Every 2016 presidential campaign operation was cyber attacked, says security provider

“Unfortunately, I think that the last election showed that U.S. democracy is more fragile than we all thought,” says Cloudflare CEO Matthew Prince.

Every 2016 presidential campaign operation was cyber attacked, says security provider
[Photo: Rob Crandall/Shutterstock]

Whether via Russian agents or other hackers around the world, every significant 2016 presidential campaign was targeted by cyber attacks, says the company that sought to protect them with cybersecurity measures. “In 2016 . . . we had 16 of the 17 major U.S. presidential candidates as customers,” says Matthew Prince, CEO of online security service Cloudflare. “[They ranged] the political spectrum from Bernie Sanders to Donald Trump–everyone, actually, except Hillary Clinton, somewhat ironically.”


The most devastating of those attacks, of course, was the hacking of the Democratic National Committee (also not a Cloudflare customer) and the Clinton campaign, of course. Special Counsel Robert Mueller’s indictment of 12 Russian intelligence officers on July 13 highlights the depth of those attacks in crystal-clear detail (regardless of President Trump’s day-to-day views on the matter). Mueller also reported evidence of attacks on public entities like state boards of election.

Suspicious ties

Prince would not say if any of the campaign sites Cloudflare sought to protect, in the U.S. and other countries, has ever been breached. A case study on Cloudflare’s site, however, states that the site was never beached or brought down, despite receiving an average of 500,000 attacks per day.

Prince doesn’t claim that Cloudflare could have prevented the attacks on the Clinton campaign or the DNC–which go well beyond websites and involved phishing attacks on individual email accounts, but he does say that Mueller’s findings indicate that the same hackers may have targeted Cloudflare clients–political or otherwise (which he declined to clarify).

“I think it’s fair to say that we have seen attacks that follow a lot of the same signatures that have been described by, for instance, the FBI and Robert Mueller in some of the Russian investigations,” says Prince. Cloudflare doesn’t trace attacks all the way back to the source, as Mueller’s team has done. Its job is to block and absorb an attack–by sitting between its customers and the open internet–not to find the culprit. (Competitors including Akamai, Amazon Web Services, and Incapsula provide similar security services.)

But Cloudflare does see the final source of a hack–the last online hop for launching something such as a distributed denial of service attack, which crashes a server by flooding it with way more data than it can handle.

These and other attacks typically come from either large servers or networks of individual computers that are commandeered by hackers. “We see lots of attacks coming out of Brazil,” says Prince. “I don’t think that’s necessarily because the Brazilians are trying to undermine democracy. I think it’s much more likely that Brazil just has a lot of people [with vulnerable computers].”


Prince says that Cloudflare clients may have been attacked by the same compromised computers used in the Russian-lead attacks. That’s one signature of the attackers.

Another specialty are so-called dictionary attacks–firing massive lists of username-and-password pairs at a login page until one of them works. “If the same attacker attacks two different election sites with the same list, then the [entries] would be in the same order, so that would be one easy-to-understand signature,” says Prince, who adds that Cloudflare has repelled dictionary attacks using the same lists that Mueller identified.

Neither of these attack types is terribly sophisticated. So-called script kiddies using pre-built software tools could carry out such hack attempts. “Any of these high-profile elections will get a wide range of attacks from a lot of different parties,” says Prince, “some of which I’m sure are foreign, and some of which I’m sure are domestic kids that are screwing around.” Perhaps candidate Trump’s theory about a hacker as “someone sitting on their bed that weighs 400 pounds” could be true in some instances. But Mueller–and major U.S. intelligence agencies–have made a solid case for Russia in the Clinton and DNC incidents.

Chaos and mayhem

There have also been many well-documented and strongly suspected attacks on election authorities–something that prompted Cloudflare to offer free protection to authorities like state or county boards of election in the US, through what it calls the Athenian Project. (Other companies are also volunteering their security services.)

“It’s not necessarily that the attackers are trying to support one side or the other–which naively when we started working on it would have been my assumption,” says Prince. “This is about subverting the process so that whoever wins has a harder time governing,” he says.

A process plagued by outages of resources like voter registration sites, or by bogus reporting of results, can make an entire election appear illegitimate (not unlike Trump’s unsubstantiated claim that three million noncitizens cast votes in 2016).


The end of innocence

The rise in attacks on campaigns and election authorities in the U.S. has been dramatic, says Prince, whose company has contracted with candidates “around the world,” he says, such as “both sides” in the 2012 Mexican presidential election, in which the attacks was “just insane,” as he describes it. (He presumably means that Cloudflare worked with the two leading candidates–Enrique Peña Nieto and Andrés Manuel López Obrador–but did not clarify that, either.)

“The thing that really surprises me is how much cyber attacks played a role in elections around the world, but that we hadn’t seen nearly as much of that in the U.S.,” says Prince.

Prince claims that Cloudflare is able to win so many campaigns as clients because it starts with a free offering to small businesses. Already on the system, the campaigns that become successful grow into the paid service tiers.

Those U.S. clients had a rude awakening in the last presidential contest. “Early on, it looked like any other U.S. election, where cyber attacks seemed like a very minor part of the story, but as the race went on the attacks against all the candidates started going up and up and up,” says Prince. “Unfortunately, I think that the last election showed that U.S. democracy is more fragile than we all thought.”


About the author

Sean Captain is a Bay Area technology, science, and policy journalist. Follow him on Twitter @seancaptain.