The Atlanta Journal-Constitution
Democrats ignored cyberattack warnings,
Consultants had warned that system was vulnerable.
WASHINGTON — The Democratic National Committee was warned last fall that its computer network was susceptible to attacks but didn’t follow the security advice it was given, according to three people familiar with the matter.
The missed opportunity is another blow to party officials already embarrassed by the theft and public disclosure of emails that have disrupted their presidential nominating convention in Philadelphia and is forcing their chairwoman to resign.
Computer security consultants hired by the DNC made dozens of recommendations after a two-month review, the people said.
Following the advice, which would typically include having specialists hunt for intruders on the network, might have alerted party officials that hackers had been lurking in their network for weeks — hackers who would stay for nearly a year.
Instead, officials didn’t discover the breach until April. The theft ultimately led to the release of almost 20,000 internal emails through WikiLeaks last week on the eve of the convention.
The emails have devastated party leaders. Rep. Debbie Wasserman Schultz, the DNC chairwoman, has agreed to resign at the end of this week’s convention. She was booed off the stage on opening day after the leaked emails showed that party officials tried to undermine the presidential campaign of Sen. Bernie Sanders in favor of Hillary Clinton, who was formally nominated on Tuesday evening. Party officials are supposed to remain neutral on presidential nominations.
The FBI is examining the attack, which law enforcement officials and private security experts say is linked to the Russian government. President Barack Obama suggested on Tuesday that Russia might be trying to interfere with the presidential race.
Russian officials deny any involvement in the hacking and say they’re not trying to influence the election.
The consultants briefed senior DNC leaders on the security problems they found, the people familiar with the matter said. It’s unclear whether Wasserman Schultz was present. Now, she is likely to face criticism over not only the content of the emails — including one in which a party official proposes pushing stories in the news media questioning Sanders’ belief in God — but also the failure to take steps to stop the theft in the first place.
“Shame on them. It looks like they just did the review to check a box but didn’t do anything with it,” said Ann Barron-DiCamillo, who was director of US-Cert, the primary agency protecting U.S. government networks, until last February. “If they had acted last fall, instead of those thousands of emails exposed it might have been much less.”
The assessment by Good Harbor Security Risk Management, headed by the former Clinton and Bush administration official Richard Clarke, occurred over two months beginning in September 2015, the people said. It included interviews with key staff members and a detailed review of the security measures in place on the organization’s network, they said.
The review found problems ranging from an outof-date firewall to a lack of advanced malware detection technology on individual computers, according to two of the people familiar with the matter.
The firm recommended taking special precautions to protect any financial information related to donors and internal communications including emails, these people said.
The DNC paid $60,000 for the assessment, according to federal filings.
Mark Paustenbach, a spokesman for the DNC, declined to comment on the Good Harbor report. Emilian Papadopoulos, president of Washington-based Good Harbor, said he couldn’t comment on work done for a specific client.
The security review commissioned by the DNC was perhaps the most detailed of a series of missed warnings. Officials at both the Republican National Committee and the DNC received government briefings on espionage and hacking threats beginning last year, and then received a more specific briefing this spring, according to another person familiar with the matter.