Binge This

Half Full

Eat. Drink. Think.

Photo Illustration by Elizabeth Brockway/The Daily Beast

Memo to 2020 Democrats: The Time To Start Prepping For Russian Hacking Is Now.

As 2016 proved, missteps early on can become giant headaches later in the game.

Andrew Binns7.21.18 9:08 PM ET

As our country struggles to piece together what happened in the 2016 election, the harsh reality is that the 2020 campaign is already under attack. Russia continues to hack, probe, and meddle and they’re not going to quit anytime soon.

And here’s something even more sobering to consider: our elected officials are not up the task to stop it.

The President has sided with Vladimir Putin. His enablers in Congress are too frightened of a presidential Twitter lashing to push back, and the rest of the federal government, including the FBI, CIA, and NSA, are focused on intelligence gathering and reactionary investigations.

Those running for office have been left on their own when it comes to combating foreign nation-state attacks, which are happening every single day in the form of phishing scams, DDOS attacks, network probes, social engineering schemes, and brute force intrusions. Indeed, on Thursday, Microsoft’s VP of Customer Security said the company had already intercepted attacks on three high-profile 2018 candidates that had been launched by the same Russian group that hacked the DNC.

For those running for office—or, even, with designs to do so down the road—let me state in unequivocal terms that the time to start prepping is now. Having served as the Chief Information Officer of the 2016 Democratic National Convention in Philadelphia, along with 15 years in the field, I am acutely aware of what happens when that prep work comes too late.

The most important step is to change IT security culture—or, in many cases, create one. It’s a way of thinking that must be practiced from the campaign manager down to the volunteers, along with a commitment to doing so in a smart way, so people can still function in their fast-paced, transient, high-pressure jobs.

IT Security is complicated, I know. But so is legal work, accounting, polling, compliance, and ad buying. Campaigns budget for those necessary services. And yet, they too often are frugal when it comes to engaging with IT security experts who can tell them what to do and how to stay out of trouble. After all, if you don’t know what to ask, or even what the threats are, what chance does your campaign stand against a nation-state hacking group?

The good news is that at the top level, major campaign committees like the DNC, DCCC, and DSCC are working to change the culture by investing millions of dollars into combating foreign attacks. The DNC installed a formidable CTO previously at Twitter and Uber, Raffi Krikorian, and added former Yahoo executive Bob Lord as Chief Security Officer. Both come from companies that are on the front lines of cyber attacks. They understand that IT security is not a piece of hardware you plug in or some software you install, but a holistic effort across an organization.

But the big organizations can’t be all that we worry about. Smaller and mid-tier campaigns are still falling short of the commitment needed. Worse, some still don’t recognize the seriousness of the problem. Many don’t even know where to begin.

Security and expertise costs money, and many campaigns—especially those that are just coming together, including prospective 2020 candidates—aren’t yet committed to funding these new needs.

Some folks might say, “Well, my campaign doesn’t have any interesting documents or data.” And they may be right!

But what they do have are people, and people who start on small campaigns end up working on larger campaigns later. If those people are compromised by lax security early on, they can unwittingly bring those compromised accounts and devices with them, compound the problem, and perpetuate the cycle. As the most recent Mueller indictment outlined, the DNC was compromised through a DCCC staffer’s account, who provided Russian actors an end-run around DNC security.

Finally, candidates, high profile surrogates, and staff need to take responsibility for all their personal accounts and devices. Everything you touch needs to be secured. The weakest link can create a cascading effect that leads to your private emails plastered across the Internet.  

Do the Russians really care what you’re watching on Netflix? Probably not. But they do care about the billing address you have stored there and the answers to your security questions they can see once they’ve logged in. A single compromised account may not seem like a lot. But taken in aggregate, an attacker can build a profile over time to compromise more sensitive accounts like your email, iCloud, or Dropbox.

The most powerful tool in a hacker’s arsenal, in the end, is human error. And the best way to guard against human error is to start thinking critically about these issues now, before they became major problems down the road.

Campaigns need to recognize what’s at stake, or 2020 will turn into the Wild Wild West where Russia, China, Iran, or North Korea throw everything they have at attacking our democracy. After all, these countries know the current U.S. President may end up siding with them.

Cheat Sheet®

The 10 Most Important Stories Right Now


    Trump Claims Carter Page Docs Prove ‘Witch Hunt Rigged’

    Even some Republican lawmakers say the newly released documents show just the opposite.


    Russian Tycoon ‘Acted as Maria Butina’s Financial Backer’

    Konstantin Nikolaev, who has major investments in U.S. energy and technology companies, has no known direct links to President Trump but a few indirect ones.

  3. 3. BRUTAL

    Trader Joe’s Gunman ‘Shot His Grandmother’ Before Standoff

    She is in critical condition, while the store manager has been identified as the suspect’s third victim.

  4. 4. CHAOS

    20 Killed in Kabul as Exiled Vice President Returns

    A suicide bomber struck at the entrance to the airport as crowds waited to greet the controversial figure.


    How Bad Intel Sparked the Last Battle of the Vietnam War

    The Daily Beast reveals the first panicked moments of the Mayaguez incident, a botched rescue mission that left over a dozen U.S. servicemen dead.


    Rapper Tekashi 6ix9ine Kidnapped and Robbed in Brooklyn

    The attackers reportedly took about $750,000 worth of jewelry.

  7. 7. TERRIBLE

    UK Police Probe Acid Attack on 3-Year-Old Boy

    “At this time we are treating this as a deliberate attack on a three-year-old boy.”


    Billy Joel: I Had to Tell Trump ‘Nazis Aren’t Good People’

    The singer says he had to speak out after violence at a white nationalist rally in Charlottesville. " It really enraged me, actually.”


    Accused Russian Spy Met With U.S. Treasury, Fed Officials

    The meetings were reportedly arranged by a Washington think tank known for its pro-Russia views.


    Israel Evacuates Hundreds of Syria’s White Helmets

    The Israeli military says it rescued the civil defense workers and their families “due to an immediate threat to their lives.”