It's official: The race to hack the 2020 general election is in full swing.
Iran tried to hack into Gmail accounts used by President Donald Trump's reelection campaign staff, the leader of Google's threat-hunting team revealed in a tweet. China, meanwhile, tried to hack staff for former vice president Joe Biden, the presumptive Democratic presidential nominee, Shane Huntley said.
The hackers didn't successfully breach those accounts. But these nation state-backed hacking campaigns are likely to be the just the beginning of a general election campaign that will be ripe for disruption by U.S. adversaries.
"It's no surprise the Chinese and Iranian governments are trying to compromise our 2020 presidential campaigns through cyberattacks. Their goal is simple: suck up information about our candidates' campaigns and then create conflict and chaos in our election," Matt Rhoades, who managed Mitt Romney's 2012 campaign and helped launch a bipartisan group aimed at preventing election hacking, told me.
Officials with the Department of Homeland Security and U.S. intelligence have been warning for years that Russia and other nations will try to use hacking and disinformation to undermine the 2020 contest in a replay of operations from the last presidential race, which leaked reams of embarrassing information about Democratic nominee Hillary Clinton in an effort to help Donald Trump.
But the threat has grown in recent months as vastly more campaign work has moved online as a result of the coronavirus pandemic, experts say. The American public also has likely grown more vulnerable to influence efforts based on leaked information as it is roiled by conflict over the pandemic and civil unrest following the death of George Floyd in police custody.
"It doesn't matter if you are a Democrat or Republican, they are coming for you," said Rhoades, whose group Defending Digital Campaigns offers campaigns free and reduced-price access to cybersecurity products.
This isn't the first report of foreign hacking during the 2020 cycle. But efforts are likely picking up with the general election effectively underway.
That's partly because adversaries can concentrate on hacking into just two campaigns now, Clint Watts, a distinguished research fellow at the Foreign Policy Research Institute who focuses on election interference, told me.
Adversaries are also probably ramping up their efforts now because it takes a lot of time and effort to successfully penetrate a well-protected organization such as a presidential campaign. So, if they hope to hack into a campaign, find embarrassing information and release it in a way that affects the November election, time is already running short, Watts said.
"You have to hack before you can influence, and the longer you wait, the more your window for influence is going to wind down," he said.
Microsoft revealed that a group tied to Iran was targeting a presidential campaign in October 2019, which media outlets including Reuters identified as the Trump campaign. Intelligence officials told Sen. Bernie Sanders, I-Vt., that Moscow was attempting to help his presidential campaign before Sanders dropped out of the race in April. Officials also told lawmakers that Russia prefers to see Trump reelected.
China and Iran may not be following Russia's 2016 playbook.
China has a long history of hacking for traditional espionage - such as learning the interests and motivations of U.S. leaders - without releasing the information they steal. That includes hacking the presidential campaigns of both Barack Obama and Sen. John McCain, R-Ariz., in 2008 and Mitt Romney, R, in 2012.
"China doesn't just want to know Biden's opinion about China. They want to know all of Biden's staff's opinions about every part of the world," Watts said.
Iran, however, is more likely to be interested in stealing and releasing information that undermines the Trump campaign because of leaders' antipathy toward the president, Watts said. Trump ordered the killing of one of Iran's top generals, Qasem Soleimani, in January and pulled the U.S. from the deal to curtail Iran's nuclear program negotiated by his predecessor Barack Obama.
An even more dire scenario would be if an adversary stole and released legitimate campaign information, along with phony or altered information aimed at disparaging the candidate.
"Since 2016 the fear is that the adversary could leak data and add forgeries to the leak," Thomas Rid, author of "Active Measures," a book on disinformation, and a professor at Johns Hopkins University, told Ellen Nakashima, Josh Dawsey and Matt Viser. "The concern is the adversary could weaponize the information."
Google's warning comes as U.S. intelligence officials are beginning to brief the campaigns about hacking and other threats from foreign adversaries.
Those officials are also advising the presidential campaigns on how best to protect themselves, along with officials from the FBI and DHS, my colleagues report.
Republican National Committee officials recently participated in one of those briefings and learned that foreign adversaries unsuccessfully tried to hack some of their staff members, my colleagues reported.
The campaigns, meanwhile, stressed that the attacks weren't successful.
"We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them," Biden's campaign said in a statement. "Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign's assets are secured."
The Biden campaign told me earlier this year that its protections include requiring extra verifications before employees can log in to accounts and devices, and "training staff on cybersecurity best practices and tools to ensure the campaign infrastructure remains secure." The campaign did not respond to a question Thursday about whether all those protections are still in place.
A Trump official said the campaign is "vigilant about cybersecurity and do[es] not discuss any of our precautions."
The FBI said in a statement that "adversaries are constantly looking for vulnerable U.S. networks to exploit, and networks associated with political organizations are no exception. That is why we are focused on imposing consequences on malicious cyber actors, so they think twice before attempting an attack in the first place."