Skip to main content

Analysis | The Cybersecurity 202: Virtual campaigning could give hackers new ways to attack the 2020 election

By Tonya Riley

Former vice president Joe Biden speaks during a virtual press briefing last month. (Andrew Harrer/Bloomberg News)

As the coronavirus forces political campaigns to shift their operations online, they are bracing for increased cyberattacks, disinformation and pranks designed to undermine the 2020 election. 
Experts say campaigns need to pay more attention to the digital risks posed by increased document-sharing and video conferencing — and the onslaught of coronavirus-themed email and phone scams that could also try to trick voters.
“Voter contact has shifted to digital and phones — and it's just primed for digital hackers and their shenanigans,” says Matt Rhoades, co-founder of Defending Digital Campaigns, a nonprofit group that connects political campaigns with free or reduced-price cybersecurity tools.
Social distancing measures in the United States may give some people more time to cause disruptions, said Rhoades, a former presidential campaign manager for Mitt Romney. “From a domestic digital threat we have a bunch of hackers sitting in their parents' basement eating ramen who have nothing to do but find weak spots in our elections,” he said.
But U.S. adversaries are also eager to find openings. Rhoades says that Iran and China – the latter of which has been behind a surge in hacking attempts during the pandemic aimed at stealing personal information – also “seem poised” to engage in cyberattacks against campaigns.
DDC is emphasizing to campaigns that they must securely send and receive documents especially now that more work has moved online. “Campaigns are real targets of bad cyber actors,” Michael Kaiser, president and chief executive of DDC, told me. “If you work in a campaign you have to assume you are a target.”
And Kaiser recommends campaigns use encrypted services such as Signal or Wickr, a DDC partner. Whichever they choose, Kaiser said, the key is enforcing consistent use across everyone in the campaign — which can be tricky for often loose-knit networks of staff and volunteers. “Making some of those cultural shifts about the way things get shared is a really important element right now,” Kaiser said.
But campaigns have been less forthcoming on how they're protecting themselves as they shift online and embrace new ways to reach voters. 
“Biden for President takes cybersecurity seriously and has high quality personnel to ensure that the campaign's assets are secure,” a representative for former vice president Joe Biden said in a statement. “In furtherance of this goal, we will not be answering questions about specific methods used to ensure this security.”
The campaigns for Sen. Bernie Sanders (I-Vt.) and President Trump did not respond to questions about what digital security steps they're taking.
While many campaigns have upped their efforts to protect email in the wake of the 2016 hack of Hillary Clinton's presidential campaign, there are deep concerns about the lack of protection for the virtual fundraisers, meetings and town halls that have boomed during the pandemic. 
Zoom, which the Biden campaign has used for town halls, has been blindsided by a number of security concerns, my colleague Cat Zakrzewski reported. After multiple reports of anonymous trolls targeting educators with racist and pornographic material, the FBI issued a warning last week advising that Zoom users should opt to keep meeting private and use participant-screening features. But my colleague Drew Harwell found thousands of private Zoom calls, including confidential therapy sessions, online last week, raising concerns about the company's privacy features.
“I know that the larger campaigns are super-sensitive to it,” says Shomik Dutta, co-founder and partner at Higher Ground Labs, a political technology accelerator. “If you have a great broadcast experience that is truly two-way, you don't want you somebody crashing the party drawing something strange on their screen or hijacking control of the thing.”
Higher Ground Labs has invested in a number of technologies, such as text-to-voter organizing tools, that are in demand as campaigns go digital, and has its eye on investing in more live event platforms. It encourages its start-ups to undergo frequent security and resiliency testing.
Disinformation and the threat of deepfakes are also another major concern for campaigns. U.S. officials have accused Russia, China and Iran of exploiting the global health crisis to spread misinformation about the disease and the United States' response to the pandemic.
This could extend to the political space as the election draws near — especially as virtual and phone campaigning open up the door for pranksters to pose as candidates.
But Rhoades says campaigns are in a box right now and security may not always be perfect. “Candidates have to be able to talk to voters,” Rhoades says. “Whether these systems are functioning at 110 percent, candidates have to move forward.”
Scams targeting voters or campaign workers could also pose a threat. Agari, an email security firm, has seen a nearly 600 percent increase of coronavirus-themed attacks against the private sector. While so far there has been no similar uptick in phishing scams using coronavirus-themed bait to steal personal information from campaigns, Agari chief identity officer Armen Najarian tells me, it's possible that could change.
Both the Sanders and Trump campaigns aren't fully using a security protocol that prevents hackers from sending emails pretending to be from their campaign website domains.
And the personal emails of campaign members are also not immune from increased coronavirus-themed scams.
“I think campaign staff are consumers, too, and while they might have a campaign email, they all have personal emails as well,” Kaiser says. “When it comes to the covid issues and the coronavirus, just like everyone else they're going to possibly be targeted during the crisis.”
You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.
Not a regular subscriber?


PINGED: The Wisconsin Supreme Court blocked an executive order by Gov. Tony Evers (D) that would have postponed today's elections until July, leaving pollworkers scrambling, my colleagues Amy Gardner, Elise Viebeck and Dan Simmons report. The decision could make it easier to challenge similar moves by other states to extend voting deadlines during the coronavirus pandemic.
The U.S. Supreme Court also struck down the state's plan for extended absentee voting with a 5-to-4 ruling in conservatives' favor.
Wisconsin Republicans strongly lobbied against changing the primary date in the state, reflecting a growing national sentiment from the party questioning vote-by-mail and other measures introduced to lessen coronavirus risks. President Trump alleged on Friday that mail-in voting would allow more voters to “cheat.”
“At the end of the day, this is about the people of Wisconsin,” Evers said Monday. “They frankly don’t care much about Republicans and Democrats fighting. They’re scared. We have the surgeon general saying this is Pearl Harbor. It’s time to act.”

 Zoom CEO Eric Yuan. (Mark Lennihan/AP)
BYTES: Sen. Michael Bennet (D-Colo.) criticized Zoom's privacy practices in a letter yesterday videos of thousands of private meetings surfaced online on public sites such as YouTube. The Colorado Democrat joins a growing list of Democrats who have criticized the videoconferencing company for putting users' privacy and security at risk.
“Many of these videos include intimate details of private businesses and personal relationships, potentially exposing users to significant financial, personal, and psychological harm,” Bennet wrote in a letter to Zoom CEO Eric Yuan. “In case after case, these issues consistently stem from Zoom’s deliberate decision to emphasize ease of use over user privacy and safety.”
Bennet wants to know all the data Zoom collects on users, how long it stores that data, and which third parties can access the data. He also wants to know what steps the company has taken to notify victims of the breach, which was first reported by my colleague Drew Harwell last week.
Zoom has taken a number of steps to address mounting security concerns with its platform and plans to make more privacy and security features available to users by default, Yuan told my colleague Cat Zakrzewski last week.

A fire-damaged telecom tower. (Darren Staples/Bloomberg News)
PWNED: YouTube will remove videos promoting a conspiracy theory that 5G communications networks cause the coronavirus, Hadas Gold at CNN reports. The conspiracy theory, which traces back to the virus's emergence in China, exploded over social media in the United Kingdom last week and led to arson and vandalism of more than a dozen cellphone towers.
Content promoting the false link between the virus and the communications technology appears on Facebook and Twitter, as well. Both companies are set to meet with government leaders about curbing the misinformation this week, Alex Hern and Jim Waterson at the Guardian report.


FILE PHOTO: A Huawei logo is seen on a device at a media event in London, Britain, February 18, 2020. Picture taken February 18, 2020. REUTERS/Peter Nicholls/File Photo

Industry groups representing U.S. chipmakers are pushing back against proposed changes that would prevent foreign merchants from selling chips made with U.S. technology without a license, Karen Freifeld at Reuters reports.
The rule change could hurt advanced medical equipment essential to coronavirus response, the groups argued in a letter to U.S. Commerce Secretary Wilbur Ross. The groups are asking for the department to allow a public comment period before the rules go into place.
The proposal is aimed at Chinese telecommunications giant Huawei, but could lead to reprisals against the United States by China, the company's chairman warned last week.
— More cybersecurity news from the public sector:

By splitting some of their teams, U.S. spy services are taking steps similar to those being implemented or considered by some large private employers.
The Wall Street Journal

President Trump is facing backlash for recently firing the intelligence community’s watchdog, with critics accusing him of seeking further impeachment revenge while the country is focused on the coronavirus crisis.
The Hill

FCC Chairman says the agency will now act on a rulemaking it’s been sitting on since 2016.


Cybersecurity news from the private sector:

Facebook is developing new tools that use aggregated, anonymized information about users' location to help public health officials figure out who's adhering to the social distancing guidelines.

Even after being warned by researchers, some companies still haven’t fixed systems that make it easy for hackers to take over accounts.

Here’s how to record abuse without being discovered, safeguard your devices, and, ultimately, protect yourself.
The New York Times


Cybersecurity news from abroad:

Police in India lodged a case this week against an unknown online fraudster who tried selling the world's largest statue for $4 billion, claiming the proceeds would be used to help the Gujarat state government fund its fight against the coronavirus.

Moscow held back on requiring digital bar codes to leave home, but other regions are pushing ahead with mobile tracking.
Isabelle Khurshudyan

Cracking down on offshore cyber criminals who are targeting Australian households and businesses through devious scams and attacks amid the coronavirus outbreak.

European police continue to fight criminal activity linked to the spread of COVID-19.


Popular posts from this blog

Analysis | The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent

By Joseph Marks 13-17 minutes THE KEY President Trump delivers an address about border security amid a partial government shutdown on Jan. 8. (Carolyn Kaster/AP) The partial government shutdown that's now in its 18th day is putting key cyber policy priorities on hold and leaving vital operations to a bare bones staff. But the far greater long-term danger may be the blow to government cyber defenders' morale, former officials warn. With the prospect of better pay and greater job security in the private sector, more government cyber operators are likely to decamp to industry, those former officials tell me, and the smartest cybersecurity graduates will look to industry rather than government to hone their skills. That’s especially dangerous, they say, considering the government’s struggle to recruit and retain skilled workers amid a nationwide shortage of cybersecurity talent. About 20 percent of staffers are furloughed at the De

Democrats call for investigation into Trump’s iPhone use after a report that China is listening:Analysis | The Daily 202 I The Washington Post. By James Hohmann _________________________________________________________________________________ President Trump and Chinese President Xi Jinping visit the Great Hall of the People in Beijing last November. (Andrew Harnik/AP) With Breanne Deppisch and Joanie Greve THE BIG IDEA: If Democrats win the House in two weeks, it’s a safe bet that one of the oversight hearings they schedule for early next year would focus on President Trump’s use of unsecured cellphones. The matter would not likely be pursued with anywhere near the gusto that congressional Republicans investigated Hillary Clinton’s use of a private email server during her time as secretary of state. Leaders of the minority party have higher priorities . But Democratic lawmakers made clear Thursday morning that they will not ignore a New York Times report that Trump has refused to stop using iPhones in the White House, despite repeated warnings from U.S. intelligence offici

RTTNews: Morning Market Briefing.-Weekly Jobless Claims Edge Down To 444,000. May 13th 2010

Morning Market Briefing Thu May 13 09:01 2010   Commentary May 13, 2010 Stocks Poised For Lackluster Open Amid Mixed Market Sentiment - U.S. Commentary Stocks are on pace for a mixed start to Thursday's session, as a mostly upbeat jobs report continued to relieve the markets while some consternation regarding the European debt crisis remained on traders' minds. The major index futures are little changed, with the Dow futures down by 4 points. Full Article Economic News May 13, 2010 Weekly Jobless Claims Edge Down To 444,000 First-time claims for unemployment benefits showed another modest decrease in the week ended May 8th, according to a report released by the Labor Department on Thursday, although the number of claims exceeded estimates due to an upward revision to the previous week's data. Full Article May 13, 2010 Malaysia's Decade High Growth Triggers Policy Tightening Malaysia's economy grew at the fastest pace in a decade in