Cry Havoc And Let Loose The Emails!

Contributed by Tim Johnson

A statement that precedes the internet and represents the wisdom of experience in Washington reads: Never write what you can phone. Never phone what you can speak. Never speak when you can nod. Never nod when you can wink, and wink only when you really need to.

On July 27th of 2016, presidential candidate, Donald Trump, said, “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press.”

He was referring to the emails of rival candidate, Hillary Clinton. In 2017, the American people have been informed by our intelligence agencies that indeed, Russia had executed state-level cyber-attacks to influence the presidential election of our Republic. Such attacks seemed to be directed at email servers of the Democratic National Committee (DNC), as well as other facilities related to the Democratic Party.

Although Mr. Trump initially denied such allegations, he has grudgingly acknowledged the revelations. 

Attorney Reince Priebus, formerly chairman of the Republican National Committee (RNC), appears to have accepted the conclusions of U.S. Intelligence Services. He has also criticized the security of the DNC email servers.

A forerunner to current events occurred in 2006, Mark Foley was a Republican congressman from Florida. He was investigated by the FBI for sexual harassment of congressional pages. The FBI used Mr. Foley's email messages as part of the chain of evidence. Although the FBI declined to prosecute, the emails ended Congressman Foley's political career.

A multiplicity of widely publicized hacks have come to attention lately. Most of these hacks have targeted user information such as passwords and social security numbers. The same means – targeting insecure websites and insecure web servers – can be used to hack email accounts.

A common topic among cyber security analysts are the frequent weaknesses caused by errors in the configuration of web servers. These are the computers that "serve” or display the web pages that we request when we click on a link or go to a website. System administrators are responsible for the security of web servers. To err is human and error is frequent among such humans. 

A common topic among programmers is the ease with which websites can be built. In fact, it is simple to build a website without knowing much about security measures. Software schemes called Content Management Systems (CMS) are usually employed, and often by programmers who have incomplete knowledge of the internal workings of a CMS. Many programmers do not properly utilize the resources with which a website can be secured.  

Programming errors can be the equivalent of "leaving the front door open" while server security errors are the equivalent of "leaving the back door open".

In recent years, advertising on the internet has become more and more prevalent. Much of the advertising is presented by something called Content Distribution Networks (CDN). Because these networks are embedded in multiple websites, the hacking of one CDN can effectively hack multiple websites. This is similar to a single defective airbag in multiple car models causing recalls of all those models.

Hacking for criminal gain is well-known and frequently discussed. The Russian intrusions into our political system is news today, but not necessarily new. Hacking to attack our country's infrastructure is a constant concern of security agencies. A failure of large parts of our electrical grid – which could be accomplished via an internet intrusion – might lead to more deaths and economic loss than the 911 attack.

We can anticipate further politically-based tampering via the internet. Independent equivalents of the Russian hacking are entirely feasible and probably is being planned. Such hacks may come from non-state players like the group known as Anonymous. 

An extensive leak of emails between members of Congress, staff and lobbyists would probably result in chaos. In the short run, such chaos could be a detriment, but in the long run might contribute to "draining the swamp". 

Such leaked revelations could highlight the contrasts between partisan interests, lobbyists’ special interests and the people's interests. If it is seen that the people's interest were given second or third place to those other interests, the pitchforks of public indignation might be put to work with extreme prejudice. 

Reince Priebus may be correct in his assessment of the Democratic Party's security measures. Politically neutral comments from security experts seem to support his assertion. However, all security is potentially flawed and a small chink in a firewall could swell to a flood that would erase all of Mr. Priebus's smugness.