US political parties are still making basic cybersecurity blunders

Many of the biggest political organizations in the US still have awful cyber hygiene ahead of next year’s election.

The news: Researchers at cybersecurity firm SecurityScorecard spent the first quarter of 2019 analyzing the anti-hacking defenses of the parties, including both the US Republican National Committee (RNC) and the Democratic National Committee (DNC). They found that both have some serious holes to address.

The dirty truth: The flaws include exposed personal data about employees that could be used to create fake identities; older versions of software that could let hackers steal usernames and passwords fairly easily; and malicious software, or malware, that could be used to spy on party activities and compromise user accounts.

Why this matters: Ahead of the 2016 US presidential election, hackers penetrated the DNC’s systems and stole e-mails and other data to cause chaos. With European Union parliamentary elections looming and the US about to enter another presidential election year, more attacks on political organizations are inevitable.

Bigger is (somewhat) better: The researchers acknowledge that the RNC and DNC have put significant effort into bolstering their cyber defenses since 2016 but say they still found some (undisclosed) weaknesses. Another, smaller party was using a tool that leaked voter names, dates of birth, and addresses. This flaw was fixed after the party was told what SecurityScorecard had found.