Cybersecurity Experts Gather at Pitt to Discuss Russian Hacking

Issue Date: 
February 8, 2017

Nakashima and Soldatov

The influence that Russian hacking may have had on the recent U.S. Presidential election won’t likely be the last time such concerns are raised, said a panel of experts that convened Feb. 2 at the Pitt School of Law.

Moderated by new faculty member David J. Hickton, the panel is the second in a series of University forums focusing on current issues that affect not only the Pitt community, but the nation and the world.

Hickton, who himself brought several high-profile indictments against the world’s most prominent cybercriminals when he was U.S. Attorney for the Western District of Pennsylvania, guided the discussion through topics ranging from early cybercriminals to how espionage has evolved to just how secure our iPhones are today. He is directing a new effort at the University to engage the expertise of faculty members and others to make significant contributions to the national discussion on cyber-related issues.

The recent panel included two journalists — Ellen Nakashima, national security reporter at The Washington Post, and Andrei Soldatov, a Russian investigative writer — as well as Luke Dembosky, former U.S. Department of Justice representative at the U.S. Embassy in Moscow, and Keith Mularski, supervisory special agent at the Pittsburgh FBI, who has helped solve international cybercrime cases.

About 400 people were in the audience, which included reporters from the New York Times, CNN, and the Associated Press in Washington, D.C., as well as former Pennsylvania Governor Dick Thornburgh, Pitt administrators, law and engineering faculty, and students. The event was also livestreamed (see the recording here) and screens were set up at three sites around campus, which attracted even more viewers.

Nakashima, whose paper broke the story about Russian hacking related to the election, recalled the Friday before the Democratic National Convention, when 20,000 hacked emails from the Democratic National Committee got dumped on WikiLeaks.

“Now we’re talking about Russia possibly meddling in the election. Russia was taking the cyber game to a new level — information warfare,” she said. She also noted it caught the Obama administration off guard.

“For all the war games and strategies worked out over the years, it hadn’t planned for a sophisticated nation-state hacking a political party and dumping thousands of emails out into the public in the middle of a high-profile presidential election,” she said.

The Post intercepted messages from Russian officials congratulating themselves afterwards. “They were happy with the outcome,” she said.

She said the situation raised questions beyond the election. “How should the U.S. deal with information warfare? Now that this Rubicon has been crossed, we’re going to see it again. Maybe in two years, maybe in four. And how will the Trump administration deal with an adversary that it has only reluctantly admitted as hacked the DNC?”

The panelists agreed the hackers might never be brought to justice.

“There are a lot of informal groups in Russia without a conventional chain of command,” noted Soldatov. “It makes it hard to see the whole picture. Where do you find the evidence to link directly?”

Later, Dembosky and Mularski disagreed about the term “cyber war.” 

“Nobody has ever been killed by a computer,” said Mularski. “Our lives are digital. We’re going to hear about cyber attacks all the time.”

Dembosky countered: “If you hack in and shut down a hospital system and are doing it intentionally, you’ve committed an act of war. If you shut down the U.S. power grid or the trading platform, you’re risking life and limb.”

In his opening remarks, Pitt Chancellor Patrick Gallagher recalled his days as director of the National Institute of Standards and Technology (NIST) in Washington, D.C. After 2 million ballots were disqualified in the 2000 U.S. Presidential election, Gallagher was part of a nonpartisan commission that explored the role of new technology in voting systems. His group developed a baseline framework of standards to improve the cyber infrastructure. 

Demosky, who is now an attorney, says he advises his clients to follow that NIST framework and layer their security. The experts said that as larger companies harden their defenses, the targets are shifting to softer operations, like hospitals and law firms.

“Hacking someone’s email in a presidential campaign is not a sophisticated thing,” Demosky reminded those assembled. “It’s a very low level thing that my 74-year-old mother could be trained on in about 30 minutes to execute successfully. This is not sophisticated. This is the new reality.”