election, or just harvesting low-hanging cyber-fruit for their own financial gain.

And we certainly don’t know who they are. The ambiguity around hacking makes it a powerful tool of governments because hackers can exist in a grey area and, if caught, be repudiated by the state that they are assisting. 

Russsian hackers or hackers for Russia?

Although it’s often possible to determine where hackers are operating from, it’s more difficult to identify government involvement. Rarely are cases as clear as a recent example in Myanmar, where researchers at cybersecurity firm Unleash Research Labs traced hackers to a server managed by Defence Services Academy, the country’s premier military academy. The hackers also appeared to be working only during business hours, indicating they were government employees.

Most cases are more opaque. North Korean hackers often work from China because the country has superior technological infrastructure. These hackers are surely employed by the North Korean government, but China’s role is harder to identify -beyond the fact that Beijing turns a blind eye to the hackers’ presence within its jurisdiction.

In an even more complicated incident, in 2013 Russia issued an international travel advisory to Russian hackers, including those that would be considered cybercriminals. The warning was issued because the United States was working with third-party countries to extradite travelling Russian hackers to the United States to face trial. In this case, the Russian government was trying to protect non-government affiliated hackers from US action. 

What’s the motivation?

The simplest explanation for why a hacker would hack the DNC and the voter databases is profit. The Arizona voter registration form, for example, is a treasure trove of information for potential identity theft. It includes the last four digits of the voter’s Social Security number and mother’s maiden name - key pieces of information used for online security.

The form also asks for a main email address. Once hackers have access to a person’s email address - which can often be password changed with the last four digits of a Social Security number or with a mother’s maiden name - they can likely access any number of online accounts, including those with credit cards attached. The DNC data would have been even more valuable because it contained donor and credit card information.

In the case of the DNC hacks, “Gucifer 2.0”, the hacker who claimed responsibility, is suspected to be a cover for a group of state-sponsored hackers. These hackers could be government employees or freelance hackers who were asked by the Russian government to target US political organisations. The Russian government may want to influence the outcome of the election, perhaps because of Democratic presidential candidate Hillary Clinton’s critical comments about Russian President Vladimir Putin.

Alternatively, the Russian government could be showing off its cyber-prowess and testing the response to these kinds of hacks. Electoral organisations like the DNC are not considered part of US national security concerns, despite their importance. This means that they don’t benefit from additional protection from the Department of Homeland Security and could be targeted and breached without serious consequences. Considering Russia’s current tendency to push up against and test the limits of international norms, it’s possible that Russia just wanted to see how the United States would respond.

Pro-government hackers are not necessarily paid government employees clocking in and out during normal business hours. Instead, hackers can both be patriotic and self-employed –particularly in places where the United States is seen as an adversary. In such places, there may be overlap between government and hacker goals, without the hacker officially on the government payroll.

For example, hackers might target US political infrastructure for emotional reasons. If the hacker is living in a country where there is considerable anti-US sentiment, he might be able to reap emotional benefits as well – a feeling of satisfaction at striking a blow for their country.

A final explanation is that Russia may have been engaging in routine cyber-espionage, similar to that of many countries. This may have been the case for the voter registration hacks, but because the DNC data was given to WikiLeaks, that hack had obvious political intent.

The challenge

Neither the DNC nor the voter registration attacks should come as a surprise. With so many actors, motives, and targets, cyberattacks are inevitable. The challenge in identifying hackers and their employers only makes this picture more complicated. It is also the reason that the main strategy around cybersecurity protection is changing from a “moat-and-castle” style protection approach to one that focuses on resilience -mitigating damage and emerging with stronger security after an attack.

Whoever the actor and whatever their motive, the world is rich with appealing data targets. These recent attacks highlight the need for every organisation that manages private data to work harder at making it secure.