STREAMING NOW: Watch Now

Democrats' campaign dilemma: If we're hacked, do we go public?

The Democratic National Committee ...

Posted: Aug 28, 2018 5:56 PM
Updated: Aug 28, 2018 5:56 PM

The Democratic National Committee announced last Wednesday that it had thwarted what it believed was a sophisticated attempt to hack into its voter database. But everything wasn't what it seemed. The DNC later learned the attempt wasn't the work of an adversary, but had come from within.

What actually had been detected was a simulation by the Democratic Party of Michigan of the makings of a hack. The state party had failed to let the DNC know about the exercise.

Crime, law enforcement and corrections

Criminal offenses

Digital crime

Digital security

Elections and campaigns

Federal Bureau of Investigation

Government and public administration

Government bodies and offices

Government organizations - US

Hans Keirstead

Political Figures - US

Political organizations

Politics

Technology

US Democratic Party

US Department of Justice

US federal departments and agencies

US federal government

US political parties

RELATED: 'Misstep' by Michigan Democrats caused a cybersecurity scare and prompted the DNC to call the FBI

In theory, the scare, which prompted the DNC to call the FBI, showed that the party's cybersecurity systems were working: A threat was detected, the party worked with cybersecurity and hosting firms to move quickly to neutralize the threat, they contacted authorities and they promptly shared information with regional party officials and the media.

That last bit, however, is what Democrats have been reckoning with since the extensive hacking of their party and presidential campaign in the lead-up to the 2016 election: If we're hacked, should we tell voters?

Broadly, there appear to be two competing schools of thought on that issue.

One says to keep the information quiet. Report it to authorities, but don't make it public as it will distract from the message of the campaign.

The other says to share information about the hack so other campaigns know what to look for, and -- perhaps more significantly -- to put the media and opposition campaigns on notice that if internal campaign correspondence surfaces, it could be the result of a hack.

Hackings in California

Earlier this month, it emerged that the campaigns of two Democratic congressional candidates in California had been breached in the lead-up to the state's primary in June.

Neither Dr. Hans Keirstead's nor David Min's campaigns made the details of the hacks public at the time, as they didn't want it to become a distraction, sources from both campaigns told CNN. The details of the breaches emerged only after both candidates lost their primaries.

The Democratic Congressional Campaign Committee -- a group that was itself hacked by Russian military intelligence in 2016, as outlined in a recent indictment from special counsel Robert Mueller -- wouldn't explicitly say what it advises campaigns to do after a hack.

It pointed out that it doesn't have control of individual campaigns, but a committee aide said cyber and legal experts the committee had spoken with warned that discussing the details of individual cyber threats increases the threat.

Sources familiar with the Keirstead and Min campaigns said the Democratic Congressional Campaign Committee didn't advise them one way or the other on going public about being hacked. All said the committee was helpful in helping improve their campaigns' cybersecurity after they reported the breaches.

"Every campaign has to make an individual choice about whether to make information about a hack public," Robby Mook, Hillary Clinton's former campaign manager, told CNN. "But the last thing any campaign should want is a bunch of compromising information released to the public without the proper context that it was stolen -- perhaps by a hostile foreign government."

Democrats tried to get ahead of the hacked materials in 2016, but Mook said many found the revelations that it was due to a Russian intelligence operation "unbelievable at the time."

He said that although he understood why campaigns were reluctant to do anything to distract from their message, "A story that you got hacked is maybe a one- or two-day story, and buys you time to educate the press about who is behind the attack. Thousands of juicy emails released at regular intervals can be a weeks-long story. The one-day story may protect your message from the weeks-long story."

When Keirstead's work email, which the candidate sometimes used for campaign correspondence, was hacked, the decision was made to keep it under wraps, a source familiar with the campaign told CNN.

"The only decision that you take into account is how does this affect your electoral chances," the source said.

When Min's campaign realized it had been hacked in March, an FBI agent arrived at the campaign's headquarters within 24 hours, according a source familiar with the campaign.

The source added, "We didn't want to make anything happen that would interfere with (the FBI investigation) or take away from the focus of the campaign."

The source hinted at another concern that campaigns that are hacked may have in mind: money. A hack could dissuade donors from contributing out of fear their information will be compromised.

The hack that wasn't

The DNC said last week's false alarm demonstrated the party is being proactive when it comes to cybersecurity.

"Despite our misstep and the alarms that were set off, it's most important that all of the security systems in place worked," said Brandon Dillon, the chair of the Michigan Democratic Party, the group responsible for the scare.

And despite the false alarm, it appears that the threat is very real. The targeting of the Keirstead and Min campaigns was done by actors who have not been made known -- and may not be known to authorities.

Microsoft announced last week that it had taken control of six websites it said had been created by Russian military intelligence that could have been used to target the US Senate and conservative groups. So far this election cycle, there have been no public disclosures of Republican campaigns suffering a breach.

In announcing the company's move against the Russian operation, Microsoft President Brad Smith wrote in a blog post, "We can only keep our democratic societies secure if candidates can run campaigns and voters can go to the polls untainted by foreign cyberattacks."

Oregon Coronavirus Cases

Data is updated nightly.

Cases: 75431

Reported Deaths: 912
CountyCasesDeaths
Multnomah17556239
Washington10554102
Marion9370142
Clackamas639577
Umatilla438449
Lane436843
Jackson387931
Deschutes242215
Malheur240844
Yamhill175616
Linn144023
Polk127516
Douglas96118
Klamath8734
Jefferson84311
Benton8007
Union7886
Morrow6597
Lincoln62515
Josephine5574
Wasco53219
Columbia5203
Coos4303
Hood River4021
Clatsop3610
Baker2833
Crook2336
Curry1372
Grant1341
Lake1331
Tillamook1330
Harney1001
Wallowa713
Gilliam230
Sherman230
Wheeler30
Unassigned00
Eugene
Overcast
39° wxIcon
Hi: 39° Lo: 28°
Feels Like: 32°
Corvallis
Clear
45° wxIcon
Hi: 44° Lo: 29°
Feels Like: 45°
Roseburg
Overcast
40° wxIcon
Hi: 41° Lo: 30°
Feels Like: 40°
North Bend
Clear
49° wxIcon
Hi: 52° Lo: 35°
Feels Like: 45°
KEZI Radar
KEZI Temperatures
KEZI Planner

LATEST FORECAST

Community Events