Photographee.eu - Fotolia
In this week's Risk & Repeat podcast, SearchSecurity editors examine claims from intelligence veterans that the DNC hack was an inside job, and not the work of Russian hackers.
A group of veteran intelligence officials presented a new theory about the Democratic National Committee hack, but the technical evidence behind it appears to be lacking.
The group, known as Veteran Intelligence Professionals for Sanity (VIPS), recently published an open letter to President Donald Trump arguing that the DNC hack was not perpetrated by Russian hackers, but instead by an insider threat. The DNC hack inside job theory circulated over the last year, but it hadn't carried much weight, if any, before the VIPS report.
The organization claimed that, based on technical evidence provided by two independent security researchers, it was determined that the download of the nearly 20,000 emails from the DNC was performed at a speed of 22.7 megabytes per second (roughly 180 megabits per second). VIPS and its security researchers argue that speed was simply too fast for a remote network connection and, therefore, the data must have been copied locally onto an external storage device, like a USB drive.
In addition to arguing that the DNC hack was an inside job, VIPS made the explosive claim that Russian fingerprints were generated to blame the incident on Russian state-sponsored hackers.
Several publications, including The Nation, picked up the VIPS letter, which challenges the FBI and CIA's assessment of the DNC hack. However, a number of infosec experts have debunked the VIPS theory, and have refuted the technical evidence that allegedly points to the DNC hack being an inside job.
Who are the independent security researchers VIPS used to build this case? What is the technical evidence that led VIPS to believe the DNC hack was an inside job? Why is this so-called evidence misleading? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.
Risk & Repeat: MalwareTech indictment raises questions
Risk & Repeat: Voting machine hacking comes to Defcon 2017
Risk & Repeat: Highlights from Black Hat 2017