Nov 17, 2018

The newest target in political cyberattacks: campaign pocketbooks

Illustration: Rebecca Zisser/Axios 

In the 2016 presidential election, Russian agents created havoc by stealing and releasing emails. Campaigns have since improved their security with measures like two-factor authentication and encrypted and ephemeral messaging. But so-called doxxing attacks were last cycle’s problem.

What’s new: Although cyber crime was less of an issue in the 2018 midterm elections, lone wolf hackers and nation states are likely to take a bigger interest in the presidential race. Cyberattacks that compromise political campaign funding — whether by siphoning off money or cutting off donations — present a growing threat.

Russia, Iran and North Korea all have a history of disabling or destroying corporate websites and financial data archives — and in the case of North Korea, straight up stealing money. Any of them could reprise these attacks against campaigns and cut off the “mother's milk” of politics. Here are key threats to watch for:

Old fashioned trickery: In “social engineering” attacks, hackers manipulate people online to access passwords or cash.

  • In 2018, Phil Bredesen’s U.S. Senate campaign nearly lost hundreds of thousands of dollars when hackers breached a consultant’s email account. They used intelligence about an upcoming media buy to pose as a vendor and submit invoices.
  • A staffer contacted the FBI after noticing the wiring credentials were for a foreign account, but it’s an easy detail to miss.

Spoofing: Adversaries seek to suppress online giving by seeding doubt and confusion among donors with fake donation sites, often using deceptive domain names and “typo squatting.”

  • Domestic imposters have already created sites that look exactly like Donald Trump’s campaign site to solicit donations for bogus political action committees, effectively stealing money.
  • A North Carolina candidate reported this year that a Russian purchased the domain from a previous campaign of hers and attempted to mimic her newer site.

Dedicated denial of service (DDoS) attacks: A critical moment — the end of a fundraising quarter, day of a debate or night of a nominee’s convention speech — can yield presidential candidates millions. But not if their website is down.

What’s next: As with doxxing, a few simple changes can make a difference. Campaigns will need procedures to catch social engineering, stronger software to shield their sites from DDoS attacks, and services to detect imposter sites.

Robby Mook is a political strategist and senior fellow at the Harvard Kennedy School.

Go deeper: A handbook for campaigns from Harvard University Belfer Center’s Defending Digital Democracy project

Go deeper

What we know: Deadly Storm Dennis whips at England, Wales and Ireland

Photo: OLI SCARFF/AFP via Getty Images.

At least two deaths are being attributed to Storm Dennis on Monday as it continues to strike at parts of England, Wales and Ireland, per AccuWeather.

The big picture: Dennis is the second-strongest nontropical storm ever recorded in the North Atlantic Ocean. Its hurricane-force winds and heavy rains have caused widespread flooding across the United Kingdom. The army has been deployed in the U.K. to help with flood relief.

Coronavirus cases rise as 14 American evacuees infected

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's NHC; Note: China refers to mainland China and the Diamond Princess is the cruise ship offshore Yokohama, Japan. Map: Danielle Alberti/Axios

14 Americans evacuated from the Diamond Princess cruise ship tested positive for the novel coronavirus before being flown in a "specialist containment" on a plane repatriating U.S. citizens back home, the U.S. government said early Monday.

The big picture: COVID-19 has now killed at least 1,775 people and infected more than 70,000 others. Most cases and all but five of the deaths have occurred in mainland China.

Go deeperArrowUpdated 2 hours ago - Health

The cost of going after Bloomberg

Illustration: Eniola Odetunde/Axios

Here's the growing dilemma for 2020 Democrats vying for a one-on-one showdown with frontrunner Bernie Sanders: Do they have the guts — and the money — to first stop Mike Bloomberg?

Why it matters: Joe Biden, Pete Buttigieg, Amy Klobuchar and Elizabeth Warren all must weigh the costs of punching Bloomberg where he looks most vulnerable: stop-and-frisk, charges of sexism, billionaire entitlement. The more zealous the attacks, the greater the risk he turns his campaign ATM against them.