The Dawn of Hacking as a Tactic in American Politics

The Dawn of Hacking as a Tactic in American Politics

Follow Jason on Twitter.

The #DNCLeak may go down in American political history as the start of computer hacking as a tactic, the same way that the 1960 Kennedy-Nixon debate introduced television, and the 2006 “macaca” video of Fmr. Sen. George Allen introduced YouTube to the political scene.

 

Hacking introduces a new dynamic to political campaigns, because it is far more accessible to outsiders, whether these are foreign governments, teenagers, activists, or really anyone with a sufficient combination of technical skills and cover from legal repercussions. It is very difficult to attribute attacks because attackers can launch their operations from other computers that are compromised or rented anonymously.

 

An attacker can send commands through a chain of hacked computers in a botnet, over a VPN or the Tor network, from anonymous wireless access points or using a prepaid cellular data connection. Skilled attackers can launch false-flag attacks that look like they are coming from others’ networks. A number of publications have reported that the attack resulting in the #DNCLeak was perpetrated by Russian agents — Vice News provides the best summary we’re aware of Plenty of pixels and pages have been spent analyzing the content of the leak, its political repercussions and the identity or motives of the attacker.

 

This incident brings up some philosophical questions; do any boundaries exist that prevent one state from interfering in the politics of another? Should computer attacks be treated differently from bribery, political donations, funding of dissident NGOs or propaganda broadcasts?

 

There are also practical questions, assuming that an actor wanted to influence the outcome of an election, what would maximize the actor’s chances? Timing and tactics are important. Publishing large volumes of internal communications and documents takes time to have an effect, as journalists have to work their way through the archive and verify documents before reporting. Leaks can also vary widely in their political potency–a leak only has value if it reveals something new, and presents evidence of prior deception.

 

Hypocrisy is the greatest target of a leak.

 

In the 2016 Presidential Election, Hillary Clinton is particularly vulnerable to leaks. Clinton has made some major claims about the content and security of her personal email server, that could be exploited by anyone that might have access to data from the server, or by a sufficiently skilled forger at a critical time. Any leak involving Donald Trump must be more offensive to likely voters than his Twitter timeline.

 

The impact on the campaign is also spread out over this time. Only very high impact documents, released in limited quantity, will work their way through the news cycle when released in the final days of a campaign. In the final days of a campaign, the focus turns to get-out-the-vote efforts, which can involve tens of thousands of volunteers spread across the United States.

 

These volunteers coordinate their efforts using voter tracking software and the campaigns use email among other communications technologies. Attacks in the final days of campaigns are likely to focus on denying campaign staff access to communications to effectively coordinate. Get-out-the-vote efforts can add one to two percent to a candidate’s vote, which is sufficient to tip a close race. Social media is also important in communicating final messages to voters. Donald Trump’s campaign has relied on direct communications over social media.

 

An attacker could disrupt the Trump campaign by compromising critical campaign accounts, attacking the infrastructure of key social media platforms, and/or using an army of fake accounts to overwhelm spam filters and moderators in the final stages of the campaign. Television stations and networks could also be targeted in an effort to prevent ads from being broadcast or updated in response to campaign events. Are the local TV stations in Miami or Cincinnati prepared to protect their infrastructure from multiple state-sponsored hacking teams?

 

Follow Jason on Twitter.