Foreign government hackers are continuing their assault on the personal email accounts used by lawmakers and congressional staff — and cybersecurity experts are warning that Congress is ill-equipped to deal with the problem. The issue got fresh attention last week, when Sen. Ron Wyden (D-Ore.) revealed — and Google later confirmed — that an unspecified number of senators’ and Senate staff members’ private email accounts were targeted by foreign hackers, as my colleague Karoun Demirjian reported. In a letter to Senate leadership, Wyden said the Senate sergeant-at-arms, the chamber’s main cybersecurity authority, wouldn’t assist them because the cyberattacks didn’t involve official accounts or devices. The threats against personal accounts are well known. The major hacks of Democratic officials during the 2016 election involved nonofficial emails, and officials as high-ranking as White House Chief of Staff John F. Kelly have had their personal accounts hacked. But Congress hasn’t taken action to safeguard their own despite intelligence officials’ warnings that foreign adversaries are still trying to disrupt U.S. politics. The risks hackers will steal or leak information only increase the longer lawmakers wait to secure their personal accounts, said Daniel Schuman, co-founder of the Congressional Data Coalition, which seeks to improve the way Congress stores and shares information online.
“As long as congressional information remains insecure, people will continue to use it to try to influence the political process,” said Schuman, a former congressional staffer who also serves as policy director at the left-leaning group Demand Progress, where he focuses on technology issues. “It undermines the ability of Congress to function and it makes all the committees and all the work of lawmakers and staff vulnerable to people who use it for bad purposes.”
Hacks of personal accounts could glean valuable bounties such as contact lists or access to private conversations. That kind of information is especially appetizing for a foreign government, Schuman told me. “If you want to understand what’s happening in American politics and you want to have influence, you want to understand the formal and informal networks in which the officials engage,” he said. “The line between ‘Come over for a dinner party’ and ‘Let’s talk business’ isn’t all that great.”
And it extends beyond just email, Schuman added. Other accounts on services such as LinkedIn, Facebook, Instagram or Amazon all contain “treasure troves” of information that hackers can exploit.