:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/63712182/540060084.0.jpg)
Attacks against the computer networks of presidential campaigns and political parties by hackers operating out of Russia and China have become a traditional staple of election season, going back at least as far as 2008.
They’ve struck again in 2016, gaining access to the network of the Democratic National Committee and releasing a detailed opposition research document on the Republican Party’s presumptive nominee Donald Trump.
The basic theory behind these hacking attacks is simple: Governments of other countries want dirt that will be useful in dealing with the person who might be America’s next president.
Having read the table of contents of the leaked document and some of the coverage about it, I’m struck by a few things.
First, if you've paid any attention to the Trump campaign since the beginning, the document contains no meaningfully new revelations. It is, more or less, a collection of highlights drawn from negative stories about Trump's business dealings, the lawsuits over Trump University, his treatment of and attitudes toward women, incendiary quotes from speeches and so on, all pulled together in a readable package.
Second, if anyone at the DNC had been thinking strategically, they would have anticipated — or, in fact, assumed — that a hack would come. That in mind, it would be smart to leave a certain amount of seemingly sensitive information vulnerable to be "found" by the attackers.
Let’s game the theory out a bit. If you know the hackers are coming, you know they're going to be looking for data to steal. You can also use the opportunity to study the attackers' methods and tricks, which is what the the New York Times did in 2013 when hackers from China breached its network.
Then, you can report the attack as a crime to the FBI, which it unquestionably is. That makes it a national news story. Then you wait.
We had only to wait about 24 hours after the first reports of the hacks before the headline-grabbing opposition document showed up on file-sharing networks, then on Gawker and The Smoking Gun for everyone to read.
Next, everyone who's interested clicks through to read it to see if there are any juicy new revelations. In the process, they re-read all the negative things they've ever heard about Donald Trump, remember a few things they forgot and maybe learn about a few they didn’t know.
The document essentially becomes an elaborately staged 237-page attack advertisement. Smart, right? Even Trump himself believes a version of this theory.
Meanwhile, following the advice and counsel of seasoned security professionals, the DNC and/or the Hillary Clinton campaign have locked down their truly sensitive documents on encrypted hard drives and limited their access to a few very senior campaign or party operatives who use multi-factor authentication.
That’s what I’d like to imagine happened. I'm probably giving them too much credit for being creative. The professionals running the operations of our political campaigns can't really be so dumb as to have left their most important information so readily unprotected, could they? Really?
Examples elsewhere aren’t encouraging. When Sony Pictures Entertainment was attacked by hackers working on behalf of North Korea, its network suffered from serious deficiencies that its own auditor had found and identified. You can read the emails of its most senior executives on Wikileaks. Its CEO now says he loves his fax machine.
The U.S. Government’s Office of Personnel Management was attacked by hackers in China and personal information on millions of federal employees, past and present, was taken. It served as the starkest proof yet that outside the national security establishment, the Federal government sucks at cyber security.
Yes, really. When it comes to securing their computers, like so many others, they probably are exactly that dumb.
Jeff Bezos on Donald Trump and the media
This article originally appeared on Recode.net.
