Cyber experts say the DNC email leak — likely part of a broader breach of the DNC’s computer systems revealed last month — is just a small taste of what’s possible. | Getty DNC turmoil confirms warnings: Hackers are targeting campaigns The hack 'is probably just the tip of the iceberg about what’s happening out there,' one expert says.

The downfall of Democratic National Committee Chairwoman Debbie Wasserman Schultz marks a groundbreaking moment that cybersecurity experts have long seen coming: Hackers — Russian-backed or not — are making a significant impact on a major U.S. political campaign.

This follows years of warnings that campaign organizations' combination of lax security and highly sensitive internal information makes them ripe targets for cyberattacks.


Hillary Clinton's campaign sought to turn the spotlight on Russia, portraying the pilfering of the DNC internal emails as an attempt by Vladimir Putin's supporters to aid Donald Trump's chances of taking the White House. An attack like this is well within the capabilities of the Russians, whom authorities and outside experts have previously blamed for infiltrating the White House, State Department and Pentagon, as well as carrying out damaging cyberattacks on Ukraine, Estonia and the nation of Georgia.

Regardless of the truth of the Clinton campaign's accusations, the DNC hack is wreaking real-world damage on the Democrats, stoking tension between Clinton's and Sen. Bernie Sanders' supporters on the eve of the party's convention in Philadelphia.

Cybersecurity experts have warned for years that campaigns and political parties are woefully weak in securing their data, despite the wealth of sensitive information they carry in their computer networks and email accounts. It’s an ideal scenario for all kinds of cyber wrongdoers — foreign adversaries trying to swing elections, intelligence agencies seeking information on future officials, hacktivist groups looking to grab attention and black market hackers trying to make a quick buck.

The DNC hack “is probably just the tip of the iceberg about what’s happening out there,” Ely Kahn, a former cybersecurity director for the National Security Council, told POLITICO last month, shortly after the DNC disclosed that its computers had been breached by hackers believed to be based in Russia. Kahn is also co-founder of the security firm Sqrrl, which tracks cyber threats.

Campaigns — inherently temporary outfits — are especially vulnerable to digital breaches, and experts have noted previous assaults on the campaigns of then-candidates Barack Obama and John McCain in 2008. Strategists have said their worries include hackers leaking opposition research files or posting chains of embarrassing internal emails — the exact scenario now playing out in the DNC.

“We always tell our staff, don’t put anything in an email you wouldn’t want to see on the front page of Politico,” Paul Tencher, a senior vice president at the public-relations firm MWW, said in an interview last month. He managed the successful Senate campaigns of Indiana’s Joe Donnelly in 2012 and Michigan’s Gary Peters in 2014.

Some liberals began pointing the finger at Russia within hours of the latest pilfered DNC emails being released by WikiLeaks. They included emails showing Wasserman Schultz referring to Sanders' campaign manager as a "damn liar," and others from DNC officials questioning Sanders' religion.

“I'm sure there's ugly stuff on DNC severs,” former New Republic editor Franklin Foer, now a New America fellow focused on tech issues, wrote Friday on Twitter. “But a foreign freaking power is trying to install a president. Perspective please!”

Michael McFaul, the U.S. ambassador to Russia from 2012 to 2014, tweeted on Sunday: “As a U.S. voter, I'm appalled by Russian meddling, want it investigated & stopped. As long-time analyst of Russia, Im [sic] impressed; they're good.”

Pressed on the possibility that Russia is innocent, McFaul conceded: “If that is proven, I retract what I said. Maybe time for a US Congressional investigation so we can learn more?”

Clinton campaign manager Robby Mook pushed the accusation Sunday on CNN’s “State of the Union,” saying: “What’s disturbing to us is that experts are telling us Russian state actors broke into the DNC, stole these emails, and other experts are now saying that the Russians are releasing these emails for the purpose of actually of helping Donald Trump.”

Donna Brazile, named Sunday as the DNC's interim chairwoman, told CNN that the drama is far from over.

"This is not just a one-day leak," Brazile told CNN, noting that the hackers had spent "well over a year" inside the DNC's system. "There will be a substantial number of emails that I understand that will be leaked over the next couple of days, weeks, months."

If the allegations against Russia are true, they would represent the first concrete example of foreign government-backed hackers trying to tilt a U.S. election. The security firm brought in to examine the DNC breach linked the digital intrusion to Moscow, although the individual claiming to be the hacker has disavowed the connection. But for country like Russia, such a hack would be well within its means.

Cyber researchers have already accused Moscow of orchestrating digital intrusions at the White House and State Department, while Defense Secretary Ash Carter last year acknowledged that Russian hackers briefly infiltrated the Pentagon’s networks. Security specialists have also blamed Kremlin-linked hackers for bringing down part of Ukraine's power grid late last year — marking the first time that a cyberattack has been known to shut off part of a country's electrical supply — and for launching all-out digital assaults on Estonia and Georgia.

Dividing and damaging the Democrats also serves Moscow’s interests if it helps Republican nominee Trump, Clinton supporters argue.

The real estate tycoon has espoused a foreign policy agenda that his critics say would weaken NATO and favor Russia, for instance in his published comments last week casting doubt on whether the U.S. should necessarily defend fellow NATO members if Putin's regime invades them. New reports last week also noted that Trump’s team stepped in to alter the GOP platform to strike references to arming Ukraine against Russian encroachment.

Additionally, Trump’s campaign manager, Paul Manafort, was a long-time consultant for the Russian-backed former Ukrainian President Viktor Yanukovych, Democrats have pointed out. Trump himself has had some kind words for Putin, while, as POLITICO reported earlier this year, the Russian-backed cable news channel RT America has been filled with praise for Trump and criticism of Clinton.

Trump's campaign scoffed Sunday at the accusations of Russian collusion.

"What a joke. This shows that Hillary Clinton will do and say anything to win the election and hold onto power in the rigged system," said Jason Miller, the Trump campaign's senior communications adviser.

Cyber experts say the email leak — likely part of a broader breach of the DNC’s computer systems revealed last month — is just a small taste of what’s possible.

While the United States may not have seen any public examples of this kind of tampering until now, elections across Latin America may have been rigged by hackers for nearly a decade, Bloomberg said in a recent investigative report. The report included an account of a small hacking team that says it spent years accepting large fees from campaigns to spy on and discredit opponents, while stealing valuable donor information.

Cybersecurity experts say this type of manipulation may already be commonplace — we just don’t see it. The most likely attackers in the U.S. — foreign spy agencies — are also the most skilled at covering their tracks.

Director of National Intelligence James Clapper has acknowledged that campaigns “are targeted by actors with a variety of motivations — from philosophical differences to espionage — and capabilities — from defacements to intrusions.”

The result could be a future in which elections are irrevocably altered by hackers.

“If hacking became more prominent and everybody was doing it to everybody else, things could get ugly pretty quick,” said Joshua Corman, director of the Atlantic Council’s Cyber Statecraft Initiative, in a recent interview. “If you can use hacking to nudge the outcome of a democratic election, that’s incredibly disruptive and scandalous.”

Security experts agree that campaigns make easy targets.

Given how modern campaigns operate, hackers have plenty of entry points. Poorly trained volunteers, field office workers vulnerable to clicking on malicious email links and unprotected Wi-Fi hotspots at hotels are just a few easy ways in.

And political strategists concede that campaigns rarely focus on cybersecurity.

Candidates and their teams “are more focused on day-to-day, how much are we raising? Are we contacting enough voters?” said Matt Mackowiak, a Republican political consultant who served as press secretary to two senators and managed an Iowa county for President Bush’s 2004 reelection campaign, in an interview last month.

Campaigns are “by definition, usually a bit too ad hoc and loose,” said John Weaver, who advised Sen. John McCain (R-Ariz.) in his 2000 and 2008 presidential campaigns, and served as chief strategist for Ohio Gov. John Kasich’s 2016 bid.

The candidate’s small coterie of trusted advisers must set up the campaign infrastructure “while they’re flying,” Weaver told POLITICO recently. In this frenetic environment, cybersecurity can seem ethereal, something to consider when everything else is running smoothly.

Technology shifts have also increased the vulnerability of information.

“When I started in politics, our voter file and our finance databases and even our opposition file were only on one computer,” recalled Tencher. “But now everything’s on the cloud.”

“Campaigns,” he added, “are relying on companies like Google and others to have secure facilities, because they can’t develop that with the resources that they have.”

Tencher pointed out that troves of internal documents also reside with third-party companies, like NGP VAN on the Democratic side, that manage data for campaigns. Studies have shown that a majority of breaches — including the mega breaches at Target and Home Depot — occur through outside vendors with access to sensitive networks.

“Companies that we work with,” Tencher said, “we ensure that there’s indemnity on their part.”

With so many pathways in, hackers can almost have their pick of internal campaign records. And there are several enticing targets for anyone looking to throw a wrench into a race, according to political consultants and former campaign advisers.

Mackowiak pointed to the vulnerability studies candidates commission about themselves, which are typically not shared beyond a very small circle. If a hacker passed along this report to a rival, the opposing campaign would know exactly where to attack.

“A vulnerability study would be the single most sensitive thing a campaign could have,” Mackowiak said. “There would be only one or two copies of it.”

Then there’s opposition research. If a hacker handed such a file to a candidate’s opponent, it would rob the candidate of the all-important element of surprise.

Donor files and information on voter-persuasion efforts are other closely-kept secrets that could kneecap a campaign if they got out.

Hackers could get rich selling candidates’ donor lists, or even a list of targeted neighborhoods, to an opponent. Armed with that information, a rival could dispatch staff to canvass those neighborhoods first and try to peel off a candidate’s donors.

The list of valuable files goes on and on: polling data, internal chatter about candidates’ schedules, gossip about audiences they’re trying to woo.

If this information “fell into the wrong hands, it would absolutely have a major impact on a race,”Tencher said.

The hackers who struck the DNC have gotten such valuable information: The first batch of data posted online last month, by a hacker going by the name “Guccifer 2.0,” included the committee’s opposition file on Trump and a report on Clinton's vulnerabilities. But that information caused just a blip in the election, containing few facts on either candidate that hadn’t already been revealed.

The DNC emails, however, have been another story, fanning the flames of Sanders backers who have long believed the committee was intentionally tipping the scales for Clinton.

Despite all the hypothetical trouble that hackers could cause, campaigns are just beginning to get serious about digital defense. Mackowiak, the GOP strategist, described fears of cyberattacks in campaign circles as “pretty low,” but “increasing.”

“We are kind of entering a new phase now where hacking and email and computer security is much easier to penetrate,” Mackowiak said. “Those kinds of things are becoming more common.”

An earlier version of this report spelled Sqrrl incorrectly.