"I can not think of a reason not to share this with the public, "said Brianna Wu tweeted.
"Two of my non-campaign Google accounts were compromised by someone in Russia," he said.
Wu is not any other goal. As a Democratic candidate for the US House of Representatives UU. In Massachusetts District 8, it has a larger target on the back for hackers than the average constituent. And as a former software engineer, she knows very well the cybersecurity risks involved in running for a political position.
But the violation of two of his Google accounts outside the campaign remained a wake-up call.
Wu said he recently discovered that the two accounts had been violated. One of the accounts was connected to his Nest camera system at home, and the other was his Gmail account that he used during the Gamergate controversy, during which Wu was a frequent target of death and vitriol threats. Newsdio agreed to keep the details of the violation out of the registry so as not to give advantage to any potential attacker. However, attribution in cyber attacks can be notoriously difficult because hackers can mask their tracks using proxies and other anonymity tools.
"I don't think anyone in Russia is specifically targeting me. I think they are more likely to sign up everyone who is running for a position," he tweeted.
Wu said his two accounts had "strong protection measures," including "unique and randomly generated passwords for both accounts." He said he reported the intrusions to the FBI.
"The concern is obviously that it could damage the campaign," he told Newsdio. But she remains concerned that it may be an "active measure," a term that is often used to describe the political interference led by Russia in American politics.
Hackers frequently attack politicians and political candidates in both the US. UU. As abroad. During the 2016 presidential election, the campaign manager of Democratic candidate Hillary Clinton, John Podesta, was hacked her personal email account and thousands of emails published by WikiLeaks. The report recently published by special advisor Robert Mueller blamed hackers working for Russian intelligence for the intrusion as part of a broader effort to discredit the then-Clinton candidate and get President Trump to be elected.
However, to this day, political campaigns remain largely responsible for their own cybersecurity.
"There is a lot that the feds can do here, given the size of the group of candidates for a federal office," said Joseph Lorenzo Hall, an expert on election security and senior vice president of the Internet Society.
Hall said that much of the federal government's efforts have focused on raising awareness and "low-profile fruit," such as allowing for two-factor authentication. National Security continues to inform both parties about the main cybersecurity threats before voting at the end of November, and the FBI has online resources for political campaigns.
Only in recent months were technology companies allowed to intervene to help.
Fearing a repeat of 2016, the Federal Election Commission last year relaxed the rules to allow federal political campaigns to receive discounted cybersecurity assistance. That has also allowed companies like Cloudflare to enter the political space of the campaign, offering cybersecurity services to the campaigns, which was previously considered a violation of campaign financing.
It is not a general solution. A set of laws and regulations throughout the United States makes it difficult for campaigns to prioritize internal cyber security efforts. It is illegal in Maryland, for example, to use campaign finances to secure the personal accounts of candidates and their staff, the same type of accounts that hackers used to enter Podesta's email account in 2016. It's a attack that remains in the arsenals of hackers. Last year, Microsoft discovered that Iran-backed hackers were targeting personal email accounts "associated" with a 2020 presidential candidate, which later turned out to be President Trump's campaign.
The two main political parties of the USA. UU. They have made efforts to strengthen cybersecurity at the campaign level. Democrats recently updated their campaign safety checklist and issued recommendations to counter disinformation, and Republicans have organized training sessions to better educate campaign officials.
But Wu said Democrats could do more to support the cybersecurity of the campaign, and that he was talking to implore others who run for Congress to do more to reinforce the cybersecurity of their campaign.
"There is absolutely no information security culture within the Democratic Party that I have seen," Wu said. The fundraising lists are "freely exchanged in unencrypted states," he said, giving an example.
"In general, there is no culture of software update or security auditing," he said. "The fact that this is not taken seriously is really underlined by Iowa and the Shadow debacle," he said, referring to the Iowa caucus last week, in which a results report application did not work. It was later reported that the application, created by Shadow Inc., had several security flaws that made it vulnerable to piracy.
FBI spokespersons and the Democratic Congress Campaign Committee did not respond to a request for comment prior to publication.
"Infosec is expensive, and I know that for many campaigns it may seem like a low priority," Wu told Newsdio.
"But how can we lead the country in cybersecurity issues if we don't stick to the same standards we ask the American people to follow?" He said.