The most trivial communications were weaponized and drastically changed the course of the 2016 elections right before our eyes. As a result, information security is now a number one priority for all political campaigns — domestic and international. Yet many in the political community, including France, the UK, and the US, are deploying the same old practices, tools, and user training for communicating highly-sensitive information. In addition to continuing to hoard high-target data, political parties and candidates are reluctant to change behaviors and ask for help. Admitting to being hacked has become increasingly stigmatized, preventing under-resourced campaigns and the policy community from understanding how to deal with persistent and well-funded adversaries.
What have we learned and how likely is it that this will happen to election campaigns again? This talk will provide a first-hand context for understanding the exact political, media and security environments in which multiple breaches were detected on the democratic side of the 2016 campaign and how they went unmitigated for months. The talk will then trace how, in the aftermath, the affected parties have attempted, successfully or not, to recover and learn to work with the infosec community. We will also touch on what impact product decisions in the tech and security space have on ordinary users’ ability to do their work, including running national campaigns. Finally, the talk will touch on ephemerality becoming a number one behavioral change the ‘victims’ of the election hacking seek as an antidote to information weaponization.