How Google Engineers Protect Politicians during the Election

As reported in the business insider. In the past few years, there has been an increase in targeted hijacking towards the online accounts of politicians and other high-profile figures. In order to curb such attack, Google launched an Advanced Protection Program that aligns with politicians and campaigns to protect them from spear phishing.

Two years ago, Clinton campaign chairman John Podesta email was hacked in aligned with the interests of the Russian government created chaos within Hillary Clinton’s election campaign when they hacked and stole the emails of last October, Google launched the Advanced Protection Program to protect these people who are most at risk, because attacks like this aren’t going to stop anytime soon. In the past few years, the public has seen an increase in targeted hijacking – usually towards politicians, activists, business leaders, cryptocurrency users, and journalists.

The Advanced Protection Program, which Google offers to select users for free, is the highest form of personal account security the company offers. This managed security program deals with phishing, malware, hijacking, and cryptographic techniques.

Guemmy Kim, product manager of Google’s Account Security Team, told Business Insider about some of the recent trends her team has encountered in the months leading up Tuesday’s US midterm elections and shared her advice for staying safe.
Politically motivated “hijackers” will often ramp up attacks against politicians and their campaign staffers in the months leading up to a big election such as Tuesday’s, Kim said. But, she noted, there are many misconceptions of what kind of people hijackers are.

“There’s this notion of a hijacker being some guy in a dark room typing at night,” Kim said. “Hijacking activities actually follow a regular schedule. These are sophisticated hackers targeting politicians.”

That’s important to know because these hackers usually target politicians during business hours, when it’s more realistic and easier to trick people, rather than in the middle of the night.

Don’t expect to find obvious typos

Hijackers often personalize attacks for high-profile people. Using techniques like spear phishing, they may imitate a politician and send emails to the campaign subscribers. They might also try to embarrass a candidate or spearhead an attack that undermines the candidate’s credibility, like looking through emails for embarrassing information or posting personal pictures.

And the emails sent to victims look very professional – these aren’t the typo-filled junk emails people usually see in their spam inboxes.

“Security is always evolving,” Kim said. “We constantly monitor what’s happening on the landscape. Our goal is to evolve that program to keep you constantly and automatically protected.”

The Advanced Protection Program requires that users have two security keys, which are devices that use two-factor authentication to protect from phishing. It protects personal email accounts, which can be a gateway to other accounts.

The program can also protect users using OAuth, or Open Authorization, which allows a user to use an account for third-party services like Facebook without exposing the account’s password. Otherwise, Politicians may be tricked into granting access to email and contact data to malicious apps.

“Campaign apps often use third party services,” Joe Hall, Chief Technologist of the Center for Democracy and Technology, told Business Insider. “They can share people’s information with marketers. That’s more of a privacy problem.”
Never let your guard down

To stay secure, Kim recommends that users at least sign up for two-factor authentication. In addition, they should create unique passwords and make sure they’re not reusing them.

She also recommends a Chrome extension called Password Alert, which detects when users enter their Google password into any websites other than the Google’s login page.

Although Election Day is in full swing, the 2020 election is just around the corner, and politicians are already thinking about their upcoming campaigns. Still, attackers are always evolving, and the team must make sure it stays ahead of that curve.

“People were really vigilant in 2016 after high-profile attacking,” Kim said. “Some talk about helping politicians with security. I kind of want to emphasize that we can’t let that guard down. People have to keep vigilant.”