Former officials warn campaigns to ‘buckle up’ — more hacks are likely

LAS VEGAS — The hack and leak operation aimed at the presidential campaign of former President Donald Trump could be a troubling sign of more cyberattacks to come between now and November, experts and officials are warning.

After POLITICO broke the news of the hack on Saturday, talk of it rippled through the DEF CON conference — one of the world’s largest gatherings of hackers, as it closed out its final day. At DEF CON’s “Voting Village,” where security researchers rip apart voting infrastructure to find flaws, attendees were talking just as much about the worries for campaigns as they were about the security of ballot-casting machines.

Nicole Tisdale, a former director on the White House National Security Council, told a packed audience that she’d changed what she planned to discuss on her panel after waking up to the news.

“The idea that hack and leaks are going to happen in 2024 has been previewed and we have our first hack and leak of the Trump campaign today,” said Tisdale, who is now an adviser to the Aspen Institute’s Cyber Program.

“Buckle up,” Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, posted Saturday . “Someone is running the 2016 playbook, expect continued efforts to stoke fires in society and go after election systems.”

The hack involved the compromise of international communications documents by what the Trump campaign described as “foreign sources hostile to the United States” and blamed Iranian hackers, citing a report released by Microsoft Friday detailing how Iranian hackers were targeting an unnamed presidential campaign. POLITICO has not independently verified the identity of the hackers.

It’s far from the first time presidential campaigns have been targeted in this way, and for some experts, it immediately brought to mind the hack and leak operation by the Russian government in the summer of 2016 against the campaign of then-Democratic nominee Hillary Clinton. That effort involved both leaking emails from the Clinton campaign, as well as targeting voter registration databases in multiple U.S. states.

“If they’re going into the more hack and dump type thing in 2016, that’s obviously bad, and I would hope … that both campaigns are against hacking of any campaign so that we don’t have a repeat of 2016,” Jake Braun, former acting deputy principal national cybersecurity director, said Saturday on the sidelines of the DEF CON hacking conference.

The compromise of the Trump campaign is already raising concerns on Capitol Hill. Rep. Eric Swalwell (D-Calif.), ranking member of the House Homeland Security Committee’s cyber subcommittee, told POLITICO Saturday night that he was “hoping to be briefed in the next few days” by federal agencies on the issue, and that he would be returning to Washington, D.C., from the summer congressional recess for this.

“Foreign interference of any kind to help any party is wrong, and the best antidote is unity in condemning it,” Swalwell said. “If this is indeed a foreign hack, Donald Trump is lucky he will not be treated as dishonorably as he treated Secretary Clinton in 2016.”

The Biden administration has been on high alert for this type of effort. The Office of the Director of National Intelligence put out a report last month warning that Russia, China and Iran were all likely to interfere in the upcoming election, and intelligence officials briefed reporters that foreign hackers were probing U.S. voting systems . Mark Montgomery, senior director at Foundation for the Defense of Democracies, said these three nations are “actively working to destabilize the U.S election process through cyber malicious activity.”

“Their ultimate aim is to undermine the American public’s trust in the democratic process, and a hack like this serves exactly this purpose,” Montgomery said.

A spokesperson for the Cybersecurity and Infrastructure Security Agency declined to comment on whether the agency had been in touch with the Trump campaign, or on whether CISA officials would be among those to brief Swalwell and other lawmakers, referring POLITICO to the Justice Department. Spokespersons for DOJ did not respond to a request for comment on both issues.