The newest target in political cyberattacks: campaign pocketbooks

In the 2016 presidential election, Russian agents created havoc by stealing and releasing emails. Campaigns have since improved their security with measures like two-factor authentication and encrypted and ephemeral messaging. But so-called doxxing attacks were last cycle’s problem.

What’s new: Although cyber crime was less of an issue in the 2018 midterm elections, lone wolf hackers and nation states are likely to take a bigger interest in the presidential race. Cyberattacks that compromise political campaign funding — whether by siphoning off money or cutting off donations — present a growing threat.

Russia, Iran and North Korea all have a history of disabling or destroying corporate websites and financial data archives — and in the case of North Korea, straight up stealing money. Any of them could reprise these attacks against campaigns and cut off the “mother's milk” of politics. Here are key threats to watch for:

Old fashioned trickery: In “social engineering” attacks, hackers manipulate people online to access passwords or cash.

• In 2018, Phil Bredesen’s U.S. Senate campaign nearly lost hundreds of thousands of dollars when hackers breached a consultant’s email account. They used intelligence about an upcoming media buy to pose as a vendor and submit invoices.
• A staffer contacted the FBI after noticing the wiring credentials were for a foreign account, but it’s an easy detail to miss.

Spoofing: Adversaries seek to suppress online giving by seeding doubt and confusion among donors with fake donation sites, often using deceptive domain names and “typo squatting.”

• Domestic imposters have already created sites that look exactly like Donald Trump’s campaign site to solicit donations for bogus political action committees, effectively stealing money.
• A North Carolina candidate reported this year that a Russian purchased the domain from a previous campaign of hers and attempted to mimic her newer site.

Dedicated denial of service (DDoS) attacks: A critical moment — the end of a fundraising quarter, day of a debate or night of a nominee’s convention speech — can yield presidential candidates millions. But not if their website is down.

• Iranian hackers took down the sites of over 46 Wall Street firms in 2014, causing tens of millions of dollars in damage. There’s no reason they — or Russia, China, or North Korea — couldn’t do the same to a candidate.

What’s next: As with doxxing, a few simple changes can make a difference. Campaigns will need procedures to catch social engineering, stronger software to shield their sites from DDoS attacks, and services to detect imposter sites.

Robby Mook is a political strategist and senior fellow at the Harvard Kennedy School.

Go deeper: A handbook for campaigns from Harvard University Belfer Center’s Defending Digital Democracy project