Democrats believe that hacked emails from Hillary Clinton’s 2016 campaign led to her losing the election (it certainly couldn’t have been that she ignored warning signs in Blue states like Michigan and Wisconsin). But as 2020 approaches, the Party isn’t even taking rudimentary steps to ensure their emails aren’t hacked again.
While Russians are considered to be behind the 2016 email hack, they weren’t using some nefarious, secret KGB tactics — they gained access to the emails through a simple phishing scam. Clinton’s campaign chairman John Podesta clicked on one of these scam links — twice — and the hackers were able to get his emails and those of other Clinton campaign workers, according to a 2017 investigation by the Associated Press.
CNN is now reporting that most Democrats vying for the presidency haven’t taken the basic step of securing their websites to keep hackers from getting in. The security advocacy group Global Cyber Alliance conducted an analysis of candidates’ websites and found that just four of the 14 announced candidates were using a security protocol known as Domain-based Message Authentication, Reporting, and Conformance (DMARC), which verifies the origins of emails.
“According to the analysis, only the campaigns of Sen. Elizabeth Warren of Massachusetts, Sen. Kirsten Gillibrand of New York, former Colorado Gov. John Hickenlooper and spiritual author Marianne Williamson had any form of the security feature implemented,” CNN reported. “The campaigns of Sen. Cory Booker of New Jersey, Rep. John Delaney of Maryland and Rep. Tulsi Gabbard of Hawaii implemented some form of the security feature soon after CNN asked them about it.”
CNN also reported that the Democratic National Committee would be conducting a seminar to teach campaign staffers how to implement DMARC.
“There’s lots of things you can do to help protect email,” Global Cyber Alliance President and CEO Phil Reitinger told CNN. “Use of DMARC is really table stakes for whether you’re serious about email security.”
The Department of Homeland Security directed federal agencies to use DMARC in 2017, CNN reported.
In 2016, hackers targeted hillaryclinton.com email accounts before turning to campaign staffers’ personal Gmail accounts. That’s when they were able to get Podesta to click on a link.
“The torrent of phishing emails caught the attention of the FBI, which had spent the previous six months urging the Democratic National Committee in Washington to raise its shield against suspected Russian hacking. In late March, FBI agents paid a visit to Clinton’s Brooklyn headquarters, where they were received warily, given the agency’s investigation into the candidate’s use of a private email server while secretary of state,” the AP reported.
One would think that after Wikileaks released tens of thousands of Clinton’s emails in 2016, that email security would be the top priority for Democrats moving forward. One would be wrong.
The DNC reportedly hired former Silicon Valley executives to improve security, but as early as last month, Bob Lord, formerly of Yahoo and Twitter, was warning that campaigns needed to step up their game.
“Each campaign has to prioritize their efforts based on their individual situation, covering issues from laptop and phone security to email security, file security and more,” Lord told CNN recently. “The DNC will continue to serve as a resource to help campaigns create a security program that works to manage risk and fits their needs.”