It would appear that the computer networks of both the presidential hopefuls’ campaigns were infected with trojan of an undisclosed nature – but probably posessing keylogger capabilities among other things, and that these trojans were later used to siphon an unknown number of files from both networks.
The penetrations were detected by Obama’s campaign staff, which then announced the FBI and the Secret Service, only to receive word a day later from the White House that they had a real problem and that McCain’s network was similarly affected. Story details are scant so far, and it all sounds a bit cloak and dagger until you remember Watergate and the fact that yes, such things do happen in the real world.
The attacker or attackers remain unidentified (at least publicly) and the impact of these break-ins is very hard to ascertain, with no inside information on what, how and by whom was stolen. It is clear however that whoever did it gained unique insight in the motivations and agendas of both candidates, as well as a good perspective on their respective strategies, both pre- and post- election. Such information could prove to be invaluable to any political actor on the world stage.
Perhaps the sysadmins in Obama’s campaign should have expected opposition of the kind usually posited as an upper limit for an adversary’s resources in cryptography studies: an attacker with the skill and equipment levels that can be mustered by a nation-state. That’s an awkward situation for defenders, even defenders as well-heeled as the Obama campaign was (they raised a whopping USD 639,200,000 by one account). Nevertheless, the fact that they even detected the intrusion on their own remains to be commended.
From the outside looking in, though, and from a security perspective, there’s one lesson to be re-learned: your defenses need to be at least as good as the data you’re protecting.