The Corner

National Security & Defense

U. S. Intelligence Agencies Briefing the 2020 Campaigns on Cybersecurity

(Kevin Lamarque/Reuters)

The FBI, Department of Homeland Security and Office of the Director of National Intelligence are giving unclassified briefings to presidential campaigns about cybersecurity and espionage issues they may face ahead of the 2020 election, and the “best practices for mitigating risks.” According to CNN, the campaigns for former Housing and Urban Development secretary Julian Castro and businessman Andrew Yang confirmed they received the briefing.

It is likely that the briefing covered “spearphishing,” which involves sending deceptive messages to everyone in an organization and hope that at least one person chooses to follow the emailed instructions. One tech firm argued that the vast majority of the 2020 campaigns are falling short on the use of email authentication and advanced e-mail security. The conclusion is that the campaigns are well prepared for last cycle’s attacks, but not for the new attacks coming down the road.

Today, 83 percent of the top candidates rely solely on the security controls built into their email platforms—almost exclusively Gmail and Microsoft Office 365. The good news is that these controls have advanced to the point where they can weed out the kind of malicious links and malware to which Podesta fell victim. The bad news is that they’re utterly defenseless on their own against today’s most advanced forms of phishing.

One of the lesser-observed aspects of the 2016 hacking of Hillary Clinton’s campaign was how much could have been prevented with just one or two different decisions in response to a spearphishing attack.

According to the Muller report, the Main Intelligence Directorate of the General Staff of the Russian Army — known by the abbreviation GRU — hacked into the emails of John Podesta, the chairman of the Hillary Clinton presidential campaign, and the DNC through “spearphishing.”

On March 19, 2016, Podesta was sent an email that said

Hi John

Someone just used your password to try ˜to sign in to your Google Account john.podesta@gmail.com.

Google stopped this sign-in attempt. You should change your password immediately.

CHANGE PASSWORD –

It offered a link to a site that looked like a password-reset form . . . where the bad guys could steal his new password, log into his account, and copy all of the emails in there.

Podesta’s chief-of-staff forwarded the email to the operations help desk of Clinton’s campaign in Brooklyn, where a staffer wrote back concluding, “This is a legitimate email. John needs to change his password immediately.” (The staffer contends his response was a typographical error; he intended to write that it was NOT a legitimate email. That seemingly small error had far-reaching consequences.)

In an effort to prevent his email from getting hacked, Podesta opened the door for his email to get hacked. While ignoring the message wouldn’t have prevented the Internet Research Agency from posting all of their divisive messages and memes on social media, it would at least have hindered the GRU hacking of the e-mails and the posting of them on WikiLeaks.

There’s an old saying that a chain is only as strong as its weakest link. Similarly, an institution’s computer network is only as secure as the most gullible people using it, and unfortunately for the Clinton campaign, that turned out to be Podesta and the help-desk staffer.

Most Popular

Energy & Environment

The Climate Trap for Democrats

The more the climate debate changes, the more it stays the same. Polls show that the public is worried about climate change, but that doesn’t mean that it is any more ready to bear any burden or pay any price to combat it. If President Donald Trump claws his way to victory again in Pennsylvania and the ... Read More
Elections

Kamala Harris Runs for Queen

I’m going to let you in on a secret about the 2020 presidential contest: Unless unforeseen circumstances lead to a true wave election, the legislative stakes will be extremely low. The odds are heavily stacked against Democrats’ retaking the Senate, and that means that even if a Democrat wins the White House, ... Read More
Culture

What We’ve Learned about Jussie Smollett

It’s been a few weeks since March 26, when all charges against Jussie Smollett were dropped and the actor declared that his version of events had been proven correct. How’s that going? Smollett’s celebrity defenders have gone quiet. His publicists and lawyers are dodging reporters. The @StandwithJussie ... Read More
Politics & Policy

But Why Is Guatemala Hungry?

I really, really don’t want to be on the “Nicolas Kristof Wrote Something Dumb” beat, but, Jiminy Cricket! Kristof has taken a trip to Guatemala, with a young woman from Arizona State University in tow. “My annual win-a-trip journey,” he writes. Reporting from Guatemala, he discovers that many ... Read More