DNC creates 'cybersecurity board' without any actual cybersecurity experts following hack

The Democratic National Committee (DNC) has responded to the continued fallout from the DNC hack and subsequent email leak by setting up an advisory board dedicated to looking at cybersecurity, which sounds sensible, but there's just one problem – none of the people on the board has any expertise in cybersecurity. US news site Politico has obtained an internal memo from DNC's interim chairwoman Donna Brazile stating that she is "creating a Cybersecurity Advisory Board composed of distinguished experts in the field", which is designed to "ensure that the party is prepared for the grave threats it faces—today and in the future".

The four people chosen for this advisory board include: Rand Beers, former acting secretary of the Department of Homeland Security acting secretary; Nicole Wong, who was formerly deputy chief technology officer of the US government, as well as a technology lawyer for Google and Twitter; Aneesh Chopra, co-founder of Hunch Analytics and another former chief technology officer of the US government; and Michael Sussmann, a former Justice Department cybercrime prosecutor who is now a partner in privacy and data security at the law firm Perkins Coie.

However, Techdirt's Mike Masnick claims that this might be a mistake, because none of these distinguished individuals has any practical experience with cybersecurity, so how can they be of any help?

"I've met and/or dealt with Chopra and Wong – and both are very smart and good policy people. The other two seem to have good policy chops as well," writes Masnick.

"But none of them are actual cybersecurity experts. I have no problem with these people being on this advisory board, but it's insane to put together a cybersecurity advisory board that doesn't include at least a single (and probably more) actual technologist with experience in cybersecurity."

DNC hacking has caused great embarrassment for the Democrats

In case you need reminding, the whole reason why the DNC needs better cybersecurity is because its current practices are so bad that it has led to the DNC's servers being attacked by a hacker known as Guccifer 2.0, who has leaked a large amount of sensitive internal documents relating to the Democrats' US presidential nominee Hillary Clinton, as well as research dossiers on her opponent Donald Trump and former Alaska governor Sarah Palin.

The leaked documents also include the names of convicted Democrat donors, a plot to oust fellow presidential candidate Bernie Sanders, plus 200,000 emails leaked to whistleblowing website WikiLeaks, which Guccifer 2.0 has also claimed responsibility for, and has led to top officials in the DNC resigning from their positions.

In an interview with Motherboard Vice, Guccifer 2.0 said he hacked into the DNC in summer 2015, using an unknown vulnerability in NGP VAN, which is a software provider for the DNC, to hack into the DNC servers, which have a Windows architecture, although security researchers have not been able to verify any of these claims.

"I installed my Trojans on several PCs. I had to go from one PC to another every week so CrowdStrike couldn't catch me for a long time," he said. "I know that they have cool intrusion detection system. But my heuristic algorithms are better."

However, multiple cybersecurity firms analysing malware samples collected from the DNC hack disagree and say there is substantial evidence that Russian state-sponsored hacking groups Cozy Bear and Fancy Bear were in fact responsible.

And the hacks continue – on Friday 12 August, Guccifer 2.0 leaked documents, memos and passwords from the Democratic Congressional Campaign Committee (DCCC), which shares office space with the DNC and is likely using similar computer networks. The hacker has now been blocked from Twitter for using the social media platform to post links to the leaked content.

The DNC was unavailable for comment at the time of going to press.