Foreign interference with elections has never been a more sensitive issue in the wake of Russian operatives’ DNC hack during the 2016 U.S. presidential election. Now a new report warns that political parties in both the U.S. and Europe are still shockingly vulnerable to cyberattacks, according to WIRED.
SecurityScorecard, a New York–based risk analysis firm, issued the report, investigating the networks operated by 29 political parties from 11 countries during the first quarter of this year. Smaller political parties in both countries have an outsized risk.
SecurityScorecard analyzed the Democratic National Committee, the Republican National Committee, the Green Party and the Libertarian Party in the U.S. The company found that while the DNC and the RNC have bolstered their defenses since 2016, cybersecurity hygiene issues persist for both parties. Across the pond, the researchers found active malware running on one EU-registered network.
Jasson Casey, chief technology officer of SecurityScorecard, tells WIRED that the combination of a lack of resources and the need to collect sensitive data makes these political parties perennial targets.
“The obvious question that comes out is: Is it even possible for these political parties to run effective defenses? If large companies have a hard time with this, how can small political organizations do it?”
“The obvious question that comes out is: Is it even possible for these political parties to run effective defenses?” Casey told WIRED. “If large companies have a hard time with this, how can small political organizations do it?”
After WIRED reached out to the DNC about a vulnerability concerning a two-factor authentication tool on its website, the DNC shut down the URL, which was unused by staffers, to be on the safe side. In response, the DNC's cybersecurity head Bob Lord told the news outlet:
"It's a good thing to clean up. It’s good to make sure that things that are built out, for whatever purpose, get deprecated and removed. I love that we’ve been able to get people to notify us when they've detected something that’s not quite right or something that could be improved."
According to WIRED, among the 11 countries the researchers studied, the U.S. came in fifth place in terms of overall security. Sweden performed the best, with a score of 94 out of 100 (a score of 80 or higher is considered good). Coming up last was France, whose political parties "show systematically lower security ratings" than all of the others.
The speed at which the SecurityScorecard team could find these flaws was the biggest source of concern, considering the two days that researchers spent looking for vulnerabilities is paltry compared to the time that motivated criminals would spend.
"Someone with more intent, who's not concerned with violating laws, would probably come back with a bigger treasure chest," Casey told WIRED.