The upcoming Democratic National Convention (DNC) in Chicago, scheduled for August 19-22, has been marred by the emergence of a Telegram-based bot service known as “IntelFetch,” which has been collecting compromised credentials associated with the DNC and Democratic Party websites.
ZeroFox researchers have verified that the stolen data includes compromised credentials from the Washington and Idaho state branches of the DNC, as well as login details for party members and delegates. The exposed information comprises email addresses and passwords primarily from users registered on domains like “demconvention.com” and “democrats.org.”
Although the breach does not seem to be the result of a targeted attack, it poses a significant risk of unauthorized access to sensitive systems within the Democratic Party and the DNC. This unauthorized access could potentially allow malicious actors to breach secure systems, access confidential information, and disrupt party operations, jeopardizing the security and integrity of the DNC and other critical activities.
Notably, there is a history of state-sponsored threats targeting the DNC and other US political entities. In 2016, the Russian advanced persistent threat group APT28, also known as Fancy Bear, hacked into the DNC website, the Hillary Clinton campaign, and the Democratic Congressional Campaign Committee.
Lewis Shields, director of dark ops at ZeroFox, warns that everyone attending the convention should be considered a potential target for cyber threat actors. He emphasizes that threat actors may target attendees directly and exploit their access to reach higher-value targets. Recent hacks against political figures suggest that even individuals loosely connected to policymaking could be used to target more influential individuals.
Shields points out that foreign governments are likely keen to obtain information on potential policy decisions, as they are unable to engage with candidates via traditional means. As a result, cyber espionage campaigns and other malicious activities may be employed to gather sensitive information.
Looking beyond the DNC breach, election security is a critical concern globally. The year 2024 heralds a significant period for global democracy, with numerous national elections taking place worldwide. However, cyberattacks targeting election campaigns have been a longstanding issue.
Complex attack strategies, such as kitchen sink attack chains, have emerged as serious modern threats. FBI director Christopher Wray has warned of potential chaos during this year’s election, singling out China as a primary threat actor. Other nation states are also likely to engage in campaigns that target election infrastructure.
In addition to direct attacks, misinformation spread during election seasons and the rise of deepfake technology are worrying cybersecurity professionals. To address these evolving threats, local governments are advised to engage transparently with residents through regular updates and community partnerships to establish and uphold trust.
Shields stresses that cybersecurity is now a fundamental aspect of national security strategies, particularly in the current geopolitical landscape where cyber campaigns coexist with foreign policy and armed conflicts. He emphasizes the need for cybersecurity considerations in policy discussions related to international relations and national security.
In conclusion, the DNC breach serves as a stark reminder of the persistent cybersecurity threats facing political entities. As the landscape continues to evolve, robust security measures and proactive strategies are essential to safeguard democratic processes and protect against malicious activities.