WASHINGTON – The United States sees evidence that hackers, possibly working for foreign governments, are snooping on the presidential candidates, the nation’s intelligence chief said Wednesday. Government officials are working with the campaigns to tighten security as the race for the White House intensifies.
The activity follows a pattern set in the last two presidential elections. Hacking was rampant in 2008, according to U.S. intelligence officials, and both President Barack Obama and Mitt Romney were targets of Chinese cyberattacks four years later. Despite that history, cyber experts say neither Donald Trump’s nor Hillary Clinton’s campaign networks are secure enough to eliminate the risk.
“We’ve already had some indications” of hacking, James Clapper, director of national intelligence, said Wednesday at a cybersecurity event at the Bipartisan Policy Center in Washington. He said the FBI and the Department of Homeland Security were helping educate the campaigns.
Of the attacks, Clapper predicted, “we’ll probably have more.”
The revelation comes after a Clapper’s office released a document earlier this month saying foreignintelligence services tracked the 2008 presidential election cycle “like no other.” The document was part of a slide show used to warn incoming Obama administration officials that their new jobs could make them prey for foreign spies.
Eight years ago, foreign intelligence services “met with campaign contacts and staff, used human source networks for policy insights, exploited technology to get otherwise sensitive data, engaged in perception management to influence policy,” the document said. “This exceeded traditional lobbying and public diplomacy.”
Jonathan Lampe with InfoSec Institute, a private information security company in Chicago, said security hasn’t improved significantly since then.
In October, he evaluated the security of sixteen candidates’ websites and wrote a pair of 20-page reports. Using the reconnaissance skills of a casual hacker, Lampe pulled full lists of site user names and technologies used on most sites. In some cases, he discovered which directories were accessible from the Internet and which weren’t. He learned what software products Hillary Clinton campaign’s used from a job posting soliciting a computer-wise staffer.
“Everybody was sitting with their pants down and by the time we looked at the sites in March, everybody had made fixes,” Lampe said.
But countries are probably still snooping, he said: “The sites were open enough back in October that anyone who grabbed the information then and wanted to use it, could still use it now.”
Some threats are publicly known.
Several weeks ago, the international group of activists and hackers known as Anonymous declared cyberwar on Donald Trump, urging supporters to take down his website and expose private information. A masked figure appeared on YouTube, saying, “Dear Donald Trump, we have been watching you for a long time and what we see is deeply disturbing.”
The New York billionaire probably has the largest “attack surface” of all of the candidates, said John Dickson, a partner in the Denim Group, a San Antonio developer of secure software. “If it’s the Bernie Sanders campaign, it’s probably one website. If it’s Donald Trump, it’s his entire empire.”
Dickson and other experts said they weren’t privy to any incidents of foreign hacking of the campaigns. But as the political conventions and general election near, they worry about a well-timed, sophisticated attack by a nation state that could help a candidate.
“Think of the Chinese. Think of the Iranians. They have the intelligence capabilities, obviously, and maybe even the desire to disrupt elections,” Dickson said, adding that foreign efforts at least to learn more about the candidates must be taken for granted. “You would hope that the CIA is doing the same thing in following foreign elections,” he said.
Indeed, the U.S. spies on both allies and adversaries for policy, political and commerce information.
The Clinton and Trump campaigns didn’t respond to questions about cybersecurity.
Dickson said the campaigns focused more on computer security because of the investigation into Clinton’s useof a private email server while she was secretary of state, and a computer breach of voter data at the Democratic National Committee.
Last year, Clinton’s campaign accused rival Bernie Sanders of stealing information about potential voters from the committee’s extensive voter trove. Sanders apologized for his campaign improperly gaining access to Clinton campaign data and fired a data director.
V. Newton Miller, chief executive officer of the Milwaukee-based PKWARE, which provides encryption software and advises federal agencies on data security, said foreign spying on campaign sites was inevitable.
“These campaigns are not working on encrypted platforms,” he said. “It’s a matter of when and how serious of an impact it is going to have on this election.”
Foreign hackers are more interested in sensitive, revealing campaign emails and reports, especially with the unprecedented mudslinging of this campaign, rather than acts of cyber vandalism, Miller and other experts said.
“If they shut down a candidate’s website, I mean OK. So what? It impacts fundraising for 24 to 48 hours,” Miller said. “It’s the sensitive information that’s the driver on this one.”
A website for Romney’s presidential campaign was shut down for a few hours by hackers in 2012, costing the campaign scores of potential donations.
In the 2008 race, Obama and Republican candidate, Sen. John McCain, were targeted.
One letter obtained by hackers showed McCain expressing his support for Taiwan. The hackers were believed to be backed by China’s government, and a Chinese diplomat called the campaign to complain about the letter — before it was even sent.
Meanwhile, an Obama campaign staffer clicked on a corrupted attachment that allowed a virus to enter the system.
Clinton and Trump both have taken jabs at China on the campaign trail and might seem ripe for similar attacks. Trump wants to punish Beijing for hacking and unfair trade practices. Clinton accused China of “trying to hack into everything that doesn’t move in America” and stealing huge amounts of government information.