Nov 17, 2018

The newest target in political cyberattacks: campaign pocketbooks

Illustration: Rebecca Zisser/Axios 

In the 2016 presidential election, Russian agents created havoc by stealing and releasing emails. Campaigns have since improved their security with measures like two-factor authentication and encrypted and ephemeral messaging. But so-called doxxing attacks were last cycle’s problem.

What’s new: Although cyber crime was less of an issue in the 2018 midterm elections, lone wolf hackers and nation states are likely to take a bigger interest in the presidential race. Cyberattacks that compromise political campaign funding — whether by siphoning off money or cutting off donations — present a growing threat.

Russia, Iran and North Korea all have a history of disabling or destroying corporate websites and financial data archives — and in the case of North Korea, straight up stealing money. Any of them could reprise these attacks against campaigns and cut off the “mother's milk” of politics. Here are key threats to watch for:

Old fashioned trickery: In “social engineering” attacks, hackers manipulate people online to access passwords or cash.

  • In 2018, Phil Bredesen’s U.S. Senate campaign nearly lost hundreds of thousands of dollars when hackers breached a consultant’s email account. They used intelligence about an upcoming media buy to pose as a vendor and submit invoices.
  • A staffer contacted the FBI after noticing the wiring credentials were for a foreign account, but it’s an easy detail to miss.

Spoofing: Adversaries seek to suppress online giving by seeding doubt and confusion among donors with fake donation sites, often using deceptive domain names and “typo squatting.”

  • Domestic imposters have already created sites that look exactly like Donald Trump’s campaign site to solicit donations for bogus political action committees, effectively stealing money.
  • A North Carolina candidate reported this year that a Russian purchased the domain from a previous campaign of hers and attempted to mimic her newer site.

Dedicated denial of service (DDoS) attacks: A critical moment — the end of a fundraising quarter, day of a debate or night of a nominee’s convention speech — can yield presidential candidates millions. But not if their website is down.

What’s next: As with doxxing, a few simple changes can make a difference. Campaigns will need procedures to catch social engineering, stronger software to shield their sites from DDoS attacks, and services to detect imposter sites.

Robby Mook is a political strategist and senior fellow at the Harvard Kennedy School.

Go deeper: A handbook for campaigns from Harvard University Belfer Center’s Defending Digital Democracy project

Go deeper

Updated 2 mins ago - Politics & Policy

Gov. Tim Walz to mobilize Minnesota's full National Guard

Photo: Steel Brooks/Anadolu Agency via Getty Images

Minnesota Gov. Tim Walz announced on Saturday he is activating the full National Guard to respond to street violence in Minneapolis that broke out during protests of a police encounter that left a black man, George Floyd, dead.

Why it matters: This is the first time the state has activated the full National Guard since World War II. " The Minnesota National Guard told Axios in an email that up to 10,000 soldiers and airmen would be deployed after all activations and processing are complete.

Updated 17 mins ago - Science

Live updates: SpaceX attempts to launch NASA astronauts Saturday

SpaceX's Falcon 9 rocket on the launch pad. Photo: NASA/Joel Kowsky

At 3:22 p.m. ET today, SpaceX is expected to launch NASA astronauts Bob Behnken and Doug Hurley to the International Space Station for the first time.

Why it matters: The liftoff — should it go off without a hitch — will be the first time a private company has launched people to orbit. It will also bring crewed launches back to the U.S. for the first time in nine years, since the end of the space shuttle program.

Follow along below for live updates throughout the day...

Updated 32 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 1 p.m. ET: 5,974,938— Total deaths: 365,976 — Total recoveries — 2,529,761Map.
  2. U.S.: Total confirmed cases as of 1 p.m. ET: 1,750,203 — Total deaths: 102,906 — Total recoveries: 406,446 — Total tested: 16,099,515Map.
  3. Economy: What U.S. workplaces may look like next — George Floyd's killing and economic calamity are both part of America's unfinished business — The future of mobility in the post-pandemic world.
  4. Public health: CDC pares down guidance on how to reopen houses of worship —  The coronavirus could give bioterrorists ideas, security group warns.
  5. States: New York City will reopen June 8, Cuomo says.
  6. Supreme Court: Chief Justice Roberts sides with liberals in denying challenge to California's pandemic worship rules.