Yesterday the FBI and DHS released their joint report on the compromise of the Democratic Party during the 2016 Presidential Elections. The report blames the Russians for the cyber incidents that the Democrats suffered. It is worth noting how the Russians compromised the Democrats. Spearphishing. All the dirty work presented in the FBI/DHS report was made possible by spearphishing. The report summarizes the attacks with this graphic:
The critical path of the attack goes through Recipient who must perform Step 4 “Clicks on link and enters credentials.” What this report skips over is what occurs between Step 3 “Sent To” and Step 4 “Clicks on link and enters credentials.” Between these two steps, the Recipient is engaged in a cognitive process of converting the email of Step 3 into the actions of Step 4. This cognitive process is described in the paper Improving Cybersecurity Through Human Systems Integration which is published in The Small Wars Journal.