back to article FireEye probes Clinton foundation hack: Reports

Hillary Clinton's charitable foundation has hired security colossus FireEye to investigate a possible breach, Reuters reports. The foundation has not confirmed the reports based on sources familiar with the investigation. It is reported attackers gained access to the foundation's network through targeted phishing attacks. …

  1. a_yank_lurker

    Blame the Russkies

    I get very annoyed when the first item out of some hack's (pun intended) is the Russkies did it. The real problem is probably much closer to home; most likely a refusal to implement proper security procedures. All too often the root cause is often an internal failure allowing the attacks to succeed.

    1. Anonymous Coward
      Anonymous Coward

      Re: Blame the Russkies

      If it is a phishing attack as suggested, the failure is humans. You can't patch them, unfortunately.

      1. Trigonoceps occipitalis

        Re: Blame the Russkies

        Can't patch humans?

        No, but a cattle prod helps.

        BOFH

    2. Trevor_Pott Gold badge

      Re: Blame the Russkies

      If the Russians want in to your network they will get in. Period. Believing anything else is hubris and arrogance of the most overwhelmingly egotistical type.

      The NSA couldn't keep the Russians out if they were determined to get in. There is absolutely no way a charitable foundation or a political party's IT team could keep out a state actor with that kind of ordinance and experience.

      The only thing that the Clinton foundation could have done - that any of can do - is try our damnedest to raise the cost of success beyond the value that success brings to the attacker. Success is measured in many ways, meaning that for some strikes the value of success is worth nearly any cost.

      In this case - and in the DNC case - I personally don't believe that Russia (or whomever) approached the target with a "success at any costs" valuation. Most likely they regularly probe such high value targets and stumbled upon a target of opportunity.

      The truth is, we'll likely never know. What exploits were used, if classified ordinance was deployed or merely public vulnerabilities were exploited. I'm not sure it matters.

      The question is what can we - what can anyone reasonably expect from these organizations for security? Perfect security is impossible, and the costs of raising the cost to attackers rises disproportionately fast for the defenders. At what point is it irrational to expect increased spending on IT security, on end user training, or to expect that human beings operating in various positions won't make errors?

      "They were asking for it" or "they had it coming" or "maybe they wouldn't have been attacked if they didn't dress (their IT security) like that" aren't acceptable responses to this. Collectively, we can't keep blaming the victim for not spending irrational amounts of time and money on defense. Most of us simply can't afford it.

      And where does it stop? Where does this attitude of "security is everyone's individual responsibility so we all have to pay and pay and pay and keep paying and pay some more" end? At what point do we start to see this as an issue we need to band together on and start pooling our resources so that we can come up with defenses collectively that, quite frankly, we'd never afford individually?

      Mocking, victim blaming and traditional unrestricted capitalism have all failed to win this war. Maybe now that it has impacted some of the elite we'll see some fucks given and new approaches taken. I can only hope.

      1. Paul Crawford Silver badge

        Re: Blame the Russkies

        "Mocking, victim blaming and traditional unrestricted capitalism have all failed to win this war."

        The thing is it is unwinnable, just like we still have home burglaries and cars stolen. And it won't get any better because nobody is working to reduce complexity and improve security in any meaningful way. Most of what we get in terms of new stuff is aimed at whoring us to advertisers (thank you MS for following Google) or selling us IoT tat that rarely adds real value but almost certainly adds to the attach surface.

        Will we ever see security being held above convenience or fashion?

      2. Eddy Ito

        Re: Blame the Russkies

        Well some of the mocking is appropriate such as the DNC emails with all the information one would need to steal a donor's identity. Sending that kind of information around via unencrypted email is simply daft if not mindbogglingly stupid and if mocking it makes it less likely that others such as realtors, bankers, et al. do the same thing then I'm more than ok with the mocking bit.

  2. Paul Crawford Silver badge

    Politics?

    Maybe I am just being dumb here, but what do the Russians have to gain by bringing Clinton down?

    How is the prospect of Trump getting in somehow in their favour?

    1. Chris G

      Re: Politics?

      Answer: The y own him!

      Or at least a fair portion of his debts, according to sme reports, Russian organisations have been his main source of borrowing for years.

      Clinton is likely worth more than Donald so less likely to be owned.

      1. Eddy Ito

        Re: Politics?

        "according to sme(sic) reports"

        Do you have a link? I'd be interested in reading it.

        1. Chris G

          Re: Politics?

          Trump links:

          https://www.washingtonpost.com/politics/inside-trumps-financial-ties-to-russia-and-his-unusual-flattery-of-vladimir-putin/2016/06/17/dbdcaac8-31a6-11e6-8ff7-7b6c1998b7a0_story.html

          http://www.intrepidreport.com/archives/18824

          Both reports contain other links.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon