The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Attempted hacks of Trump and Biden campaigns reveal a race to disrupt the 2020 general election

with Tonya Riley

It's official: The race to hack the 2020 general election is in full swing. 

Iran tried to hack into Gmail accounts used by President Trump’s reelection campaign staff, the leader of Google’s threat-hunting team revealed in a tweet. China, meanwhile, tried to hack staff for former vice president Joe Biden, the presumptive Democratic presidential nominee, Shane Huntley said. 

The hackers didn’t successfully breach those accounts. But these nation state-backed hacking campaigns are likely to be the just the beginning of a general election campaign that will be ripe for disruption by U.S. adversaries

“It’s no surprise the Chinese and Iranian governments are trying to compromise our 2020 presidential campaigns through cyberattacks. Their goal is simple: suck up information about our candidates' campaigns and then create conflict and chaos in our election,” Matt Rhoades, who managed Mitt Romney’s 2012 campaign and helped launch a bipartisan group aimed at preventing election hacking, told me.

Officials with the Department of Homeland Security and U.S. intelligence have been warning for years that Russia and other nations will try to use hacking and disinformation to undermine the 2020 contest in a replay of operations from the last presidential race, which leaked reams of embarrassing information about Democratic nominee Hillary Clinton in an effort to help Donald Trump. 

But the threat has grown in recent months as vastly more campaign work has moved online as a result of the coronavirus pandemic, experts say. The American public also has likely grown more vulnerable to influence efforts based on leaked information as it is roiled by conflict over the pandemic and civil unrest following the death of George Floyd in police custody.

“It doesn’t matter if you are a Democrat or Republican, they are coming for you,” said Rhoades, whose group Defending Digital Campaigns offers campaigns free and reduced-price access to cybersecurity products.

This isn’t the first report of foreign hacking during the 2020 cycle. But efforts are likely picking up with the general election effectively underway. 

That’s partly because adversaries can concentrate on hacking into just two campaigns now, Clint Watts, a distinguished research fellow at the Foreign Policy Research Institute who focuses on election interference, told me. 

Adversaries are also probably ramping up their efforts now because it takes a lot of time and effort to successfully penetrate a well-protected organization such as a presidential campaign. So, if they hope to hack into a campaign, find embarrassing information and release it in a way that affects the November election, time is already running short, Watts said.

You have to hack before you can influence, and the longer you wait, the more your window for influence is going to wind down,” he said. 

Microsoft revealed that a group tied to Iran was targeting a presidential campaign in October 2019, which media outlets including Reuters identified as the Trump campaign. Intelligence officials told Sen. Bernie Sanders (I-Vt.)  that Moscow was attempting to help his presidential campaign before Sanders dropped out of the race in April. Officials also told lawmakers that Russia prefers to see Trump reelected. 

China and Iran may not be following Russia’s 2016 playbook. 

China has a long history of hacking for traditional espionage — such as learning the interests and motivations of U.S. leaders — without releasing the information they steal. That includes hacking the presidential campaigns of both Barack Obama and Sen. John McCain (R-Ariz.) in 2008 and Mitt Romney (R) in 2012. 

“China doesn’t just want to know Biden’s opinion about China. They want to know all of Biden’s staff’s opinions about every part of the world,” Watts said. 

Iran, however, is more likely to be interested in stealing and releasing information that undermines the Trump campaign because of leaders’ antipathy toward the president, Watts said. Trump ordered the killing of one of Iran’s top generals, Qasem Soleimani, in January and pulled the U.S. from the deal to curtail Iran's nuclear program negotiated by his predecessor Barack Obama. 

An even more dire scenario would be if an adversary stole and released legitimate campaign information, along with phony or altered information aimed at disparaging the candidate. 

“Since 2016 the fear is that the adversary could leak data and add forgeries to the leak,” Thomas Rid, author of “Active Measures,” a book on disinformation, and a professor at Johns Hopkins University, told Ellen Nakashima, Josh Dawsey and Matt Viser. “The concern is the adversary could weaponize the information.” 

Google’s warning comes as U.S. intelligence officials are beginning to brief the campaigns about hacking and other threats from foreign adversaries. 

Those officials are also advising the presidential campaigns on how best to protect themselves, along with officials from the FBI and DHS, my colleagues report. 

Republican National Committee officials recently participated in one of those briefings and learned that foreign adversaries unsuccessfully tried to hack some of their staff members, my colleagues reported.

The campaigns, meanwhile, stressed that the attacks weren’t successful. 

We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them,” Biden’s campaign said in a statement. “Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign’s assets are secured.”

The Biden campaign told me earlier this year that its protections include requiring extra verifications before employees can log in to accounts and devices, and “training staff on cybersecurity best practices and tools to ensure the campaign infrastructure remains secure.” The campaign did not respond to a question Thursday about whether all those protections are still in place. 

A Trump official said the campaign is “vigilant about cybersecurity and do[es] not discuss any of our precautions.” 

The FBI said in a statement that “adversaries are constantly looking for vulnerable U.S. networks to exploit, and networks associated with political organizations are no exception. That is why we are focused on imposing consequences on malicious cyber actors, so they think twice before attempting an attack in the first place.” 

The keys

Encrypted-messaging app Signal is offering a face-blurring feature to help protesters. 

The new feature comes as a record number of people are downloading the app amid concerns about government surveillance of protests over the killing of George Floyd. The app is already popular among protesters because it provides end-to-end encryption, which protects messages from being read by anyone who is not the recipient or the sender and generally puts them out of the reach of police warrants. 

“We’ve … been working to figure out additional ways we can support everyone in the street right now,” Signal co-founder Moxie Marlinspike wrote in a blog post. “One immediate thing seems clear: 2020 is a pretty good year to cover your face.” 

Jordan Harrod, a Ph.D. student at Harvard University and the Massachusetts Institute of Technology focused on artificial intelligence, explained the importance to protesters: 

Facebook will begin identifying content from state-controlled media amid concerns about propaganda influencing the 2020 election.

The labels will appear over the next week, according to a company blog post. The feature comes as Facebook has declined to label posts by President Trump that its competitor Twitter says include false information or glorify violence.

Lawmakers praised Facebook’s move, saying it would help curb foreign interference in the upcoming election.

House Intelligence Chairman Adam B. Schiff (D-Calif.) called it  “an important step to helping users stay vigilant against potential attempts by foreign adversaries to shape strategic narratives or spread disinformation under the guise of ‘independent’ journalism.”

Facebook later this summer will also begin blocking ads from foreign state-controlled media targeted at U.S. users “to provide an extra layer of protection against various types of foreign influence … ahead of the November 2020 election.”

Facebook and Twitter faced a reckoning over how to moderate state-controlled media when the companies discovered coordinated influence campaigns from state media in China last August. Twitter banned state-media ads in response. Facebook announced it would begin labeling state-run media accounts in October but delayed the release of the labels.

A Florida citizen is challenging Trump with election fraud after he voted by mail in the state. 

The complaint, which was filed with the Florida Department of State, argues that Trump should not be allowed to use the address of his Mar-a-Largo resort as his legal residence because it is a private club. Trump registered that address after first being denied by Florida officials when he tried to list his White House address on an absentee-ballot application, according to elections records obtained by The Washington Post.

The legal challenge increases scrutiny on Trump’s attempts to vote by mail at a time where he has waged a war on the practice nationally, arguing with no evidence that it leads to widespread fraud.

The attorney in the lawsuit is also representing a Mar-a-Largo neighbor that has challenged Trump’s residency status in relationship to a building permit. At least one additional elections fraud complaint is being prepared, according to documents reviewed by The Post. 

Trump’s representatives could not be reached for comment.

Chat room

Privacy hawks are slamming the videoconferencing service Zoom for its decision to make the strongest encryption available only to paid users. Here's Sen. Ron Wyden (D-Ore.):

Fight for the Future and other privacy advocacy groups have slammed the company over its comments about encryption and working with law enforcement officials:

Alex Stamos, a former Facebook cybersecurity chief, who is advising Zoom, had this to say:

Government scan

Foreign actors are 'playing all sides' in online campaigns to exacerbate violence during the protests, Attorney General William P. Barr said.

Barr did not cite specific nations in his speech or provide further details. Twitter and Facebook have removed fake posts about the protests, but experts who study foreign influence operations have yet to see any serious activity, Kevin Collier of NBC News reports.

More government news:

Pentagon intelligence employees raise concerns about supporting domestic surveillance amid protests (Yahoo News)

Global cyberspace

The Russian government denied German allegations that it was responsible for a 2015 hack on the country’s parliament.

Russian Foreign Ministry spokeswoman Maria Zakharova called the claims “absurd” and “unfounded,” the Associated Press reports. Germany has said it will pursue European Union sanctions against the suspected hacker.

More global cybersecurity news:

India and Australia sign military base and cyber accords (Reuters)


Secure log off

Watch a memorial and march for George Floyd in New York City.