Chinese state-linked influence operation (IO) Spamouflage has become more aggressive in its efforts to influence U.S. political conversations ahead of the 2024 presidential election. This includes expanding its use of personas that impersonate U.S. voters on social media platforms and spreading divisive narratives about sensitive social issues in the U.S. Through Graphika’s ATLAS intelligence reporting, we identified 15 Spamouflage accounts on X and one account on TikTok claiming to be U.S. citizens and/or U.S.-focused peace, human rights, and information integrity advocates frustrated by American politics and the West. We also identified a cross-platform Spamouflage persona operating as an inauthentic U.S.-focused media outlet. In the run-up to the 2024 election, these accounts have seeded and amplified content denigrating Democratic and Republican candidates, sowing doubt in the legitimacy of the U.S. electoral process, and spreading divisive narratives about sensitive social issues including gun control, homelessness, drug abuse, racial inequality, and the Israel-Hamas conflict. This content, some of which was almost certainly AI-generated, has targeted President Joe Biden, former President Donald Trump, and, more recently, Vice President Kamala Harris. Despite attempts to masquerade as U.S. users and engage with hot-button issues, the accounts failed to garner significant traction in authentic online communities discussing the election. The rare exception was an inauthentic media outlet operating on TikTok which posted a video in July that has received 1.5 million views to date.

Two years before Iranian hackers breached Donald Trump’s campaign this summer, they used a similar ploy to target a former administration official and onetime confidant of John Bolton, Trump’s national security adviser and prominent Iran critic.

After infiltrating the person’s email account, the hackers sent what seemed like a harmless request to a group of fellow US-based Iran hawks, asking them to review a supposed book the person was writing about Iranian and North Korean nuclear programs.

“I am close to finishing the manuscript and have begun asking experts like yourselves to review the chapters,” read the email from June 2022, a copy of which was obtained by CNN.

Political candidates and their top campaign advisers are not the only ones who need to brace for foreign nations’ hackers breaching their defenses — family and friends of the candidates are at risk as well.

Sunny Consolvo, who heads Google’s Security and Privacy User Experience team, said Tuesday that relatives and friends of candidates need expert cybersecurity protection akin to what candidates on the ballot have adopted.

“Vendors, in fact, often even the family or close friends of the candidate and possibly senior staff, are often targeted by several of these attackers we talked about,” Ms. Consolvo said on a webinar sponsored by Defending Digital Campaigns. “And so I think it makes a lot of sense for people who are supporting campaigns — whether or not they’re officially part of the campaign or on the campaign’s Workspace — to make sure their settings are at the level that are recommended for political campaigns as well.”

Ms. Consolvo, a Google researcher for more than 12 years, said candidates, campaigns and the people orbiting around them are all much bigger targets than the general public for foreign adversaries, activist hackers and cybercriminals.

State-sponsored attackers target campaigns for disruption and acquire inside information, while hacktivists have individual political agendas and cybercriminals seek financial gain, according to Google.

“From federal to local races, campaigns of all sizes face very real cybersecurity threats,” Ms. Consolvo said. “In fact, campaigns face an outsized risk of being attacked compared to many organizations in the general population.”

Google officials say they have already stopped some state-sponsored attacks on federal candidates.

Google’s Threat Analysis Group said earlier this month it thwarted an Iranian hacking group’s efforts to breach the campaign systems of former President Donald Trump and President Biden in May and June.

The Iranian hackers targeted “roughly a dozen individuals,” according to Google’s TAG, which included people outside the walls of the government’s and the campaigns’ networks.

Google said some of the people were former government officials, “individuals associated with the respective campaigns,” and that the hackers sought to “log in to the personal email accounts of targeted individuals.”

The Big Tech giant is eager to raise alarm about hackers targeting candidates and campaigns before Election Day, and it wants those affiliated with campaigns to know there is still time to bolster their cyber defenses.

Washington CNN-Taylor Swift didn’t endorse former President Donald Trump last weekend. Ryan Reynolds wasn’t photographed wearing a pro-Kamala Harris shirt. And the Communist Party USA never backed President Joe Biden’s now-defunct campaign.

But these false claims about the 2024 campaign, and dozens of other posts with similar fake endorsements, have exploded on social media in the run up to the election, according to researchers at the News Literacy Project, a nonpartisan education group that launched a new database Thursday chronicling more than 550 unique instances of election-related misinformation.

In June, amid a bitterly contested Republican gubernatorial primary race, a short video began circulating on social media showing Utah Gov. Spencer Cox purportedly admitting to fraudulent collection of ballot signatures.

The governor, however, never said any such thing and courts have upheld his election victory.

The false video was part of a growing wave of election-related content created by artificial intelligence. At least some of that content, experts say, is false, misleading or simply designed to provoke viewers.

With Election Day rapidly approaching in the United States, the Trump campaign claims that the first major hack-and-leak operation has arrived. After a handful of U.S. media outlets received leaked material on vice presidential candidate JD Vance, the Trump campaign said it had been the victim of an Iranian hacking operation. On this episode of Safe Mode, CyberScoop senior reporter Tim Starks sits down with host Elias Groll to discuss what we know about the operation and its significance. Also on this episode, John Hammond of Huntress provides a technical deep dive on how an errant CrowdStrike software update managed to break large parts of the internet.

The POLITICO Tech podcast is your daily download on the disruption that technology is bringing to politics and policy, Episode 878

BUCKLE UP — After a week running around Las Vegas for Black Hat and DEF CON, Maggie and I thought we’d have some time to relax, but no.

The hack and leak operation aimed at former President Donald Trump’s presidential campaign is raising concerns around the cybersecurity of campaigns — though according to experts, there should have been red flags long ago.

August 12th, 2024, 7:00 AM

Donald Trump’s presidential campaign was hacked and has attributed the exfiltration of internal campaign communications to Iranian operatives, a spokesperson said Saturday.

Politico first reported the news, when it began receiving emails from an anonymous account that contained the internal conversations. The former president’s campaign manager also alluded to a Microsoft report that said Iranian operatives attempted to access an account belonging to a former presidential candidate, which the company had declined to name.

News of a reported cyberattack at the Trump campaign is likely just the beginning of what promises to be a hectic, unpredictable cybersecurity run-up to November's election.

Why it matters: Since 2016's Russian-backed pilfering of the Hilary Clinton campaign's private emails, the specter of foreign meddling in U.S. elections has returned every four years, fueling mistrust in the political process.

Political campaigns need to prioritize cybersecurity ahead of this fall's election, a panel of experts warned at a recent summit at Google in Fulton Market.

Why it matters: With the rise of AI, deep fakes and more, this election cycle may be more vulnerable to cyberthreats than any previously, non-partisan, non-aligned Defending Digital Campaigns coalition president Michael Kaiser tells Axios.

Attackers are targeting campaigns and political parties more than election infrastructure, according to a recent report from Google.

Michael Kaiser knows that cybersecurity is often not the top priority of a political campaign—or at the very least, it ranks below winning.

That’s why Kaiser’s nonprofit, Defending Digital Campaigns (DDC), provides free and low-cost defenses like email authentication, hardware keys, and website protection to political teams that have data, credentials, and money at stake.

But free cybersecurity isn’t as easy a sell as it sounds. Understaffed campaigns move quickly, and cyber is one more item on a lengthy agenda.

“You have to make it so easy—which is what we try and do—so that it doesn’t take too much time [away] from winning,” Kaiser, DDC’s president and CEO, told IT Brew.

MILWAUKEE, July 15, 2024 – AI generated content of political candidates is a big concern for voters this election cycle.

That was the message of Microsoft Tech Advisors Ashley O’Rourke and Ginny Badanes during a Monday bipartisan presentation on AI disinformation at the GOP Convention here until Thursday.

Citing a survey conducted by Defending Digital Campaigns and the computer software company Yubico, O’Rourke said that 78% of voters are concerned about AI generated content being used to impersonate a political candidate.

“It’s causing [voters] to distrust potentially authentic content and authentic communications,” O’Rourke said.

The two representatives gave a bipartisan presentation hosted by the non-profit advocacy group All In Together.

Badanes cautioned that if not properly addressed, the potential impact of AI deepfakes on the upcoming presidential election could be devastating. 

Google has announced a significant upgrade to its Advanced Protection Program (APP), offering high-risk users the option to enroll with passkeys instead of physical security keys.

APP offers the highest level of Google account security, specifically designed for individuals like journalists, public figures and activists who face a heightened risk of cyberattacks.

Cyber crimes using business emails have cost more than $43 billion since 2016.

I suppose I am not shocking anyone by telling you that email has become a prime target for modern cyber criminals, who leverage it for everything from espionage, to data theft, to the spread of false information—even for sextortion.

The numbers are mind-blowing. Cyber criminals are estimated to send around 3.4 billion emails daily, cleverly disguised to appear as if they're from reliable sources. This amounts to more than one trillion phishing emails every year. It's a huge deal. Scams using business emails have cost over $43 billion since 2016, according to the FBI. But it's not just about losing money. These scams can ruin a company's good name, mess up how it works and even lead to important and secret ideas being stolen.

Advanced Protection Program (APP) is our strongest level of Google Account security and provides extra safeguards against common attacks like phishing, malware and fraudulent access to data. We developed APP for people at high risk of cyber attacks, like journalists, elected officials, political campaign staff and human rights workers.

Today, we’re making it even easier for high risk users to enroll and use the program by making passkeys available in APP. Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account.

Advanced Protection Program (APP) is our strongest level of Google Account security and provides extra safeguards against common attacks like phishing, malware and fraudulent access to data. We developed APP for people at high risk of cyber attacks, like journalists, elected officials, political campaign staff and human rights workers.

Michael Kaiser joins The Great Battlefield podcast to talk about his career in cybersecurity and how Defending Digital Campaigns works to protect campaigns from attacks by providing them with free resources and tools.

Hackers send billions of emails every day hoping to trick people into revealing sensitive login credentials. Yubico’s YubiKeys lock down access credentials by making them impossible to transmit digitally. Every user carries a physical YubiKey fob that plugs into a computer to confirm their identity, eliminating annoying authentications that involve texts and mobile phones. “When you have a hardware-backed solution like ours, there‘s no way for someone else to use your credentials to get access to systems, because it's just in your pocket,” says CEO Mattias Danielsson. In 2023, Yubico started or expanded partnerships with Google, Apple, Microsoft, and more, and its enterprise clients drove net sales to $170 million, an 18% increase. With U.S. elections ahead in 2024, it is working with Defending Digital Campaigns, a U.S.-based nonpartisan nonprofit providing eligible political campaigns with resources to defend themselves, and democracy, from hackers.

Cybersecurity experts from around the country gathered at Google's Boulder campus this week for a summit focused on election threats.

Not only are there hundreds of races in Colorado, but half the world's population is casting ballots this year and at the same time advances in technology make it easier than ever for hacktivists to sow confusion, influence public perceptions and disrupt elections.