Recent news is all about election hacking, with the publication this week by The Intercept of a top-secret report from the U.S. National Security Agency (NSA), detailing how Russian military intelligence or state-sponsored attackers – or, maybe as Russian President Vladimir Putin stated in a recent interview, “patriotically minded” private Russian hackers – launched a multi-pronged phishing and spearphishing attack on voter registration during the 2016 U.S. presidential elections.
But, election hacking, manipulation, and influence have been in the news since before 2016. There was the hack of Democratic National Committee (DNC) emails and the personal emails of John Podesta, then chairman of Hillary Clinton’s U.S. presidential campaign, and the subsequent campaign of mis- and dis-information to influence the results of the 2016 U.S. presidential election.
Then came the hack of France's then-presidential candidate - and now president - Emmanuel Macron's emails, and subsequently attempted campaign of election manipulation with the release of the hacked data, foiled by false information planted by Mssr. Macron’s then-campaign digital content manager – now junior minister of digital economy – Mounir Mahjoubi.
There were the warnings sent to the candidates in UK's snap general election taking place this week – Thursday, June 8th – from the computer security chief at the British intelligence and security organization GCHQ, offering advice on preventing breaches.
Recently, the head of Germany’s domestic intelligence agency, the BfV, did warn Russia about using data stolen during a May 2015 hack of the Bundestag, Germany’s lower house of parliament, further attacks against political parties, or any attempt to influence German elections in September 2017.
Whether it's attacks by nation state intelligence agencies, state-sponsored hackers, “patriotic” private citizen attackers – or, even somebody sitting on their bed that weighs 400 pounds, as U.S. President Donald J. Trump stated – hacking candidates’ email accounts, then distributing real or phony information collected from the stolen emails to embarrass candidates and to obviously sway elections is now standard political attacker practice.
And, it all starts with a phishing or spearphishing attack: Simply a user opening an email and clicking on a link.
Today, web and email account for almost 90% of the threats facing enterprise security teams – as well as governments and political parties. Traditional defenses aren't working well enough to stop phishing, spearphishing, and other attacks. This problem requires a novel approach that doesn’t rely on detection or protection, or that can protect only 99.9% of attacks. Because it’s that 0.1% of attacks that cause the most damage.
That’s where Menlo Security comes in. Instead of trying to differentiate between good or bad content, the Menlo Security Isolation Platform (MSIP) isolates and executes all web content, email links and documents in the cloud. There’s no endpoint software, new browsers, or browser plug-ins necessary. The user enjoys a malware-free rendering of their isolated session in their native browser. It’s a transparent user experience, 100% safe every time, and proven daily by hundreds of customers and tens of thousands of users worldwide.
We need to stop spearphishing campaigns that target elections. The fate and credibility of democracy could hang in the balance. For the UK Prime Minister, Theresa May, and her government, fake news may play a significant role in determining whether she remains in office or not.
For more information on Menlo Security and how the Menlo Security Isolation Platform addresses phishing and spearphishing, please read our report, “Anatomy of a Spear Phishing Attack”.