An unknown party hacked the computer systems of both Barack Obama's and John McCain's presidential campaigns in summer 2008 and stole numerous files, according to a Nov. 5, 2008, Newsweek article. The federal government investigated the infiltration, but has disclosed few details to the public.
The article reports that IT personnel in Obama's headquarters thought their infiltration was an instance of phishing - attacks designed to scam users into turning over passwords or crucial information like credit card numbers. But the FBI and Secret Service informed technology staffers that they had uncovered a greater threat and warned, "You have a problem way bigger than what you understand. You have been compromised, and a serious amount of files have been loaded off your system." In August 2008, the federal government informed Obama staffers that McCain's campaign had also been hit.
"This was a long, gradual draw of files," said Ken Pappas, vice president of marketing and security strategist for Top Layer Security, a company providing network intrusion prevention systems. The attack fooled staffers who were in over their heads. "I never figured out or saw anybody in either one of those camps on the IT side that was a very strong network-security guy or gal."
Pappas has security clearance with the Department of Homeland Security and has spoken about security to various private- and public-sector audiences.
"[The hackers] were taking all the files on the server. So whatever was on that server, whether it was credit cards, your account, my account, Obama's strategy for advertising or McCain's, etc., they got it," he said.
The Newsweek story reports that officials at the FBI and the White House believed a foreign entity or organization wanted "information on the evolution of both camps' policy positions - information that might be useful in negotiations with a future administration." They did not believe, however, that Obama's system had been hacked by any opponents.
Pappas said candidates should guard their IT systems more carefully. He added that the federal government should provide presidential candidates with IT security in addition to physical security.
"Once you become a candidate for president, you have the Secret Service taking care of you, right? They need to do the same level of due care for the candidates' information security," he said. "They need to put the candidates' systems under some type of government umbrella because all these citizens at large that were contributing to the candidates and supplying their name, their address, their credit card number."
Pappas also predicted this type of attack would become more widespread even toward those running for lower levels of office and that politicians need to be savvier in network security if they're to use the same Internet techniques that Obama made crucial to his success.
"What happened to Barack Obama, when he gets sworn in as president, [I hope] information technology and security will be very high on his list," he said. "He's seen it firsthand happening to himself, and I have to believe, on his watch, he will not let this happen again because it happened to him."