Intel report warns officials are 'very likely' to be cyberattack targets amid remote transition
The document details several tactics attackers could employ to gain access.
Working remotely amid a pandemic has been complicated for the average person, but for officials involved in the transition from the administrations of Donald Trump to Joe Biden, it poses a serious national security risk, according to an internal federal intelligence analysis obtained by ABC News.
The report, issued by the Department of Homeland Security's Cyber Mission and Counterintelligence Mission centers in mid-January, warns that based on previous cyberattacks targeting political campaigns between 2018-2020, foreign cyber actors -- specifically American adversaries like Russia -- are "very likely" to target transition officials' "government transition e-mail accounts and associated personal e-mail accounts."
Among the concerns detailed in the report is the risk that nation-state hackers sanctioned by foreign governments will likely look to take advantage of transition officials "conducting a significant portion of the transition remotely rather than in face-to-face interactions as a result of COVID-19 restrictions." The remote environment, the reports says, makes officials more "attractive cyber targets for collection and possibly influence operations" during the sensitive transition period.
While there’s a heightened risk of cyberattacks when working remotely, this report focused on the transition period and details several tactics attackers could employ to compromise transition officials' virtual private networks and other remote work tools in order to "gain initial access or persistence on a victim's network," including targeting official or personal e-mail accounts, posing as trusted associates, and "spoofing domains to increase the appearance that the e-mails are legitimate."
"Beyond serving traditional espionage purposes, these cyber activities could be used by foreign adversaries to enable influence operations, such as the leaking of sensitive or personal information designed to embarrass individuals and organizations -- or affect others' perceptions of those targets -- based on our analysis of prior cyber operations against U.S. Government officials and associated individuals," the intelligence notice says.
The White House and DHS did not respond to requests for comment.
Elizabeth Neumann, a former assistant secretary of Homeland Security during the Trump administration, told ABC News that while espionage efforts during the transition period have become standard, including during the 2016-2017 transition period, "Operating in a near-virtual environment due to the pandemic creates more vulnerabilities, upon which advanced persistent threat actors may be able to capitalize."
"Basic cyber hygiene and end-user best practices will mitigate many of the attempts these actors undertake," Neumann said.
The report also cited the massive SolarWinds hack, which targeted U.S. government agencies and private corporations and left 18,000 networks compromised. The document noted that the federal Cybersecurity and Infrastructure Security Agency "has observed malicious actors using the compromise to access resources in hosted environments, such as email for data exfiltration."
Earlier in January, top national security agencies formally named Russia as the likely source of the SolarWinds hack, with former Secretary of State Mike Pompeo calling the hack "a very significant effort" and "pretty clearly" the work of Russians.
Russia has denied responsibility for the hack, which has reportedly affected the Departments of State, Homeland Security, Commerce, and Energy, as well as the National Institutes of Health.
The report also provides transition officials with a number of preventative measures to protect themselves from cyberattacks, including the installation of firewalls and antivirus software, and the use of two-factor authentication.