AUDIE CORNISH, HOST:
We're going to look more closely at the hacks of the Democratic National Committee with someone whose team figured out they were the work of Russia. Dmitri Alperovitch is the co-founder and chief technology officer of the cyber security firm Crowdstrike. He joins us now by Skype. Welcome to the program.
DMITRI ALPEROVITCH: Thank you.
CORNISH: When the DNC first called you, what were the early indications of who might be involved?
ALPEROVITCH: Well, we right away were able to determine that there were two intrusions inside the network, two separate actors that we affiliated with the Russian intelligence services that we call Fancy Bear and Cozy Bear that were inside. We did that by installing our software that we call Falcon on every machine within the DNC, every one of their laptops and servers on their corporate network.
And it functioned essentially as a video camera inside the computer, allowing us to record and look at every activity that was taking place inside that machine. So we were able to literally shoulder surf and observe what these attackers were doing while inside the network.
CORNISH: Oh, and what are some of the I guess markers of a hack or of a particular hacker that maybe they leave behind?
ALPEROVITCH: Well, so any time you do an investigation of the sort, you collect a lot of digital evidence, sort of the equivalent of fingerprints at a crime scene where you're looking at, what exactly are the tools that they used to break in? How did they move around from one machine to another? How did they try to hide themselves within the network? Those are the telltale signs typically of a particular group.
And these hackers - they tend to be lazy. Once they figure out what works, they tend to repeat it again and again and again across many victims. And that's their Achilles' heel.
CORNISH: What surprised you about how these Russian-connected groups went about their work? I mean were you surprised at the boldness of this move?
ALPEROVITCH: I really wasn't initially because at the time we were brought in, I assumed it was a traditional espionage operations. Political parties get targeted all the time. In fact during the 2008 and 2012 campaigns, we had other nation states like China targeting campaigns. But they were not releasing that information publicly. They were taking policy documents, information about people involved in the campaign and providing that as information to the Chinese leadership.
I assume that the Russians were interested in the same thing. And it really was surprising to me when we started to see all these leaks coming out from the DNC and other organizations that have been targeted. And it became very, very clear that the goal here was not just espionage but really to influence this election.
CORNISH: Lisa Monaco, President Obama's homeland security and counterterrorism adviser, says the U.S. is responding to Russia. But what do you make of the U.S.'s kind of broader response to the hack so far?
ALPEROVITCH: Well, I've been very disappointed in their response. Not only have they waited very, very long time to actually conduct the public attribution. It was done as a statement. Compare that to when the North Koreans hacked into Sony and destroyed the Sony Network. You had the president coming out and stating that it was North Korea and using his bully pulpit to announce sanctions against North Korean regime.
Nothing of the sort was done against Russia, and arguably this was a much more important intrusion in terms of influencing our election versus just an attack on one company.
CORNISH: We've also heard reports that the U.S. was concerned about essentially escalating these tensions. And is that something worth thinking about here as we go forward and figure out the rules of engagement when it comes to cyber-warfare?
ALPEROVITCH: Well, you always want to worry about escalation, and you certainly don't want any attacks in the cyber realm to then start migrate into the physical realm where we may actually get into a hot conflict with Russia. That's not in anyone's interests.
But at the same time, you can't simply take these types of attacks, particularly when they're impacting the most vital institution that we have in this country, our democratic process and the idea of free and fair election. And you have to absolutely stand up to Russia and let them know that this is unacceptable and that there will be repercussions if they continue this behavior.
CORNISH: Dmitri Alperovitch, thank you so much for speaking with us.
ALPEROVITCH: Thanks for having me.
CORNISH: Dmitri Alperovitch is the co-founder and chief technology officer of the cyber security firm Crowdstrike. Transcript provided by NPR, Copyright NPR.