Democrats' campaign dilemma: If we're hacked, do we go public?

The Democratic National Committee ...

Posted: Aug 28, 2018 8:56 PM
Updated: Aug 28, 2018 8:56 PM

The Democratic National Committee announced last Wednesday that it had thwarted what it believed was a sophisticated attempt to hack into its voter database. But everything wasn't what it seemed. The DNC later learned the attempt wasn't the work of an adversary, but had come from within.

What actually had been detected was a simulation by the Democratic Party of Michigan of the makings of a hack. The state party had failed to let the DNC know about the exercise.

Crime, law enforcement and corrections

Criminal offenses

Digital crime

Digital security

Elections and campaigns

Federal Bureau of Investigation

Government and public administration

Government bodies and offices

Government organizations - US

Hans Keirstead

Political Figures - US

Political organizations

Politics

Technology

US Democratic Party

US Department of Justice

US federal departments and agencies

US federal government

US political parties

RELATED: 'Misstep' by Michigan Democrats caused a cybersecurity scare and prompted the DNC to call the FBI

In theory, the scare, which prompted the DNC to call the FBI, showed that the party's cybersecurity systems were working: A threat was detected, the party worked with cybersecurity and hosting firms to move quickly to neutralize the threat, they contacted authorities and they promptly shared information with regional party officials and the media.

That last bit, however, is what Democrats have been reckoning with since the extensive hacking of their party and presidential campaign in the lead-up to the 2016 election: If we're hacked, should we tell voters?

Broadly, there appear to be two competing schools of thought on that issue.

One says to keep the information quiet. Report it to authorities, but don't make it public as it will distract from the message of the campaign.

The other says to share information about the hack so other campaigns know what to look for, and -- perhaps more significantly -- to put the media and opposition campaigns on notice that if internal campaign correspondence surfaces, it could be the result of a hack.

Hackings in California

Earlier this month, it emerged that the campaigns of two Democratic congressional candidates in California had been breached in the lead-up to the state's primary in June.

Neither Dr. Hans Keirstead's nor David Min's campaigns made the details of the hacks public at the time, as they didn't want it to become a distraction, sources from both campaigns told CNN. The details of the breaches emerged only after both candidates lost their primaries.

The Democratic Congressional Campaign Committee -- a group that was itself hacked by Russian military intelligence in 2016, as outlined in a recent indictment from special counsel Robert Mueller -- wouldn't explicitly say what it advises campaigns to do after a hack.

It pointed out that it doesn't have control of individual campaigns, but a committee aide said cyber and legal experts the committee had spoken with warned that discussing the details of individual cyber threats increases the threat.

Sources familiar with the Keirstead and Min campaigns said the Democratic Congressional Campaign Committee didn't advise them one way or the other on going public about being hacked. All said the committee was helpful in helping improve their campaigns' cybersecurity after they reported the breaches.

"Every campaign has to make an individual choice about whether to make information about a hack public," Robby Mook, Hillary Clinton's former campaign manager, told CNN. "But the last thing any campaign should want is a bunch of compromising information released to the public without the proper context that it was stolen -- perhaps by a hostile foreign government."

Democrats tried to get ahead of the hacked materials in 2016, but Mook said many found the revelations that it was due to a Russian intelligence operation "unbelievable at the time."

He said that although he understood why campaigns were reluctant to do anything to distract from their message, "A story that you got hacked is maybe a one- or two-day story, and buys you time to educate the press about who is behind the attack. Thousands of juicy emails released at regular intervals can be a weeks-long story. The one-day story may protect your message from the weeks-long story."

When Keirstead's work email, which the candidate sometimes used for campaign correspondence, was hacked, the decision was made to keep it under wraps, a source familiar with the campaign told CNN.

"The only decision that you take into account is how does this affect your electoral chances," the source said.

When Min's campaign realized it had been hacked in March, an FBI agent arrived at the campaign's headquarters within 24 hours, according a source familiar with the campaign.

The source added, "We didn't want to make anything happen that would interfere with (the FBI investigation) or take away from the focus of the campaign."

The source hinted at another concern that campaigns that are hacked may have in mind: money. A hack could dissuade donors from contributing out of fear their information will be compromised.

The hack that wasn't

The DNC said last week's false alarm demonstrated the party is being proactive when it comes to cybersecurity.

"Despite our misstep and the alarms that were set off, it's most important that all of the security systems in place worked," said Brandon Dillon, the chair of the Michigan Democratic Party, the group responsible for the scare.

And despite the false alarm, it appears that the threat is very real. The targeting of the Keirstead and Min campaigns was done by actors who have not been made known -- and may not be known to authorities.

Microsoft announced last week that it had taken control of six websites it said had been created by Russian military intelligence that could have been used to target the US Senate and conservative groups. So far this election cycle, there have been no public disclosures of Republican campaigns suffering a breach.

In announcing the company's move against the Russian operation, Microsoft President Brad Smith wrote in a blog post, "We can only keep our democratic societies secure if candidates can run campaigns and voters can go to the polls untainted by foreign cyberattacks."

Indiana Coronavirus Cases

Data is updated nightly.

Cases: 613228

Reported Deaths: 9728
CountyCasesDeaths
Marion846851338
Lake45676687
Allen32980552
Hamilton29649315
St. Joseph27531382
Elkhart24478345
Vanderburgh19610250
Tippecanoe18108141
Johnson15191295
Porter14944169
Hendricks14485250
Madison11044222
Clark10811144
Vigo10795181
Monroe9458113
Delaware9170134
LaPorte9145164
Howard8292144
Kosciusko810183
Warrick680299
Hancock6782104
Bartholomew6640100
Floyd6507110
Wayne6177162
Grant6027116
Dubois558680
Boone556468
Morgan548695
Henry511464
Marshall506984
Cass486964
Dearborn486545
Noble475659
Jackson427747
Shelby420781
Lawrence393780
Clinton375044
Gibson374459
Harrison353045
DeKalb349864
Montgomery347654
Knox336239
Miami324544
Steuben315046
Whitley311126
Wabash305851
Adams302836
Ripley300546
Putnam298950
Huntington294860
Jasper291734
White275143
Daviess271774
Jefferson266238
Decatur249583
Fayette248648
Greene242262
Posey241028
Wells236951
LaGrange230062
Scott226839
Clay224332
Randolph215248
Jennings200636
Sullivan193533
Spencer193022
Washington188023
Fountain184927
Starke176444
Jay168623
Owen167637
Fulton164830
Orange160935
Carroll159715
Rush156318
Perry155929
Vermillion149734
Franklin149333
Tipton133133
Parke13088
Pike118526
Blackford111822
Pulaski97837
Newton92021
Brown88335
Benton87110
Crawford8099
Martin74913
Warren6857
Switzerland6695
Union6297
Ohio4977
Unassigned0376

Ohio Coronavirus Cases

Data is updated nightly.

Cases: 868656

Reported Deaths: 10768
CountyCasesDeaths
Franklin102154707
Cuyahoga865201153
Hamilton64744448
Montgomery43516419
Summit35250762
Lucas31663631
Butler31268232
Stark26096443
Warren19830142
Lorain19296229
Mahoning17471339
Lake16250154
Clermont16128112
Delaware1453680
Licking13326137
Fairfield1294981
Trumbull12920317
Greene12174141
Medina11732168
Clark11058265
Wood10457158
Allen9988127
Portage9454111
Miami924473
Richland9236118
Marion7486113
Tuscarawas7440183
Columbiana7409124
Pickaway732150
Wayne7111172
Muskingum710342
Erie6221130
Ross5558100
Hancock555292
Scioto542764
Geauga515955
Darke473492
Lawrence460658
Union456928
Ashtabula456473
Sandusky439562
Mercer435089
Seneca433866
Huron432841
Auglaize424164
Shelby422522
Jefferson422469
Belmont421145
Washington394240
Athens38389
Putnam378075
Madison358129
Knox356122
Ashland349038
Fulton340443
Defiance334486
Crawford325774
Preble322737
Brown315821
Logan312132
Ottawa296543
Clinton291543
Williams280367
Highland279018
Jackson265845
Guernsey257126
Champaign253428
Fayette239530
Morrow23464
Perry233718
Holmes226774
Henry221953
Hardin215533
Coshocton206922
Van Wert203445
Gallia199826
Wyandot196751
Pike178017
Adams177715
Hocking173224
Carroll157616
Paulding145321
Noble121040
Meigs109724
Monroe102232
Harrison89921
Morgan83931
Vinton71314
Unassigned00
Fort Wayne
Cloudy
31° wxIcon
Hi: 33° Lo: 30°
Feels Like: 22°
Angola
Cloudy
27° wxIcon
Hi: 31° Lo: 26°
Feels Like: 16°
Huntington
Cloudy
30° wxIcon
Hi: 32° Lo: 30°
Feels Like: 25°
Fort Wayne
Cloudy
31° wxIcon
Hi: 33° Lo: 30°
Feels Like: 22°
Lima
Cloudy
32° wxIcon
Hi: 33° Lo: 31°
Feels Like: 23°
More Clouds than Sun Wednesday
WFFT Radar
WFFT Temperatures
WFFT National

Community Events