Obama, McCain Campaign Servers Hacked

How Much Security Is Enough Security? Newsweek is reporting on a very interesting story brought up in the wake of the recently-ended presidential campaign in the United States.

It would appear that the computer networks of both the presidential hopefuls’ campaigns were infected with trojan of an undisclosed nature – but probably posessing keylogger capabilities among other things, and that these trojans were later used to siphon an unknown number of files from both networks.

The penetrations were detected by Obama’s campaign staff, which then announced the FBI and the Secret Service, only to receive word a day later from the White House that they had a real problem and that McCain’s network was similarly affected. Story details are scant so far, and it all sounds a bit cloak and dagger until you remember Watergate and the fact that yes, such things do happen in the real world.

The attacker or attackers remain unidentified (at least publicly) and the impact of these break-ins is very hard to ascertain, with no inside information on what, how and by whom was stolen. It is clear however that whoever did it gained unique insight in the motivations and agendas of both candidates, as well as a good perspective on their respective strategies, both pre- and post- election. Such information could prove to be invaluable to any political actor on the world stage.

Perhaps the sysadmins in Obama’s campaign should have expected opposition of the kind usually posited as an upper limit for an adversary’s resources in cryptography studies: an attacker with the skill and equipment levels that can be mustered by a nation-state. That’s an awkward situation for defenders, even defenders as well-heeled as the Obama campaign was (they raised a whopping USD 639,200,000 by one account). Nevertheless, the fact that they even detected the intrusion on their own remains to be commended.

From the outside looking in, though, and from a security perspective, there’s one lesson to be re-learned: your defenses need to be at least as good as the data you’re protecting.

About the author


Razvan Stoica is a journalist turned teacher turned publicist and
technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking.

Razvan Stoica started off writing for a science monthly and was the chief
editor of a science fiction magazine for a short while before moving on to
the University of Medicine in Bucharest where he lectured on the English
language. Recruited by Bitdefender in 2004 to add zest to the company's
online presence, he has fulfilled a bevy of roles within the company since.

In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.