As the 2020 election campaigning kicks into high gear, a senior Department of Justice official says he worries that Americans are still vulnerable to foreign hack-and-leak operations that are intended to disrupt democratic processes.
“One of the things that I am concerned about is the hacking-and-dumping activity that occurred in 2016,” John Demers, the assistant attorney general for national security, said Friday. He was referring to Russian military officers’ hacking of email servers used by Democratic political organizations, and the selective leaking of those emails to the public.
Despite a lot of progress on election security since Russian interference in 2016, the personal email accounts used by political campaigns are still a weak link, Demers said at the Wilson Center in Washington, D.C.
“It really is dependent on their cyber hygiene practices…and not clicking on that wrong email,” Demers said.
“What the Russians did in 2016 in terms of the means by which they gained access, it was just spearphishing,” he added. “It wasn’t super sophisticated, cyber-intrusion activity.”
Demers said that the hack-and-leak technique that Russian operatives used was not a one-off event, nor unique to Moscow. North Korean hackers used it to humiliate executives at Sony Pictures Entertainment in 2014, while the Russians also used it breaches of anti-doping agencies in 2018, he pointed out.
“This is consistent with a pattern of behavior and of techniques, and of objectives,” Demers said of Russia-backed hack-and-leak operations. “And they’ll continue to do this in these election contexts, but in these other contexts, too.”
Demers’ comments come after a warning from a top U.S. intelligence official this week that China, Russia, Iran, and North Korea could all try to interfere in the 2020 election.
While political campaigns have invested some resources in cybersecurity, they have largely failed to employ security professionals to protect them. The resignation of Democratic candidate Pete Buttigieg’s top cybersecurity adviser earlier this month means there is not a single campaign known to employ an in-house chief information security officer.
In his remarks Friday, Demers also reflected on his own ongoing effort to try to curb China’s alleged economic espionage.
“Changing Chinese behavior has proven to be a real challenge, I think, for people in every [U.S.] administration who have dealt with this,” he said.
China has consistently denied using hacking or other means to steal intellectual property, despite U.S. indictments and private research showing evidence to the contrary.
The cybersecurity industry learned more about some of China’s alleged offensive cybersecurity personnel this week when an anonymous group known as Intrusion Truth published details about Chinese front companies allegedly hacking on Beijing’s behalf.
Asked how that information might inform his study and any potential investigations of Chinese hacking, Demers said, “I should really not comment on that.”