U.S. markets open in 3 hours 45 minutes
  • S&P Futures

    +10.50 (+0.23%)
  • Dow Futures

    +37.00 (+0.10%)
  • Nasdaq Futures

    +52.00 (+0.33%)
  • Russell 2000 Futures

    +3.60 (+0.19%)
  • Crude Oil

    -0.69 (-0.95%)
  • Gold

    +3.70 (+0.18%)
  • Silver

    -0.07 (-0.27%)

    -0.0008 (-0.08%)
  • 10-Yr Bond

    0.0000 (0.00%)
  • Vix

    -0.06 (-0.47%)

    +0.0005 (+0.04%)

    +0.2070 (+0.14%)
  • Bitcoin USD

    +2,550.66 (+6.12%)
  • CMC Crypto 200

    +42.39 (+4.93%)
  • FTSE 100

    +22.57 (+0.30%)
  • Nikkei 225

    +670.08 (+2.04%)

Anomali Publishes Comprehensive Analysis of Evidence in 2016 Election Hacks

Report Shows Organizations How to Use Related Threat Intelligence to Strengthen Defenses

2016 U.S. Presidential Election Hacking Timeline Click here for high-resolution version

REDWOOD CITY, CA--(Marketwired - Jan 26, 2017) - Anomali, provider of market-leading threat intelligence platforms, today announced the publication of Election Security in an Information Age, authored by Anomali Director of Security Strategy Travis Farral. The paper examines the recent implication of Russia's involvement in the 2016 United States presidential election-related hacks. Through in-depth analysis, the report consolidates all publicly available information to present a comprehensive timeline of events and address the challenges of attributing a culprit to the Democratic National Committee (DNC) hacks. Additionally, it provides critical insights to help organizations defend against adversaries that employ similar attack techniques.

Farral's thorough analysis takes into account various governments' long history of attempting to influence power in other nations. It further examines events surrounding the election attacks and the indicators of compromise (IOC) cited in the GRIZZLY STEPPE Joint Analysis Report (JAR) from the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI).

Some of the most salient findings revealed in the analysis are:

  • The DHS/FBI report does not meet its stated intent of helping network defenders and instead chooses to focus on a confusing collection of attribution, non-descriptive indicators and re-hashed tradecraft.

  • In the case of the elections, the evidence that has come out that supports involvement by elements of the Russian government is compelling, but not strong enough on its own to eliminate other possibilities.

  • Today, culprits can manipulate digital evidence to make it appear as if someone other than themselves perpetrated an attack.

  • Hacking is only one threat to election integrity that must be taken into consideration.

"Adversaries have become smarter and more sophisticated. They know how to obfuscate their digital footprints and make it look as if attacks are coming from sources other than themselves. This, along with overwhelming volumes of threat intelligence security teams contend with daily makes attribution extremely difficult," said Farral. "Fortunately, not knowing who actually 'did it' doesn't have to stand in the way of knowing how to defend against attacks. In the case of the DNC hacks, the security community knows enough about the IOCs, methods used and publicly facing intelligence to defend their own organizations against similar threats."

Farral, a former member of the ExxonMobil cybersecurity intelligence team and past State of Texas election judge, also provides insights on how organizations can defend against related attacks. Key guidance includes steps organizations should take, such as:

  • Implementation of two-factor authentication to secure access to email and networks.

  • Regular patching and penetration testing to reduce attack surface.

  • Implementation of education programs to train users to spot phishing and other attacks, and to know how to better protect sensitive information.

  • Robust threat intelligence collection, analysis and sharing amongst political, government and private organizations; especially among those that have experienced nation-state sponsored attacks.

To access the full report, Election Security in an Information Age, visit

About Anomali
Anomali delivers earlier detection and identification of adversaries in your organization's network by making it possible to correlate tens of millions of threat indicators against your real time network activity logs and up to a year or more of forensic log data. Anomali's approach enables detection at every point along the kill chain, making it possible to mitigate threats before material damage to your organization has occurred. Headquartered in Redwood City, Calif., the company is privately held and has received venture capital backing from General Catalyst Partners, GV, Institutional Venture Partners, and Paladin Capital Group, as well as individual investors. To learn more, visit and follow us on Twitter: @anomali.

Image Available: