have hacking capabilities far beyond a small-time operation like the DNC's ability to keep them out.

Should they have detected this or had better protocols in place? Probably.

Is there anything they could have done to keep a determined Vladimir Putin from getting his hands on their emails?

No.

Unfortunately in my experience IT security is usually a reactive thought.

That warning should have been heeded tho

the more layers of security you put in place, the more likely you are to create impediments to open communication.

Can you be specific? What capabilities do the russians have that the DNC has no prevention for?

The three most accomplished spy agencies are the US, China, and Russia.

but like to speak as if you do.


Gotcha.

This link is more FUD. No actual information. All that is said about the Russian capabilities is that they are technically most proficient. How was this conclusion reached?????

expert as well as the US Intelligence Community.

Sony has a lot of IT people dedicated to protecting its systems. Russia cracked their systems without breaking a sweat.

Are pretending to be an expert....but you are really just googling.

So, according to your google research, there is nothing that can be done about hackers because they are so good because google told you so.

on staff to protect their systems from hackers?

Or are you claiming that you're so good at your job that Russia and China couldn't hack your employer even though they were able to outfox the data protection systems at the White House and the Pentagon?

I am not claiming to be the greatest IT security guy in the world.....but I do get paid for it.

My concern is not for the whitehose and the pentagon. it is for the DNC and the Democratic party. My concern is directly the result from seeing the many posts here on DU about concern over being hacked by russians.

we don't really know what your level of expertise actually is. But you're arguing that the Russians don't have advanced cyberwarfare capabilities?

Can you tell us why you believe that is the case?

I have not made any claims about the russian hackers' abilities. That was another poster. I was actually asking him to elaborate.

the only e-mails they seemingly have not hacked were HRCs, just as that POS Comey who jobbed her (see, FBI getting hacked by them).

are going to get access to whatever they want. A system they couldn't hack would be unusable by people working on a political campaign, frankly. While such a system could be created that would deflect even highly skilled Russian hackers, it wouldn't be a simple job that could be done by the typical IT person working for a political campaign.

In fact, systems at every level of government are routinely hacked. We just don't hear about it.

and I am 100 percent expected to keep my employer's systems and data safe. Period. Having been in this field for over 15 years, I do not ever recall being in the employ of anyone who thought, like you, that there is nothing that can be done about hackers.

And secure systems are completely usable.....not sure what the point would be if this were not the case.

So much misinformation.

This is exactly what I am talking about in my OP. There needs to be actual IT security professionals protecting the DNC systems. Currently, it appears that they are lacking in that department.

.


Enterprise systems pushing tens of billions per day.


.

.


Remember, you need at least 3 tiers to secure a system, with no backdoors, and the backend systems are nowhere near an internet connection. This includes your database, as one of the best hacks is picking data off of a cloud provider's system, where it's not if you data gets compromised but when and how often. Single session state tokens from end to end, right bown to the back-end database rows and record levels.

.

mundane messaging. Looking at what has been released, none of it is really all that sensitive. Bottom line, unbreakable security isn't really needed on such an email system. So the DNC emails have been compromised, but aren't actually going to result in any real disasters. There's nothing there that is really all that damning, frankly.

A week from now, nobody's even going to care about those emails. They're boring.

we can't say - we don't want to take the time and effort to secure this information, no matter how mundane, and then act like another government is trying to take over or influence our election when said information is hacked.

If its not important to secure that information then it should not be an issue that Russia or Wiki or Trump has it.

This just makes no sense to me.

There's not really that much that is sensitive about the DNC's emails. Slightly embarrassing, perhaps, but hardly critical information. But, it has to do with a presidential election, so it's of high interest to some. Once breached, the data is there, but how to use it?

If the Russians did it, their easiest solution is to dump in on wikileaks and let them release the whole schlimazel and see what happens. Turns out that nothing really happened. It showed that some people at the DNC wanted Hillary to win and hoped Sanders would lose. No surprise there.

The hacked emails were essentially useless, but still somewhat embarrassing. Once the convention is over, nobody will give a damn about any of them, frankly

On the other hand, the FBI is interested in the hacking itself, as always. No doubt some other alphabetical agencies will also have an interest in the hackers and may learn something useful. The Russians will get blamed and they'll really be the only ones who really lose anything in all of this.

Assange and wikileaks? Who cares, really? I don't. Frankly I worry more about the 4Chan script kiddies than wikileaks. They're vandals, looking for ways to cause damage.

So, you're in IT, and responsible for security for some business network system. Cool. Does anyone have a serious reason to hack your employer, beyond the usual personal information data theft exploits? Are the Russian hackers working on the data at your company? Probably not. I'm sure your system is secure enough for what's necessary. But, if you think it's actually impenetrable, you're probably wrong.

.


There were so many violations of security standards, verging on criminal negligence, at the DNC.

Shared userids and passwords.

Limited security on the back-end side.

No session state tokens to guarantee a session doesn't get hijacked.

No transactional security tokens from the workstation to database row levels.


===


Imagine being at a bank and their DNS or Firewall goes down, and everyone has access to everyone else's information.

Hard to imagine? That's because nobody ever freakin' does that!


===


But, supposedly, there was a DNS or Firewall outage and it somehow it opened up the keys to the kingdom.

I call complete bullshit or rank amateurs who should never be near a computer system.


===


The questions are:
Was everything released, were things held back for later or are there more surprises?
How many different systems were targeted and do they even know?


I bet that there were more breaches than they either know about or will admit.
Proper systems and policing detects these things immediately, or by the next day.


It's sort of like when some stores get a hit and release the credit card theft notice many months later.

When they know within a few days the scope of attack.


.

As far as I'm concerned, most systems are vulnerable if someone really wants to exploit them. I imagine that the NSA's systems are pretty much imprenetrable, but then, that's the business that agency is in. Most other government networks, however, are vulnerable to exploits and most of them have already been exploited.

Just because there's no news doesn't mean things are secure. I'm not a data security expert. I don't much care about that stuff, since I'm not involved in any organizations that matter to anyone. I'm not a hacker, either, because there's nothing much I'm looking for. Still, I do follow network security issues pretty closely. I find it all very interesting.

But I don't care all that much.

Bottom line, the DNC's emails are pretty damned boring, really. Just not that interesting to anyone, I'd think, once the convention is over. Just another big ado about not much at all.

It's humorous to me.

.


You can create immensely tight systems, but it needs at least 3 tiers and a skilled staff.

One person, one server cannot protect data--the result is a virtually open system.


It is a fallacy that a stand-alone system is secure, and can be breached by a teenager in minutes. And, most kids who do that know how to leave zero footprints. People who say they "checked the logs" are just bullshitters. Those logs can be edited, and rebuilt during, after, or when a post-mortem takes place to cover one's butt.

Copies of a drive tell you nothing, and most people know to perform a 7-pass sweep to clean a disk. So, with a day's notice, any drive can look legit.


===


At this point, I would say that everything in the custody of the DNC was exposed and is floating around somewhere.

Emails, membership, banking information, etc...


.

It appears like amateurs are in charge of our party's IT systems.

There are multiple threads about concern over hacking, and russians meddling in our election.

But I mention the security of our data, and apparently A) DU thinks there is nothing that can be done about hackers and B) the information is not really that sensitive anyway.

So, enjoy your amateur IT solutions, Democrats!!! Because apparently it is of no concern to anyone but me.

Thanks for the comments, folks.

... always seems to be about keeping "sensitive" (I.e. embarrassing) information from the general public. Which seems darn near impossible when all us IT folks are disgruntled outsourced contractors on a temp job working for bosses who act like we are interchangeable cogs in their money machines.

The worst thing you can do is point out that the CEO has his passwords sticky-noted to his monitor!

Hell, nixon's "plumbers" didn't even go after email. Brute force works, too. As does phishing and social interaction and plain old fashioned con-men (note: con is short for confidence, i.e., you gain a person's confidence in order to...take advantage of their trusting, good nature); as well as managers who refuse to pay for or provide the time for, security or training of their employees.

If you've spent 15 years in IT security then you're familiar with passwords that are names of the family pet, a spouse or child, dates of birth, favorite sports teams, etc. and the ever present Post-It(tm) notes. You're also familiar with people who can't be bothered to log out or shut down their PCs or who think that their boss should have access to their workstation.

As long as humans can be conned, bossed, or flattered, IT security is using a "spoon to empty out the ocean."

About 20 years ago, I was Director of IT for a "small" business whose CEO wanted to know why I couldn't "just press a button and fix everything." The "everything" was the hardware and software they'd bought from their previous IT Dir who'd been selling them crap from his garage; no, I'm not kidding. He had managed to talk them into a phone system that was way over their needs and several pieces of hardware he "got a good deal on" from his friends. While trouble-shooting a system "outage," I discovered him in the server room with the cable from the data server unplugged and in his hand as he was tired of tripping over it in the mess of a server room he'd set up.

It took us 6 months to clean up that mess and get their data/voice systems up and running 24/7. We would have finished sooner except the "Operations Manager" thought that software and hardware updates should be performed during working hours so they wouldn't have to pay overtime; yep, hourly IT workers. Nice, huh? Oh, wait, are you of the generation who thinks that's the norm? If so, then nevermind.

Yes, you are correct, we do need people to take IT security seriously. However, we're only about 3 generations (real world time) from the PDP-11 on which I wrote my first "hello world" (followed by my first infinite loop; it was really cool :-D Somewhat zen-like watching "hello world" stack up on a CRT). It'll be a few more generations of just what you're talking about, before IT security is treated as vital as the fake numbers the salesmen and MBAs report to the CEO who doesn't have a clue about his/her business.

Welcome to the wonderful world of "new" technology. Buy stock in Tums(tm), save your money, invest wisely, retire early, and get the hell out to go write your novel, climb the highest mountain, or volunteer for your favorite cause.

Oh yeah, and go put your resume in at the DNC and see if you can get a job teaching them about and implementing IT security.

The hackers had access for a year or more before being discovered.

This is according to your link.