Cyberattacks likely against presidential campaigns: CIA
Attacks could range from simple defacement to stealing campaign secrets.
With the Republican and Democratic primary seasons winding down, both parties were warned by U.S. National Intelligence Director James Clapper that the various campaigns should expect to be targeted by cyberattacks.
Clapper gave no details on what could take place, but he said intelligence agencies “have already seen an indication” of cyber attacks against presidential campaign websites.
“DHS and FBI are doing what they can to educate both campaigns against potential cyber threats,” speaking at the Washington, D.C.-based Bipartisan Policy Center on Wednesday. “As the campaigns intensify, we will probably have more of them.”
Infosec professionals not only agree with the CIA director, but believe hackers may have a field day against poorly secured sites.
“As the tension around the presidential election raises, it would not be surprising to see an increase in hacking activity,” said Giovanni Vigna, co-founder and CTO of Lastline, to SCMagazine.com in an email.
John Gunn, vice president of corporate communications at VASCO Data Security, believe attacks will happen calling the candidates sites poorly prepared from a security standpoint, however, he also noted that many of the hackers have a rather low-skill set so they might have trouble pulling off a meaningful attack.
And as Clapper pointed out some attacks have already taken place. The hacker group Anonymous has been active earlier in the campaign doxxing Donald Trump earlier this year, although only revealing his publicly available information. The group also threatened former candidate Sen. Ted Cruz (R-Texas) but never followed through.
Last year, the Online Trust Alliance (OTA) issued a report measuring presidential campaign websites on standards related to privacy, security and consumer protections. The campaign websites of both Hillary Clinton and Donald Trump received failing grades.
Clapper said there is a “low- to moderate-level of cyber intrusion occurring around the clock,” during the keynote address. “The Chinese, in particular are eating our lunch every day,” he said.
During the 2008 and 2012 U.S. presidential campaigns, political websites of presidential candidates were attacked. The attacks “had an effect on how both McCain and Obama think about cybersecurity,” a former federal government official told SCMagazine.com earlier this year.
“It does influence candidates' approach to security,” the former official said. “However, it doesn't seem to influence how candidates build websites and how they secure information.”
“We know that ‘hacktivists' tend to look for high-profile targets, either to disrupt them or to spread the word about disagreement with a particular cause. In this case, the U.S. presidential election fits the bill - it is a contentious race, and a lot of people are watching,” Dwayne Melancon, Tripwire's CTO and vice president of research and development, told SCMagazine.com via email.
The type of attack the candidate's sites are likely to undergo was up for debate among security executives with some believing certain hackers will go for simple site defacement while others think campaign information will be the target.
Vigna believes most of the activity will center around vandalism, but Tripwire's Tim Erin, director of IT security and risk strategy, said other areas need to be considered based on the hacker's motivation.
“We're trying to develop a body of case law in terms of what determines an act of cyber war, cyber crime,” Clapper said during the keynote presentation.
“Candidates should expect, and be prepared for, cyber attacks based on multiple motivations, from ideological to purely opportunistic. When you have an outspoken candidate with a strong position, they necessarily garner extra attention, both good and bad, both in real life and online,” Erin said in an email to SCMagazine.com
Gadi Naveh, Check Point threat prevention researcher, told SCMagazine.com in an email that the attacks may well be politically motivated by mainline groups and not just the work of fringe organizations.
“There could be several goals for such attacks. First of all, they could be focused on spying on the candidates and their campaign plans. They could be aimed at embarrassing the candidates, as an attack against the Trump campaign tried to accomplish by leaking his voicemail. Attacks could also of course target voter data or a campaign's finances in order to try to manipulate the outcome of the election,” he said.
However, much like Richard Nixon learned the hard way, attempting to damage an opponent prior to Election Day may not work out as originally intended.
“However, it is not unlikely that more sophisticated form of attack, such as breaches targeting campaign-related information, would be possible. The problem is that these attacks might backfire against the campaign benefiting from them. Hacktivists from both sides might cause more damage than benefits,” Vigna said.
And Tripwire's Erin pointed out that the candidates are not the only people at risk during the election cycle, but the voters may be targeted through attacks that leverage the candidates name to spread cyber mayhem.
Large political donors do not often ask campaigns about information security, the former U.S. official said. These same donors demand are more rigorous in asking their financial and legal institutions about information security. “It's all in the database,” he told SCMagazine.com. “What are you doing to secure it?”
UPDATE: This story has been updated to include additional comments and analysis.