Election Tech: What happens when presidential candidates are hacked

hillaryclintoncnet.jpg

22 Jan 2016, Rochester, New Hampshire, USA —- U.S. Democratic presidential candidate Hillary Clinton speaks during a town hall meeting at Rochester Opera House in Rochester, New Hampshire January 22, 2016. —- Image by © Porter Gifford/Corbis

Last week news broke that the Democratic National Committee was hacked. Allegedly sponsored by the Russian government, hacker group Guccifer 2.0 accessed DNC servers during early summer 2015. The group silently poked around for months and was discovered only when the attacker accessed the Donald Trump opposition research folder.

This week the Bill, Hillary, and Chelsea Clinton Foundation was breached in a similar attack by the same group. US officials were aware of the foundation breach as early as last week and alerted the Clinton, Sanders, and Trump campaigns of suspected hacking activity related to each presidential campaign.

Some hacks happen in secret. Others, like the DNC and Clinton Foundation attacks, are embarrassingly public. Sooner or later, every campaign, political organization, non-profit, and business will suffer a serious security breach. Hacking and data theft is now the cost of doing business for both political organizations and private institutions.

READ: Three ways encryption can safeguard your cloud files (Tech Pro Research story)

When political organizations are hacked, what lessons can business learn from how these organizations respond? TechRepublic spoke with security experts at Tripwire, Impervia, and VASCO about why organizations get hacked, the value of data, and response best practices.

The Value of Data

Mark Kraynak. SVP & GM, Enterprise Solutions, Imperva:

[The DNC and Clinton Foundation attacks] demonstrate that all data has value to someone – even if it’s not commercial data. The problem is that the value to an intruder may be higher than it is to the data owner, at least until it is compromised. Situations like this are a great reminder of the need for all organizations to ensure the security of their data and that they have appropriate response mechanisms in place for the inevitable attack.

Why Organizations are Attacked

Dwayne Melancon, CTO and VP of Research & Development, for Tripwire:

We know that ‘hacktivists’ tend to look for high-profile targets, either to disrupt them or to spread the word about disagreement with a particular cause. In this case, the US presidential election fits the bill – it is a contentious race, and a lot of people are watching. What’s curious in this case is that, while there are a lot of attacks going on, the motivations are not as clear-cut, and certainly not all aligned.

Tim Erin, Director of IT Security and Risk strategy at Tripwire:

There’s no reliable reporting on how often campaigns are being attacked, but it’s reasonable to assume that they are experiencing constant activity, whether reconnaissance, nuisance, or serious threats. Presidential campaigns are high visibility and highly polarizing, so they should expect this kind of attention.

The increase in cyber attacks will involve more than targeting the candidates and their campaigns directly. The population in general should be on the lookout for attacks that leverage political candidates but target the average consumer.

Campaigns aren’t permanent entities, so they have to react to a breach in different timeframes, but they still have legal obligations to protect sensitive data. Any campaign should have an incident response plan before an incident occurs. The plan and the response should include identifying what data was affected, which people need to be notified, and of course, communication to the public.

Protect Yourself

John Gunn, VP at VASCO Data Security:

Most foundations and political organizations have a remarkably limited attack exposure; these are not global organizations with thousands of business partners and millions of customers. Protecting their perimeter only takes the basics, such as two-factor authentication, and a simple encryption solution would render useless any information that might be stolen. These are pretty much your basic hacker defenses from the 90s.

Read more