Cyber Security

Two years after ‘trauma’ of hack, DNC builds a tech team with a veteran bench

The digital operations team at the Democratic National Committee hit some dark days after Russian hackers mauled their networks in 2016, hijacking dozens of computers and pilfering tens of thousands of emails to hand over to WikiLeaks and onto the internet.

Remnants of that digital bruising linger.

“I feel like everyone’s still feeling, like, the PTSD from ’16,” said Raffi Krikorian, who now is the chief technology officer for a newly beefed-up unit of the Democratic National Committee, referring to post-traumatic stress disorder.

The mood today of the DNC’s tech security team is one of cautious vigilance. The unit has grown in size and now employs cybersecurity experts who have come from some of the biggest Silicon Valley companies. Every day, the security team spots anomalies and strange behavior that could indicate a new cyberattack.

The tech team is now one of the two largest units at the DNC, with the same number of employees as the committee’s mobilization office, which handles organization and grassroots fund-raising.

In 2016, the hackers didn’t just breach the digital barricades of the DNC. They virtually feasted in the kitchen, leered at the occupants and hung out the dirty laundry. In addition to controlling the network, they stole more than 50,000 emails from the private account of Hillary Clinton’s campaign chairman, John Podesta, leaking everything from strategy memos to emails between Podesta and his wife, and even a favored creamy risotto recipe.

The disclosures were deeply embarrassing to the party and was one of the factors leading to the party’s defeat in the 2016 elections.

“I am aware that there are entities that are probing and that are looking to get a foothold,” said Bob Lord, the DNC’s chief security officer who has handled major breaches at Twitter and Yahoo.

Tech veterans have come to the DNC building for challenges – but not for big salaries.

“We’ve all taken pay cuts from what industry would have paid,” said Krikorian, an MIT-trained engineer and veteran of Uber who is the chief technology officer for the DNC, the party’s governing body.

Support our journalism

If you want to see more coverage of election security and all things midterms, please consider supporting our bureau by signing up for a subscription.

The 2016 Russian hack of the DNC continues to shape the nation’s politics. It contributed to the accusations that President Donald Trump’s campaign worked with Russia to cripple Clinton’s campaign, leading to the Special Counsel Robert Mueller’s still ongoing investigation. Mueller, who has yet to signal when he will issue a final report on Russian election meddling, formally charged 12 Russian military intelligence agents in July with masterminding and executing the DNC breach.

Not everyone sees the Democratic National Committee as a victim. President Donald Trump cast the DNC as weak and unprepared.

“I think the DNC should be ashamed of themselves for allowing themselves to be hacked,” Trump said in July.

Others in his administration offered praise, though. One of Trump’s senior cybersecurity officials, Christopher C. Krebs, who is under secretary for the Department of Homeland Security’s cybersecurity directorate, said he’d noticed greater efforts by the DNC to work on digital security.

“You’ve seen them be more forward-leaning, more forward speaking, on this, Bob Lord in particular at the DNC,” Krebs recently told McClatchy, adding that the Republican National Committee was taking cybersecurity very seriously.

DNC Chairman Tom Perez launched a recruiting drive to beef up the tech team in early 2017.

When Pam Cardona arrived 14 months ago from a tech job at Uber, the ride-sharing company, she immediately felt “the enormity of it.”

“Now is one of the few opportunities to actually make a real difference in a historically significant … time,” said Cardona, now chief of staff for technology at the DNC. “So that felt more important than how much money I could be making. … There’s a lot of eyes on us.”

“We are 35 people right now,” Krikorian said of the DNC’s tech unit. “Everyone is an engineer in some way, shape or form. We’ve assembled a team of people from Facebook, Google, Twitter, Uber and then we’ve also gotten a bunch of people who’ve worked in campaigns before.”

The new staff has deep ties to the tech industry.

“We have good relations with the Microsofts, Googles and Facebooks of the world. We now talk to them almost weekly just to make sure that, like, if they’re seeing something, that they’ll tell us about it,” Krikorian said.

Foreign powers with vast resources protect potential hackers, and the tech team uses cautionary language to describe its defensive capabilities. One can never declare victory.

“No security person is going to stand up and say, ‘We’re healthy,’” Lord said.

“We’re up against dedicated human adversaries who work in campaigns,” he said. “They can work on things that take years to accomplish … With enough money and effort, they can overcome almost any barrier.”

Bob Lord, chief security officer for the Democratic National Committee, previously handled mitigation of breaches at Twitter and Yahoo. He is seen here at DNC headquarters in a photo taken Oct. 5, 2018. Tim Johnson

Lord carries battle scars. He was in charge of information security at Twitter in 2013 when hackers obtained account information of a quarter of a million users. He later moved on to Yahoo in 2015. Shortly after arriving, Lord’s team made a disheartening discovery: Russian hackers had broken into the company’s networks in separate attacks in 2013 and 2014. Lord wasn’t at Yahoo during those breaches, in which the hackers had access to as many as 3 billion accounts, but it fell to him to mitigate the disaster.

Lord, who lives in San Francisco and travels every other week or so to Washington, sees the DNC tech team as gatekeepers who are there to discourage as many attackers as possible.

“Security these days is more like a biological system. You’re constantly under attack. You’ve got to find ways to build the right immunity so that for the vast majority of these attacks, that you’ll be able to recover from them,” Lord said.

The tech team every day is investigating some sort of phishing or denial of service attack, perhaps even worries from campaigns that their telephones are tapped, Krikorian said. The tech team said it is less concerned about who is behind such probing than it is in thwarting any breach.

“Our job isn’t really to worry about exactly where it’s coming from,” Krikorian said. “The thing I’m worried about … is just to make sure that the campaigns themselves are secure. Then we’ll worry about where it comes from, the big picture aspect of it, afterwards.”

The cybersecurity team says it is sensitive to any indication of a breach – unlike in September 2015 when the FBI’s Washington field office notified the DNC in a voice mail that Russian hackers had compromised at least one of its computers. A low-level contractor scanned the system, found nothing, and did not call the FBI back even after several subsequent FBI calls.

By November 2015, the FBI tried to notify higher level DNC officials that one of its computers was transmitting data directly to Russia. But the message didn’t get through.

It wasn’t until April 2016 that the party discovered the breach for itself.

In the end, U.S. prosecutors said two independent teams of Russian hackers, one from the FSB and another from the GRU military intelligence branch, had compromised at least 33 computers at the DNC as well as 10 computers at the Democratic Congressional Campaign Committee, located on the second floor of the building.

It won’t be the last breach to roil U.S. politics, and senior officials caution campaigns and election workers to stay vigilant.

“If the FBI knocks, open the door,” Krebs, the DHS cybersecurity official, warned attendees at an election workshop last week that brought vote supervisors from around the country.

The DNC says it has learned its lesson even as its new team investigates what Krikorian calls “interesting things coming at campaigns every single day.” It’s not a restful time.

“I’m terrified. I don’t sleep well at night,” Krikorian said. “I feel that the internet wasn’t put up to defend against these types of attack.”

Tim Johnson, 202 383-6028, @timjohnson4
Related stories from McClatchy DC