Foreign Actors Could Sow 'Chaos' in the 2024 Presidential Election, Cybersecurity Expert Says
Let’s assume for this purpose it was them [the Trump campaign]. Campaigns are large organizations just like universities, businesses and everyone else. The hacking that occurred here could happen to any large organization. It was spear phishing.
So an individual known to the campaign, a “former senior adviser” according to Microsoft, their account was compromised and an email was sent purporting to be from this known intermediary, but it was actually a malicious actor and then the spear phishing campaign had a person click on a link. The link went to a host or website that was under their control, which was then able to promote or steal some unknown amount of data.
This could happen to anybody, any large organization. You see the churn of email, something that comes from a trusted intermediary, or looks to be from a trusted intermediary. I think it’s difficult to protect in those cases.
Assuming Iran is behind the Trump campaign hack, what would be the motive?
To cause chaos. We’ve seen foreign actors do this in the past, and one of the things they want is to cause a lack of confidence and confusion. However, we are just getting an initial news of this hack so until we know more, it’s hard to fully assess what the motives are.
Have hackers used this spear phishing method against other political campaigns or public officials in the past?
It’s basically exactly what happened in the [Hillary] Clinton campaign in 2016. A malicious link was sent out tailored to John Podesta [then-chairman of her campaign], and information was then selectively leaked strategically via WikiLeaks and other outlets. This is a very common playbook.
Collecting intelligence on foreign actors is as old as time. Collecting intelligence and selectively deploying it — we’ve seen a lot of that in this environment. Hack and leak campaigns are not new, but in a close election they can be very consequential.
What can presidential campaigns do to protect themselves if they fall victim to a spear phishing attack?
If you assume that these types of compromises may happen occasionally, even despite your best efforts, it’s important to make sure that you have sensitive information well segmented.
The way this works is basically through credential theft. We have a trusted intermediary. We got someone inside the campaign to click on a link. Now we’ve harvested their login information that we can use to login. If you could segment access to information to such a degree that individuals only get access to the information they need, that could reduce risk. For example, if a person is involved in the vetting of VP candidates, they need to make sure that person doesn’t also have access to other sensitive areas of the campaign.
So segmenting the data, segmenting access — only allowing credentialed individuals to access the information they need to have — would be a good step. Is that in place? it’s impossible to say from the outside.
Tanner Stening and are Northeastern Global News reporters. The article was originally posted to the website of Northeastern University.