Traumatized Democratic National Committee staffers have been trained to prevent being hacked by the same method used to breach the organization during the 2016 U.S. presidential race, the DNC’s chief technology officer, Raffi Krikorian, said Tuesday.
“If we get hacked again it won’t happen like how it happened in 2016,” Mr. Krikorian told CyberScoop.
“People have such PTSD about what happened in 2016 that there’s a real desire to improve [security] here,” he said in a phone interview. “If we can just raise the baseline security of most people and the campaigns, if we can do the simple things right, then it will have a disproportionally positive effect.”
Hackers breached the DNC and other Democratic targets during the 2016 race by sending malicious emails that ultimately allowed attackers to infiltrate the network and steal thousands of internal documents and emails later published online by WikiLeaks, according to security researchers. U.S. intelligence officials have since assessed with high confidence that Russian state-sponsored hackers carried out the attacks in an attempt to sow discord and disrupt the campaign of President Trump’s opponent, Democratic candidate Hillary Clinton.
Mr. Krikorian began subjecting DNC staffers to cybersecurity training last year that involved simulating the “spear-phishing” attacks allegedly used by Russian hackers, Wired previously reported. While fears of further election meddling still linger nearly four months until the 2018 midterm elections, however, Mr. Krikorian said the most of the organization’s employees are equipped to identify and avert malicious emails like the ones sent prior to Mr. Trump’s election.
“Nearly 80 percent of our users are now either not clicking or at least asking questions about it beforehand,” said Mr. Krikorian. “Being realistic we’ll probably never get to 100 percent compliance but we’re working on it … it’s important that people flag something, anything that seems suspicious.”
“We’re at a point now where recently when our CFO sent a staff email it included the line ’this is not a phishing email.’ That’s how aware people are of the threat, today,” he added.
In addition to breaching the DNC, Russian hackers successfully infiltrated the email account of John Podesta, the chairman of Mrs. Clinton’s campaign, and stole emails subsequently published by WikiLeaks, U.S. intelligence officials have concluded.
Previous research revealed that the hackers who launched the spear-phishing attack that claimed Mr. Podesta sent malicious emails to scores of recipients including DNC staffers and other members of the Hillary for America presidential campaign, as well as former U.S. and foreign military and diplomatic officials, among others.
More recently, the Department of Homeland Security and FBI said in March 2018 that Russian state-sponsored hackers conducted spear-phishing operations during the course of successfully breaching U.S. energy sector networks. In April, meanwhile, DHS said it failed so far to find any evidence of Russian hackers attacking U.S. voting systems ahead of the November midterms, notwithstanding concerns from members of the president’s administration.
“We have seen Russian activity and intentions to have an impact on the next election cycle,” Secretary of State Mike Pompeo told the Senate Intelligence Committee in February while he was then serving as Mr. Trump’s CIA director.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.