In the last few years bots, trolls and hackers have become a new and unfortunate part of our politics here in the U.S., as new reports prepared for the Senate intelligence committee showed this week.
Those reports looked at the 2016 election, and found that Russia’s Internet Research Agency made extensive use of social media, including Facebook, YouTube and Instagram, to push right-wing conspiracy theories and engender distrust in the electorate among the left, ultimately recruiting people to take concrete political actions in real life.
While these reports address the broader social media campaigns of the Russians, it is important to remember that the Russians also directly hacked both the Democratic National Committee and the Democratic Congressional Campaign Committee (which oversees House campaigns) in 2016. Materials stolen from both committees were then used by Republicans in their campaigns against Democratic candidates.
Determined to never let these kinds of influence campaigns succeed again, DCCC Chairman Rep. Ben Ray Luján, D-N.M., established a program designed to fight the malicious activity — which is poisoning our discourse and weakening our democracy — during the 2018 election cycle.
The two of us led that team over the past two years, and now that the midterms are over, we offer some observations from the front lines of this new political battlefield.
We regularly found accounts on the major social media platforms that were in violation of the rules set by Twitter, Facebook and YouTube; nothing we found was on the scale of the Russian’s extensive efforts in 2016, but the activity wasn’t insignificant either. So, as part of the DCCC’s efforts, we deployed unprecedented defensive tools to help us identify malicious activity on social media, using a customized bot-detection tool to diagnose robotic, inauthentic activity and a commercial off-the-shelf social listening platform that allowed us to better see what was happening in near real-time on the major social media platforms.
We also found, as is common among cybersecurity researchers, that the easiest way to secure against cyber intrusions is to arm every user to recognize the tactics common among hackers. And, as in 2016 (and at every organization in the world), we did see phishing and spear-phishing efforts directed at the party and at individual candidates, from various sources we did not or could not identify.
We don’t believe the DCCC had a large breach like we did in 2016, but can’t be certain. But, when campaigns encountered problems, we worked quickly to mitigate the damage and reported these intrusions to the FBI. And, working with outside partners, we were successful in helping staff internally and at campaigns embrace new behaviors and tools that were effective, affordable and simple — like two factor authentication, encrypted messaging and better data protections. Much of the DCCC’s strategy work was inspired by the highly regarded cybersecurity framework developed by the U.S. government’s National Institutes of Standards and Technology (NIST) — a set of smart protocols which should become far more familiar to those of us in politics.