Hackers Shift Tactics After 2016 U.S. Election

Bloomberg reports that hackers are shifting their tactics. Undeterred by tighter sanctions imposed on Russia by the U.S. in response to last year’s attacks, hackers are increasingly likely to leak altered information they steal from both individuals and companies, said Dmitri Alperovitch, CTO at CrowdStrike.

"I’m sure they’ve been taking notes about how they can try to extort individuals, companies and leverage the same trade craft that’s been used so successfully in the last year," Alperovitch said in an interview. "We will see leaks from companies, perhaps political entities, this year and we need to be very careful about believing everything that we see.

While high-profile cyber attacks against Sony and Target have drawn attention to the risks of hacking, computer experts say the U.S. is still quite vulnerable to breaches. A report last month by the Center for Strategic and International Studies said “advanced attackers can still penetrate most American networks,“ with the authors singling out critical infrastructure, including energy, telecommunications and finance, as most at risk.

The Democratic National Committee called CrowdStrike last year to respond to a cyber breach in its networks that led to disclosures of the committee’s e-mails and other internal data, resulting in then-DNC Chairwoman Debbie Wasserman Schultz’s decision to step down. CrowdStrike linked the attackers to Russian intelligence agencies, a finding echoed by the U.S. government, which said the campaign was ordered by Russian President Vladimir Putin. Many Democrats blame Hillary Clinton’s defeat by Trump on the hacks and subsequent leaks, while Russia has denied the allegations.

Altering data could be as simple as dropping a phrase or changing a word in a sentence. Hackers could target not just highly sensitive personal information, but even e-mails whose content they could change and then release. Alperovitch said his forecast for increased breaches and data alteration is based partly on intrusions CrowdStrike continues to monitor, many of which he blames on Russia-based hackers.