Security Experts:

Digital Takeaways From the Supreme Court Fight

It’s always interesting to watch how the ongoing digital transformation of our lives is changing the world in ways we never would have anticipated years ago. Financial information, social interactions, even our physical locations may be up for grabs in cyberspace, with real-world ramifications. 

For a few weeks this fall, the U.S. was fixated on a dramatic fight in the Senate over the confirmation of Justice Brett Kavanaugh. Like Anita Hill did decades ago during the confirmation of Justice Clarence Thomas, Dr. Christine Blasey Ford took to the Senate floor to testify about her experiences with Kavanaugh. 

But whereas Hill’s testimony took place in Senate chambers and television, in 2018 there were digital footprints everywhere. Through the proceedings, we could watch the progression from 30-year-old testimony to the modern era where so much of our lives is recorded, documented, and potentially available to be used. 

As time goes on, judges, CEOs and other public officials will have lived so much of their lives during the “digital era” that almost anything they’ve said or done, for better or worse, could be laid out for public view. How will this change our public institutions and interactions? We are only beginning to find out. 

Here are some key digital takeaways from the proceedings:

The emails 

It’s clear that people who didn’t grow up with email have experienced a bit of a learning curve in recent years about the indelibility of words spoken online. Kavanaugh was repeatedly stung by statements he’d made in email years ago that seemed to cast doubt on some of his testimony during confirmation proceedings. While the judge’s emails were public record from his time in the Bush administration, it’s a good reminder that communications in cyberspace can have a long shelf life that both individuals and organizations would be wise to consider.

Meanwhile, soon after Dr. Ford’s identity was known, her lawyers wrote to the senate that her emails had been hacked. Clearly the account was targeted as a potential source of damaging information, and the attackers even went so far as to send an email from her account stating she’d recanted her testimony. The information contained in the account also could have been used to track her whereabouts or for other purposes.

Crowdfunding 

During the proceedings, millions of dollars were donated by individuals around the country. As of the Friday before the final vote, two Gofundme campaigns launched on behalf of Ford had reached nearly $700,000. The first campaign had received donations from more than 10,000 people in just over a week, tallying close to half a million dollars. A second launched to cover her security costs had raised more than $200,000 from more than 6,500 people. 

Yet another campaign was launched with intention of influencing Senator Susan Collins of Maine. Launched from another site, Crowdpac, which is dedicated to political fundraising. The campaign spiked so heavily during Collins’ statement in support of Kavanaugh that the Crowdpac site actually crashed. So far donations are nearing the $3 million mark, all of which is earmarked for Collins’ eventual opponent during the 2020 election cycle. For her part, Collins called the funding campaign a “bribe.” 

While there is nothing illegal going on here, it does show a new form of cyber risk that organizations should at least have on their radar. As the talent pool needed for cybersecurity continues to grow, remember to keep corporate communications on the list of important contributors. The movement of readily available crowdfunding sites means that a communications or PR crisis can easily turn into a big financial risk for an organization. 

Information campaigns

Also prevalent during the hearings was the ongoing influence of foreign information campaigns on popular opinion in the U.S. The Russian outlets Sputnik International and RT, which was recently forced to register as a foreign agent in the U.S., came out swinging for the judge with stories that both supported his innocence from wrongdoing as well as casting doubt on the motivations of protestors and Ford herself.

At the same time, a cascade of memes and tweets from purported Russian bots made their way across social media sites like Twitter. The site Hamilton 68, which tracks Russian activity on Twitter, showed hundreds of uses of #kavanaugh attributed to Russian trolls in the week leading up to the confirmation. 

While it may come as no surprise, it does show that foreign efforts to influence the U.S. political landscape have not abated, and in fact are making their way into not just elections, but the procedural machinations of the government—and there is no reason that a business or other organization couldn’t find itself in similar crosshairs.

Most of these tactics are not even necessarily illegal, but they all pose risks that security pros need to be thinking about. For every new service that comes online in cyberspace, the endless ingenuity of the human mind will find a novel way to use it for purposes it may never have been intended for. Bringing crowdfunding sites into the realm of politics and social movements, for example, has potentially disruptive consequences not just in the political realm, but across industries. 

For security pros, it’s another reminder of how digital transformation continually changes the threat landscape. While protecting organizational assets like email may pose more of a traditional cybersecurity challenge, security orgs need to have their eye on a broad range of motivations to really understand today’s convoluted risks. 

view counter
Preston Hogue is Sr. Director of Security Marketing at F5 Networks and serves as a worldwide security evangelist for the company. Previously, he was a Security Product Manager at F5, specializing in network security Governance, Risk, and Compliance (GRC). He joined F5 in 2010 as a Security Architect and was responsible for designing F5’s current Information Security Management System. Preston has a proven track record building out Information Security Management Systems with Security Service Oriented Architectures (SSOA), enabling enhanced integration, automation, and simplified management. Before joining F5, he was Director of information Security at social media provider Demand Media where he built out the information security team. Preston’s career began 18 years ago when he served as a security analyst performing operational security (OPSEC) audits for the U.S. Air Force. He currently holds CISSP, CISA, CISM, and CRISC security and professional certifications.