Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Stay on top of the latest market trends
Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.
Sports news worthy of your time
Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.
Tech news worthy of your time
Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.
Get the inside stories
Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Want a daily digest of the top Denver news?
Get a daily digest of the most important stories affecting your hometown with Axios Denver
Want a daily digest of the top Des Moines news?
Get a daily digest of the most important stories affecting your hometown with Axios Des Moines
Want a daily digest of the top Twin Cities news?
Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities
Want a daily digest of the top Tampa Bay news?
Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay
Want a daily digest of the top Charlotte news?
Get a daily digest of the most important stories affecting your hometown with Axios Charlotte
Photo: Andrew Caballero-Reynolds/AFP/Getty Images
Democratic Sen. Jeanne Shaheen's team has sent out three fake spearphishing email campaigns to staffers over the last 18 months to test whether they’d fall for real hacking, her chief of staff, Maura Keefe, tells Axios. The result? Several fell for it.
Why it matters: Every political operation in the country is grappling with the reality that hackers may target them — that is, if they haven’t been infiltrated already.
- The offices of Shaheen and Democratic Sen. Claire McCaskill have both been targeted by phishing emails.
- Russian hackers successfully spearphished the DNC and DCCC in 2016.
The context: Keefe's effort is just one indicator of the cybersecurity culture shift starting to happen on the Hill:
- They sent one email campaign prompting staff to open an attachment from an address imitating Keefe’s Senate email with a slight typo.
- Another mimicked the legitimate attack last year that hit McCaskill’s team.
- Another asked staff to change their Facebook passwords.
- Those who got caught had to retake a cyber training course.
The impact: Fewer staffers clicked the phishing links with each new campaign, from five or six on the first, to just one. "It works," Keefe said. "It’s become a little bit of a point of pride for the staff to be on top of it."
The big picture: This is about playing catch-up on cybersecurity. "I was not hyper-aware and I don't think many people were" before the 2016 elections about cybersecurity, said Keefe. She added she didn't think Sen. Shaheen's previous campaign even had a line item in the budget for it. "It's definitely been an awakening," she said.
- What’s next: Keefe, who chairs the Democratic chiefs of staff group, intends to discuss cybersecurity budgeting for the campaign cycle with other chiefs of staff.
- Campaigns generally are nowhere near where Sen. Shaheen's office is — and she's not up for reelection until 2020. One-third of House candidates have vulnerable websites right now, according to a study released this month, and campaigns are often too strapped for cash to afford cybersecurity expertise.
- The DNC has been sending spearphishing training emails to staffers as well, a Democratic source tells Axios.
The bottom line: The nature of political operations — from Iowa presidential strivers to the halls of the Senate — is changing. It's no longer just about policy and messaging, but also running cybertraining bootcamps to outsmart adversaries. And politicians can train their teams all they want, but each office is only as secure as its weakest, most distracted, careless clicker.
Go deeper: