Advertisement

Americans still vulnerable to hack-and-leak tactics, DOJ official says

Russia will "continue to do this in these election contexts, but in these other contexts, too," John Demers said Friday.
Assistant Attorney General John Demers, DOJ, election security
John Demers speaks Oct. 24, 2019, at CyberTalks in Washington, D.C. (Scoop News Group)

As the 2020 election campaigning kicks into high gear, a senior Department of Justice official says he worries that Americans are still vulnerable to foreign hack-and-leak operations that are intended to disrupt democratic processes.

“One of the things that I am concerned about is the hacking-and-dumping activity that occurred in 2016,” John Demers, the assistant attorney general for national security, said Friday. He was referring to Russian military officers’ hacking of email servers used by Democratic political organizations, and the selective leaking of those emails to the public.

Despite a lot of progress on election security since Russian interference in 2016, the personal email accounts used by political campaigns are still a weak link, Demers said at the Wilson Center in Washington, D.C.

“It really is dependent on their cyber hygiene practices…and not clicking on that wrong email,” Demers said.

Advertisement

“What the Russians did in 2016 in terms of the means by which they gained access, it was just spearphishing,” he added. “It wasn’t super sophisticated, cyber-intrusion activity.”

Demers said that the hack-and-leak technique that Russian operatives used was not a one-off event, nor unique to Moscow. North Korean hackers used it to humiliate executives at Sony Pictures Entertainment in 2014, while the Russians also used it breaches of anti-doping agencies in 2018, he pointed out.

“This is consistent with a pattern of behavior and of techniques, and of objectives,” Demers said of Russia-backed hack-and-leak operations. “And they’ll continue to do this in these election contexts, but in these other contexts, too.”

Demers’ comments come after a warning from a top U.S. intelligence official this week that China, Russia, Iran, and North Korea could all try to interfere in the 2020 election.

While political campaigns have invested some resources in cybersecurity, they have largely failed to employ security professionals to protect them. The resignation of Democratic candidate Pete Buttigieg’s top cybersecurity adviser earlier this month means there is not a single campaign known to employ an in-house chief information security officer.

Advertisement

In his remarks Friday, Demers also reflected on his own ongoing effort to try to curb China’s alleged economic espionage.

“Changing Chinese behavior has proven to be a real challenge, I think, for people in every [U.S.] administration who have dealt with this,” he said.

China has consistently denied using hacking or other means to steal intellectual property, despite U.S. indictments and private research showing evidence to the contrary.

The cybersecurity industry learned more about some of China’s alleged offensive cybersecurity personnel this week when an anonymous group known as Intrusion Truth published details about Chinese front companies allegedly hacking on Beijing’s behalf.

Asked how that information might inform his study and any potential investigations of Chinese hacking, Demers said, “I should really not comment on that.”

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts