Robert Mueller’s team members at hack risk

One by one, as members of special counsel Robert Mueller’s team are publicly identified, security analysts say their emails, online data and past law firm communications could become targets for the types of cyberintrusions the team must investigate — a fear that could explain why officials have been reluctant to release their names.

After an election season in which hackers — presumably Russian operatives — broke into systems of the Democratic National Committee and the chairman of Hillary Clinton’s presidential campaign and attempted to break into state election systems, it’s no leap to assume they will try to penetrate the systems of the investigators who are targeting them, analysts said.

“There is no question that anyone involved in a matter this high profile is going to be a target for some sort of attempted cybersurveillance,” said R. David Edelman, director of the Project on Technology, Economy and National Security at the Massachusetts Institute of Technology and a former director of international cyberpolicy at the White House National Security Council.

The special counsel’s office has brought 13 attorneys on board so far, with “several more in the pipeline,” said spokesman Peter Carr. The office has declined to provide a full list of its staff but has confirmed the names of eight members of the team in dribs and drabs.

Mr. Carr declined to comment on cybersecurity threats the team might face or precautions it is taking. But Mr. Edelman said the team is smart to give members a chance to clean up their digital footprints and harden their defenses.

“Naming these individuals publicly makes them targets,” he said. “Every day you can delay, that helps protect them from adversaries — foreign and domestic.”

Analysts said the efforts to hack the DNC, state election systems and John Podesta, chairman of the Clinton campaign, show there is an ability and a clear interest of adversaries to peer into the inner workings of the U.S. political system.

“I imagine that anybody who did want to undermine the Mueller investigation, and there certainly are people who want to do that, would be interested in members of his investigative team and would be conducting opposition research, if you will, on them,” said Faiza Patel, co-director of the Brennan Center’s Liberty and National Security Program.

The motivation behind any potential effort to target the special counsel’s team, however, is debatable.

“Certainly they tried to influence the election,” Ms. Patel said of the Russian intrusions. “Whether that means they’re now pro-Trump, given the election is over and he is in power, is not as clear.”

U.S. officials have said the Russians sought to sow discord and distrust in the U.S. democratic process through their meddling. A similar attack on the special counsel could undermine the investigation’s integrity.

“If you had hacking and someone dumped the emails between Mueller and [special counsel attorney] Andrew Weissmann one day, that would be a major blow to the investigation — not just because of what it would tell you about the investigation but because of what it would tell you about how they treated the investigation,” Ms. Patel said.

Analysts say potential threats could include attempts to search for personal communications or data regarding some of the team members’ work in private practice.

“Attorney-client privilege isn’t very privileged if the information is posted on Pastebin,” Mr. Edelman said.

Of the eight employees who have been identified so far, three of them came from jobs at WilmerHale, the private law firm that also employed Mr. Mueller.

They are former Watergate prosecutor James L. Quarles III; former FBI counterterrorism agent Aaron Zebley; and Jeannie Rhee, former deputy assistant attorney general for the Justice Department’s office of legal counsel.

The others were already working for the federal government and were detailed to the team: Michael Dreeben, deputy solicitor general; Mr. Weissmann, chief of the Justice Department criminal division’s fraud section; Elizabeth Prelogar, an appellate attorney on detail from the office of the solicitor general; Lisa Page, an attorney from the FBI’s office of the general counsel; and Adam Jed, an appellate lawyer from Justice Department’s civil division.

The team has already faced criticism from defenders of the Trump administration who have accused Mr. Mueller of politicizing the probe by hiring several prosecutors with ties to the Democratic Party.

Ms. Rhee donated $5,400 to Hillary Clinton’s presidential campaign and was twice part of the legal team that represented the Clinton Foundation in recent litigation. Three other team members are also on record as having donated to Democrats in recent years.

It’s not clear why the others on the team aren’t being identified, but given Mr. Mueller’s penchant for closely guarding investigations and the nature of the probe, the team members are likely taking stringent measures to protect their personal data as well as any communications about the case, analysts say.

“The last thing the special counsel wants to become is a victim in his own investigation,” said Jonathan Turley, a George Washington University law professor.

Both the federal government and private-sector law firms have beefed up training on cybersecurity issues in recent years, so it’s unlikely that any of the team members would be unfamiliar with basic security protocols such as two-factor authentication to log into email accounts or checking for software updates on their personal computers to patch security problems, Mr. Edelman said.

But as a recent hacking case underscores, even high-ranking intelligence officials can be victims of relatively unsophisticated schemes.

The hacking collective Crackas with Attitude claimed it had compromised the AOL account of then-CIA Director John O. Brennan, the Verizon account of then-Director of National Intelligence James R. Clapper and email accounts for other FBI officials.

A plea agreement for two North Carolina men charged in the attack said hackers obtained access to accounts through “social engineering” techniques. At one point, a hacker called Verizon and impersonated one of the victims in order to reset a password and gain control of an account.

After seizing control of email, social media and other online accounts, officials said, the hackers published personal information stolen from the accounts online or called the victims to harass them.

“This is certainly going be a new frontier for any investigation, high-profile or otherwise,” Mr. Edelman said. “Just as these issues were front and center in the campaign, anytime you are dealing with confidential information on a computer there are some real risks.”