Strengthening U.S. political campaigns against cyber threats: The urgent need for DMARC implementation

Securing political campaigns from cyber threats has never been more urgent. It is critical to secure communications that handle sensitive exchanges with voters, contributors, donations and coordinate complex operations. Campaigns make exceptionally rich targets for cyber espionage and exploitation, with our open-source research, demonstrating nearly 75% of US Senate campaign websites having not achieved Domain-based Message Authentication, Reporting & Conformance (DMARC) compliance. Their reliance on sensitive information, such as strategic plans, voter demographic data, and donor communications offer tantalizing prospects for influence, disruption, or other operations designed to undermine trust in fair elections.

In the United States, many campaign websites and digital infrastructures lack robust cybersecurity measures. Despite the importance of email security, Red Sift’s analysis shows that a troubling majority of U.S Senate and Presidential political campaign websites lack DMARC protections. Without properly managed DMARC, these campaigns are vulnerable to phishing and spoofing attempts, which can lead to breaches, leaking, and other significant security breaches. For campaigns, time pressures amplify these risks, allowing attackers to exploit lapses in security at critical moments.

Influence operations, cyber hygiene, and public trust

Historically, Russian attacks against U.S. campaigns have focused on influence operations, hoping to alter outcomes in their favor. More recently, Iran has become a formidable cyber attacker, presently focusing more on disrupting election processes than swaying voters. Russian, Chinese, and Iranian state actors have repeatedly sought to take advantage of weak email security and cyber hygiene, often to great effect as in the cases of the 2015-2016 Russian GRU hacks and most recently Iranian “hack and leak” attempts against current and former U.S. officials. 

Personal email accounts are not exempt from attack either: Russia’s cyber attacks against the private email accounts of the former chair of Hillary Clinton’s presidential campaign John Podesta and former Secretary of State Hillary Clinton were orchestrated by Russian intelligence and ultimately published on Wikileaks. 

Although their objectives may differ, the TTPs for malign actors looking to undermine elections are markedly similar: low level DDOS attacks and infostealers remain common as do phishing and social engineering attacks aimed at email communications. Acutely, campaigns should have robust technical and policy measures in place to mitigate the rise in spearphishing, impersonation, and domain-spoofing attacks. 

Today, campaign domain sites and associated email accounts remain prime vectors for exploits such as spoofed domains. As noted in FBI and CISA advisories, DMARC policies play a crucial role in preventing email spoofing and phishing attacks by ensuring that emails sent from a domain are authenticated. Properly configured, these measures would help protect a political campaign’s reputation, ultimately helping campaign operations while safeguarding against cyberattacks that can undermine the democratic process.

While there is no silver bullet for email cybersecurity, properly configured and managed DMARC is crucial for political campaigns as it helps protect against email spoofing, ensuring that only legitimate communications are sent from the campaign’s domain. This is vital for maintaining trust with voters and donors, as it prevents phishing attacks that could compromise sensitive information or spread disinformation. Ultimately, by securing email communications, DMARC safeguards the campaign’s reputation, helping to prevent attackers from tarnishing the brand with fake emails.

As last month’s joint CISA/FBI public service announcement describes, adversaries seek to undermine faith in U.S. elections by targeting several key areas: spreading disinformation, leaking or manipulating sensitive information to create misleading narratives, swaying public opinion, and discrediting candidates. Additionally, hacktivists and foreign powers may seek to access confidential strategic plans, gaining insights into a campaign’s tactics or leaking this information to sway opinion. 

Cyber attacks can also disrupt campaign operations, potentially slowing momentum. Taken together, these efforts ultimately aim to undermine public trust in the electoral process, destabilizing the political landscape, and potentially aligning election outcomes with the interests of other states. 

With heightened concerns around election integrity, implementing DMARC demonstrates a campaign’s commitment to secure, authentic communication and adherence to cybersecurity standards. This not only builds voter trust but also contributes to the overall security of the political process and the integrity of democratic processes. Campaigns are known targets of states and state-sponsored cybercriminals, as such prioritizing robust cybersecurity measures, particularly DMARC implementation, is essential to safeguarding both political campaigns and preserving public trust.

PUBLISHED BY

Sean Costigan

22 Oct. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Winter wins: Red Sift OnDMARC wraps up 2024 as a G2 DMARC…

Francesca Rünger-Field

The season of giving has brought us another reason to celebrate! Red Sift OnDMARC continues its winning streak in G2’s Winter 2025 report, earning Leader status in the DMARC category for another consecutive season. This recognition reflects our strong market presence and the unwavering satisfaction of our customers. Cheers to wrapping up 2024 on…

Read more
AI

Text classification in the age of LLMs

Phong Nguyen

As natural language processing (NLP) advances, text classification remains a foundational task with applications in spam detection, sentiment analysis, topic categorization, and more. Traditionally, this task depended on rule-based systems and classical machine learning algorithms. However, the emergence of deep learning, transformer architectures, and Large Language Models (LLMs) has transformed text classification, allowing for…

Read more
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more