2008-11-06

Why the Obama-McCain Hack may be bigger than you think

A recent Newsweek article revealing that both US presidential campaigns were compromised by 'a foreign entity or source' is getting a lot of attention. The article ominously quotes the FBI: "You have a problem way bigger than what you understand." Boy aren't they kidding. Let me explain a parallel to you, since the correlation is far from obvious.

You have probably read news reports about defense-related data on unclassified networks being targeted by actors that seem to be abroad. Working professionals in the defense infosec industry understand the logic from the perspective of an adversary: target technology while it is being developed on unclassified networks, by necessity for collaboration, because once the military receives the technology it will be harder to get these details as some become classified or more closely held. There is asymmetry between information sourced at contractors (tends to be unclassified), versus the very same type of information sourced within the government (tends to be classified). This is one of the not-secret, but not-widely-known dirty little truths about our classification system.

Here, we see the same tactic with a wholly different kind of information. Policy decisions being made by the Obama and McCain camps during election season are likely to translate into official US Government policy once one of them is elected, at least insofar as election promises are upheld. Some of these details are likely going to be held close to the vest, and almost certainly classified. Naturally, while policies are under development in a not-yet-elected campaign office, they are unclassified with the custodians (campaign workers) unqualified or uninterested in protecting them - except possibly from the other candidate. This is a brilliant application of the same tactics available to adversaries for acquiring military technology, perfectly timed for the only period that such an attack may be successful in compromising the confidentiality of future policy stances. This parallel may have significant implications; specifically what depends on the viewpoint of the reader, but the alignment is no less than 'quite interesting.'

If there is a silver lining here, it's that Barak Obama's office now has a first-hand understanding of just how severely questions of information security and electronic espionage have the potential to impact national security. Let's hope they remember that when deciding on IT and government-wide security strategies for the next 4 years.

No comments: