The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: DNC heads to Iowa to help protect caucuses from digital attacks and disinformation

with Tonya Riley


The Democratic National Committee’s top cybersecurity and disinformation experts will head to Iowa to help protect the caucuses against digital attacks from Russia and other U.S. adversaries. 

The team will run a rapid response operation out of the Iowa Democratic Party’s main operations center in Des Moines on caucus night, the DNC's chief technology officer Nellwyn Thomas said in an interview. 

The team will be standing by to act on any reports of possible hacking of caucus technology. It will also flag for social media companies anything that violates their policies and work with the state party and campaigns to punch back at phony narratives that spread online. 

“All eyes are on Iowa,” Thomas told me. “Any doubt about the outcome or especially about the legitimacy of the process could really cast a shadow, so we’re doing everything we can to be ready for it.”

Iowa’s first-in-the-nation caucus will mark the DNC’s greatest challenge so far in efforts to guard its presidential contenders from the same fate that befell Hillary Clinton in 2016 when her campaign was upended by a Russian-backed hacking and disinformation effort. 

The DNC has surged its work on cybersecurity since then and even intervened to quash Iowa state Democratic Party plans to allow some people to caucus remotely using smartphone apps over security concerns. The national party has also held biweekly calls with campaigns to talk about cybersecurity and disinformation and run anti-disinformation war rooms during the Democratic debates, Thomas told me. 

But Monday’s caucuses will be the first time those efforts come face to face with the actual voting process, and threats to the 2020 contest are already emerging. Social media companies are already seeing evidence of Russian attempts to sow disinformation about Democratic candidates, notably an October campaign uncovered by Instagram that spread false narratives about former Vice President Joe Biden, Sen. Elizabeth Warren (D-Mass.) and Sen. Kamala Harris (D-Calif.), who has since dropped out of the race. 

Microsoft also reported in October that Iranian hackers tried to penetrate email address associated with a presidential campaign -- which Reuters identified as the Trump campaign. And intelligence officials have warned that Russia, China, Iran, and other nations “will seek to interfere in the voting process or influence voter perceptions” in 2020. 

“This is the highest stakes because what's on the line is the will of the Democratic electorate, and there's nothing more important than that,” Thomas said. “The most important thing is making sure that we have truth and accuracy coming out of such an important milestone in our nomination process.”

Thomas declined to say how many DNC security and disinformation staffers will be on the ground in Iowa, but said it will be a decent portion of the 55-member team dedicated to those issues. The team will be especially focused on disinformation operations, she said. That's partly because caucuses are less dependent on technology than primaries and thus less in danger of hacking. It's also because they involve a highly complicated process of allotting delegates that’s not well understood by the public and “makes them ripe for misinterpretation and misinformation,” Thomas said.

They will be in close contact with the party’s voter protection teams who will be monitoring caucus sites and can report back about whether online reports about difficulties registering or accessing caucusing sites or other problems are legitimate or made up.

The team will be be on the lookout for coordinated disinformation campaigns from abroad -- and for less coordinated efforts that seek to undermine public confidence in the results, including by suggesting caucus results were tallied wrong or that a candidates' supporters were disenfranchised. Those could come from disgruntled Republicans or even from Democrats who aren’t happy about how the night is going for their preferred candidate, she said. 

“There's a full spectrum of potential false narratives and we're going to be monitoring all of them. What we’re really focused on is any false narrative about the legitimacy of the results,” Thomas told me. “That could be really detrimental to voters’ trust in this process.”

The DNC plans to run similar efforts to protect other primaries and caucuses but is waiting to see what happens in Iowa before finalizing those plans, Thomas told me. 

Its Iowa efforts are also part of a broader government plan to protect the caucus. The Department of Homeland Security’s main cybersecurity division will run an online chat room throughout the night for election and campaign officials to sort through reports of suspicious activity. 

The state party has also spent months working with the DNC and cybersecurity experts to test and safeguard digital systems that will transmit caucus results, Iowa Democratic Party Chair Troy Price told me in a statement. 

“Iowa has the honor of holding the first-in-the-nation state party contest and we take our responsibility to protect the integrity of our democratic process and secure Iowans’ votes very seriously,” Price said. "We continue to work closely with security experts to prepare our systems, and we are confident in the security systems we have in place.”

This story has been updated to correct the spelling of Iowa Democratic Party Chair Troy Price's name. 


PINGED: New York Times journalist Ben Hubbard was targeted in June 2018 with spyware linked to Saudi Arabia and to NSO Group, a controversial Israeli firm that's faced harsh criticism for allegedly allowing its hacking tools to be used by authoritarian regimes, my colleague Ellen Nakashima reports. The revelation comes as experts warn of a dangerous escalation in the use of unregulated spyware.

Hubbard is the first known American journalist targeted by malware created by NSO Group, according to a new report from the University of Toronto's Citizen Lab. However, Citizen Lab previously found evidence suggesting someone may have been using a sham Washington Post website to infect targets with NSO Group malware leading up to and after the killing of Post columnist Jamal Khashoggi in October 2018.

“The targeting of yet another journalist — in this case at the New York Times — makes it clear that the current regulatory regime for the spyware industry is not working,” the report concludes. In total, Citizen Lab researchers have identified 36 NSO clients that have used the company's spyware on hundreds of targets in 45 countries. Last fall, Facebook sued NSO in federal court, claiming it illegally helped clients hack into its Whatsapp messaging service, compromising the mobile devices of more than 100 people worldwide, including activists and journalists.

Hubbard learned about the attempted hack of his phone in October 2018 while covering a story about a Saudi dissident targeted by the same spyware called Pegasus. He did not open the text and Citizen Lab couldn't confirm whether his phone had been infected.

The Saudi Embassy in Washington did not respond to Ellen's request for comment. NSO Group called Hubbard’s and Citizen Lab’s claims “unsubstantiated” in a statement. Check out Hubbard's own account of the attempted hacking here

PATCHED: Cybersecurity hawks in Congress slammed the United Kingdom's decision to allow Huawei to build parts of its 5G infrastructure. They warned that it could encourage other countries to follow suit.

“The risks Huawei poses are well-documented and impossible to ignore; once the door is opened, they may also prove impossible to contain,” Senate Select Committee on Intelligence Chairman Richard Burr (R-N.C.) wrote in a statement.

U.S. government officials have called Huawei a threat to national security, claiming the Chinese government could tap into Huawei equipment for espionage. They also warn Beijing subsidizes the telecom so it can offer cheaper prices than competitors. 

“Cheaper prices should not come at the expense of exposing private citizens’ information to the Chinese Communist Party,” said House Minority Leader Kevin McCarthy (R-Calif.)

Here’s the response from Sen. Ted Cruz (R-Tex.):

Sen. Chris Murphy (D-Conn.) blamed the U.K. move on the Trump administration:

Prime Minister Boris Johnson is essentially seeking a middle path, allowing Huawei to supply up to 35 percent of the nation's 5G equipment but banning it from “core” portions of 5G including those that serve intelligence and military sites as my colleagues William Booth, Jeanne Whalen and Ellen Nakashima report. 

A senior Trump administration official who declined to be named told them that the United States was “disappointed” by the decision.

But it seems unlikely the Trump administration will follow through on threats to retaliate, which have included the suggestion of revoking intelligence sharing with countries that refuse to ban Huawei, Steven Overly and Eric Geller at Politico report.

“I think what we’ll likely do is bank this and say,...'Thank you for the specific bans on all these functions of the network that Huawei cannot actually be happy with,' ” a U.S. official told them.

PWNED: Credit and debit card numbers that were compromised in a large-scale data breach of convenience store Wawa are starting to turn up for sale online, researchers tell cybersecurity journalist Brian Krebs

A batch of more than 30 million card numbers turned up on an online fraud marketplace that Gemini Advisory, a New York-based fraud intelligence company, traced back to the Wawa breach. Wawa has yet to determine how many customers' information was exposed, so this first batch could be the tip of the iceberg. It's not uncommon for hackers to roll out stolen credit card numbers from breaches in smaller batches, Krebs points out.

Wawa disclosed in December that a breach compromised the payment information of any customer who used a debit or credit card at any of its more than 850 stores dating back to March 2019.

A Wawa representative told Krebs it was aware of the attempts to sell data potentially involved in the breach and was working closely with federal law enforcement.


— Cybersecurity news from the public sector:

Buttigieg Campaign Faces Personnel Issues as Iowa Caucuses Approach (Wall Street Journal)

Bernie Sanders Thinks Companies That Sell Your Browser History Are ‘Trampling Over the Rights of Consumers’ (Vice)


— Cybersecurity news from the private sector:

LabCorp security lapse exposed thousands of medical files. (TechCrunch)

Bitcoin Has Lost Steam. But Criminals Still Love It. (The New York Times)

Travelex says UK money transfer and wire services back online after hack (Reuters)

SIM Swappers Are Phishing Telecom Company Employees to Access Internal Tools (Vice)


— Cybersecurity news from abroad:

Ransomware Linked to Iran, Targets Industrial Controls (Bloomberg)



  • The House Homeland Security Committee will markup the Cybersecurity Vulnerability Identification and Notification Act.

Coming up:

  • The National Association of Secretaries of State convention will take place Thursday through Sunday in Washington.
  • New America’s Open Technology Institute will host an event titled “Privacy’s Best Friend: How Encryption Protects Consumers, Companies, and Governments Worldwide” on Feb. 4 at noon
  • RSA Conference 2020 is scheduled for Feb. 24-28 in San Francisco