Google warns family and friends of candidates to prepare for foreign hacking before election

Political candidates and their top campaign advisers are not the only ones who need to brace for foreign nations’ hackers breaching their defenses — family and friends of the candidates are at risk as well.

Sunny Consolvo, who heads Google’s Security and Privacy User Experience team, said Tuesday that relatives and friends of candidates need expert cybersecurity protection akin to what candidates on the ballot have adopted.

“Vendors, in fact, often even the family or close friends of the candidate and possibly senior staff, are often targeted by several of these attackers we talked about,” Ms. Consolvo said on a webinar sponsored by Defending Digital Campaigns. “And so I think it makes a lot of sense for people who are supporting campaigns — whether or not they’re officially part of the campaign or on the campaign’s Workspace — to make sure their settings are at the level that are recommended for political campaigns as well.”

Ms. Consolvo, a Google researcher for more than 12 years, said candidates, campaigns and the people orbiting around them are all much bigger targets than the general public for foreign adversaries, activist hackers and cybercriminals.

State-sponsored attackers target campaigns for disruption and acquire inside information, while hacktivists have individual political agendas and cybercriminals seek financial gain, according to Google.

“From federal to local races, campaigns of all sizes face very real cybersecurity threats,” Ms. Consolvo said. “In fact, campaigns face an outsized risk of being attacked compared to many organizations in the general population.”

Google officials say they have already stopped some state-sponsored attacks on federal candidates.

Google’s Threat Analysis Group said earlier this month it thwarted an Iranian hacking group’s efforts to breach the campaign systems of former President Donald Trump and President Biden in May and June.

The Iranian hackers targeted “roughly a dozen individuals,” according to Google’s TAG, which included people outside the walls of the government’s and the campaigns’ networks.

Google said some of the people were former government officials, “individuals associated with the respective campaigns,” and that the hackers sought to “log in to the personal email accounts of targeted individuals.”

The Big Tech giant is eager to raise alarm about hackers targeting candidates and campaigns before Election Day, and it wants those affiliated with campaigns to know there is still time to bolster their cyber defenses.