WASHINGTON — Chinese hackers are targeting the personal email accounts of campaign staff members working for former Vice President Joe Biden, Google said Thursday, while confirming previous reports that Iran has targeted President Donald Trump’s campaign.
In disclosing the attempts, Google’s chief of threat analysis, Shane Huntley, who oversees the tracking of state-sponsored, sophisticated hacking, said there was no evidence yet that the Chinese hackers had pierced Biden’s campaign. The attacks appear to be conventional spear-phishing attacks, similar to the Russian breach of John Podesta’s personal emails in 2016, when he was Hillary Clinton’s campaign chairman.
But Google’s announcement Thursday underscored the fact that during the 2020 election, Russian hackers, who combined hacking and disinformation in the last presidential election cycle, will not be alone. Even before Google’s announcement — posted on Twitter — security experts warned that Russian hackers would be joined by those from other American adversaries.
Biden’s campaign said in a statement that “we are aware of reports from Google that a foreign actor has made unsuccessful attempts to access the personal email accounts of campaign staff.”
It added: “We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them. Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign’s assets are secured.”
The motivations for such attempts could be many. China already has major espionage assets aimed at the Trump administration and other parts of the U.S. government, so going after the president’s campaign infrastructure may be redundant — and less interesting than anything that can be elicited from the Defense Department, the State Department or U.S. intelligence agencies.
But Biden’s views on China, which have evolved as tensions with Beijing have risen, are more of a mystery to Chinese intelligence.
And if Biden wins, any success at piercing the emails of his top aides could be useful, especially during a transition of power. Google, Microsoft and other companies have offered campaigns help in securing both their official and their private accounts, and in enrolling staff members in security programs that are often used by journalists, aid workers or government officials.
Google has alerted Gmail users to state-sponsored email threats with automated warnings in recent years, but in this case Google employees personally briefed Biden’s campaign on what they called a “high priority” threat in virtual meetings Thursday, according to two people familiar with the discussions who were not authorized to discuss them publicly.
The Chinese interest in campaigns is not new. In 2008, Justice Department and FBI officials approached Barack Obama’s campaign — at a time when Biden was chairman of the Senate Foreign Relations Committee and running for vice president — and told the campaign it had been penetrated by Chinese hackers. The same hacking groups went after Sen. John McCain, the Republican nominee.
But this time far more is at stake. The relationship between Beijing and Washington has never been more tense since relations between the two countries opened nearly five decades ago. And Trump and Biden are in a match to declare which one will be tougher on Beijing over its failures to report quickly about the coronavirus, its new security laws in Hong Kong, its declaration of exclusive territory in the South China Sea, and its efforts to spread its 5G communications networks around the world.
The announcement about Iran’s attempts to get into accounts surrounding the Trump campaign was not new. In October, Microsoft disclosed that Iranian hackers, with apparent backing from that country’s government, made more than 2,700 attempts to identify the email accounts of current and former U.S. government officials, journalists covering political campaigns, and accounts associated with a presidential campaign. While Microsoft did not name the campaign, those involved in the investigation said it was Trump’s reelection effort. The attacks Google described on Thursday appeared to be along similar lines as to what Microsoft detailed.
Russian hackers are also active this election season. In January, the same Russian hacking group that stole Podesta’s emails in 2016 began a phishing campaign against Burisma, the Ukrainian company that formerly employed Biden’s son and was crucial to Trump’s impeachment.
It is not clear what the Russian hackers were after, but cybersecurity experts surmised at the time that the hackers were looking for “kompromat” — compromising material on the Bidens — or hoping to support Trump’s claim that Burisma was corrupt and that Ukrainian investigations into the company were warranted.
In February, U.S. intelligence officials warned that Russia was once again actively meddling, although it was unclear whether the goal was simply disruption or support for Trump. This week he invited President Vladimir Putin of Russia to join a Group of Seven meeting scheduled for Washington in the fall, angering European allies and Canada given that Russia was thrown out of the group after it annexed Crimea in 2014.
Biden has been far more critical of Putin and indicated he would not let up on sanctions against Russia, unlike Trump.
And last month, the National Security Agency warned that Russian military hackers had seized on vulnerabilities in an email transfer program — used by several congressional candidates, among others — in yet another attempt to steal emails.
Among those who would have been vulnerable to the Russian attacks were the campaign offices of more than 44 U.S. congressmen, including Rep. Paul Tonko, D-N.Y., and three members of the House Armed Services Committee: Jim Banks, R-Ind., Mo Brooks, R-Ala., and Tom Suozzi, D-N.Y. But there is no evidence their emails were stolen, according to a report by Area 1, a Silicon Valley cybersecurity firm.
This article originally appeared in The New York Times.
© 2020 The New York Times Company