In May 2017, PreVeil penned an article for online journal The Hill that predicted the Russians would be back to further influence politics and create mayhem for future elections. Referencing then FBI director James Comey, the article states:
“they’ll be back in 2020…they may be back in 2018.”
A cursory glance at recent headlines confirms the truth of this prediction. Further highlighting this fact, former Facebook and Yahoo CISO Alex Stamos recently wrote that recent events show:
“Russia has not been deterred …. This underlines a sobering reality: America’s adversaries believe that it is still both safe and effective to attack U.S. democracy using American technologies and the freedoms we cherish.”
The headlines of late further promote this conclusion with their focus on Russia’s use of influence operations on social media [see image below]. But does the press’ focus on
successes of fake social media accounts and websites mean that attacks on politicians’ emails have ended? Can we assume our electors’ inboxes are finally safe? Can we instead just focus on deleting fake accounts and websites instead? Unfortunately, the answer is a decided ‘no’.
First, let’s refresh on the 2016 election hacks. According to July 2018 indictment of the GRU by special investigator Robert Muller, the hacking of the Hillary Clinton campaign started in March 2016 with the use of a variety of techniques designed to gain access to the email accounts of volunteers and employees of Hillary Clinton’s campaign. The efforts of the GRU gained a foothold when they sent out 29 emails [see sample below] disguised to look like they came from Google. These emails led users to a fake website where their password reset enabled the GRU to access their information. Clinton campaign chair John Podesta clicked on one such email that enabled the GRU to access Clinton campaign emails that were then released to WikiLeaks.
Since the attacks of 2016, both the DNC and RNC have diligently worked to batten down the hatches on their email security to prevent further attacks on their campaigns. For example, rather than relying on ad-hoc in-house servers to manage their email, many campaigns have tried to tighten up their security by instead letting Gmail manage their messaging security. And while officials have been tight lipped about other software they have employed, reports note they have worked aggressively with Silicon Valley to improve their security posture.
We might surmise that given the increased challenge of phishing politicians emails, the Russians have switched tactics and doubled down on social media. The reality is that they are still attacking politicians’ emails. For example, there have been several unsuccessful email attacks targeted at Missouri Democrat Sen. Claire McCaskill. McCaskill, a leading critic of Russia over the years and holder of a vulnerable election seat, continues to be a top target for Russia’s Fancy Bear (GRU). Additionally, Microsoft reported in August that they had further evidence that Fancy Bear was continuing their spear phishing attempts.
Moreover, while we are not aware of any successful email attacks of politicians in the past year, this doesn’t mean that they haven’t occurred. Rather, it just points out that they might not have been released to the press to avoid any embarrassment. The Russians are indeed continuing their use of influence operations through a mix of fake websites, tweets and Facebook posts. Unfortunately, as soon as the fake accounts are discovered and taken down, the attackers morph their identities and take up home with a new url. Attempting to halt these operations is akin to a game of whack-a-mole.
We are reminded of the famous phrase that the ‘price of liberty is eternal vigilance’. The hacking and attacks of the past few years might be a good case study for this aphorism. Because even as campaigns try to insulate some email addresses and improve security, there’s no doubt that our politicians’ emails as well as the election process will continue to confront meddlers.
To read more about the impacts of phishing and spoofing emails, read our blog on The Scary State of Impersonation on the Web.