Strengthening U.S. political campaigns against cyber threats: The urgent need for DMARC implementation

Securing political campaigns from cyber threats has never been more urgent. It is critical to secure communications that handle sensitive exchanges with voters, contributors, donations and coordinate complex operations. Campaigns make exceptionally rich targets for cyber espionage and exploitation, with our open-source research, demonstrating nearly 75% of US Senate campaign websites having not achieved Domain-based Message Authentication, Reporting & Conformance (DMARC) compliance. Their reliance on sensitive information, such as strategic plans, voter demographic data, and donor communications offer tantalizing prospects for influence, disruption, or other operations designed to undermine trust in fair elections.

In the United States, many campaign websites and digital infrastructures lack robust cybersecurity measures. Despite the importance of email security, Red Sift’s analysis shows that a troubling majority of U.S Senate and Presidential political campaign websites lack DMARC protections. Without properly managed DMARC, these campaigns are vulnerable to phishing and spoofing attempts, which can lead to breaches, leaking, and other significant security breaches. For campaigns, time pressures amplify these risks, allowing attackers to exploit lapses in security at critical moments.

Influence operations, cyber hygiene, and public trust

Historically, Russian attacks against U.S. campaigns have focused on influence operations, hoping to alter outcomes in their favor. More recently, Iran has become a formidable cyber attacker, presently focusing more on disrupting election processes than swaying voters. Russian, Chinese, and Iranian state actors have repeatedly sought to take advantage of weak email security and cyber hygiene, often to great effect as in the cases of the 2015-2016 Russian GRU hacks and most recently Iranian “hack and leak” attempts against current and former U.S. officials. 

Personal email accounts are not exempt from attack either: Russia’s cyber attacks against the private email accounts of the former chair of Hillary Clinton’s presidential campaign John Podesta and former Secretary of State Hillary Clinton were orchestrated by Russian intelligence and ultimately published on Wikileaks. 

Although their objectives may differ, the TTPs for malign actors looking to undermine elections are markedly similar: low level DDOS attacks and infostealers remain common as do phishing and social engineering attacks aimed at email communications. Acutely, campaigns should have robust technical and policy measures in place to mitigate the rise in spearphishing, impersonation, and domain-spoofing attacks. 

Today, campaign domain sites and associated email accounts remain prime vectors for exploits such as spoofed domains. As noted in FBI and CISA advisories, DMARC policies play a crucial role in preventing email spoofing and phishing attacks by ensuring that emails sent from a domain are authenticated. Properly configured, these measures would help protect a political campaign’s reputation, ultimately helping campaign operations while safeguarding against cyberattacks that can undermine the democratic process.

While there is no silver bullet for email cybersecurity, properly configured and managed DMARC is crucial for political campaigns as it helps protect against email spoofing, ensuring that only legitimate communications are sent from the campaign’s domain. This is vital for maintaining trust with voters and donors, as it prevents phishing attacks that could compromise sensitive information or spread disinformation. Ultimately, by securing email communications, DMARC safeguards the campaign’s reputation, helping to prevent attackers from tarnishing the brand with fake emails.

As last month’s joint CISA/FBI public service announcement describes, adversaries seek to undermine faith in U.S. elections by targeting several key areas: spreading disinformation, leaking or manipulating sensitive information to create misleading narratives, swaying public opinion, and discrediting candidates. Additionally, hacktivists and foreign powers may seek to access confidential strategic plans, gaining insights into a campaign’s tactics or leaking this information to sway opinion. 

Cyber attacks can also disrupt campaign operations, potentially slowing momentum. Taken together, these efforts ultimately aim to undermine public trust in the electoral process, destabilizing the political landscape, and potentially aligning election outcomes with the interests of other states. 

With heightened concerns around election integrity, implementing DMARC demonstrates a campaign’s commitment to secure, authentic communication and adherence to cybersecurity standards. This not only builds voter trust but also contributes to the overall security of the political process and the integrity of democratic processes. Campaigns are known targets of states and state-sponsored cybercriminals, as such prioritizing robust cybersecurity measures, particularly DMARC implementation, is essential to safeguarding both political campaigns and preserving public trust.

PUBLISHED BY

Sean Costigan

22 Oct. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

Beyond DMARC: How Red Sift OnDMARC supports comprehensive DNS hygiene

Red Sift

Registrable domains and DNS play a crucial role in establishing online identity and trust, but their importance is often taken for granted. During new service setups, record updates are often overlooked, accumulating outdated entries. As infrastructure teams become increasingly overstretched,  services may be incorrectly shut down without proper cleanup, leaving behind a sprawl of…

Read more
DKIM

First look at DKIM2: The next generation of DKIM

Red Sift

In 2011, the original DomainKeys Identified Mail (DKIM1) standard was published. It outlined a method allowing a domain to sign emails, enabling recipients to verify that the email originated from an entity holding a private key that matches the public key published in the domain’s DNS records. Now in 2024, DKIM is ready for…

Read more
Security

Securing our world: For a safer internet

Jack Lilley

October is Cybersecurity Awareness Month, a time for industries to unite in promoting digital security within today’s complex landscape. Bad actors are leveraging increasingly sophisticated methods—such as email phishing and Business Email Compromise (BEC)—to exploit vulnerabilities, impersonate legitimate contacts, and access sensitive information. CISA Director Jen Easterly advises us to “always think before you…

Read more
Cybersecurity

Boosting email security amid recent Coinbase phishing attempts

Jack Lilley

In recent weeks, there have been reports of sophisticated phishing attacks disguised as official communication from the cryptocurrency platform, Coinbase. These phishing emails closely mimic Coinbase’s branding and language to build recipient trust and prompt clicks on malicious links. The subject lines of these emails generally follow a format: the sender’s address starts with…

Read more