Obama campaign used security keys during both elections to defend against hackers

As political campaigns in the 2018 midterm elections fight off hackers, the Obama campaign might have figured out the key solution a decade ago. President Obama's campaign used Yubikeys, which are security keys for protecting logins, in both the 2008 and 2012 elections to defend itself from hackers, according to Yubico CEO Stina Ehrensvard.

"The woman who tried after him did not, and you can see the results," Stina Ehrensvard, the CEO and founder of Yubico, said in an interview at Black Hat.

That missing link in the security chain could have cost Hillary Clinton the presidency. The thousands of leaked emails released by Russian hackers played a pivotal role during the election, and the resulting controversy partially led to her defeat to Donald Trump.

The hackers gained access to prominent officials within Clinton's campaign, as well as the Democratic National Committee, through a process called spear-phishing, where hackers use carefully crafted e-mails and websites that trick victims into giving up their passwords.

Security keys are useful tools if that happens, since potential hackers would need both your password and the key itself to log into your accounts. Google boasted that since it adopted security keys, none of its employees have fallen victim to account takeovers.

"People who have a lot to lose, a lot at stake, those are the ones who are starting to adopt our products," Ehrensvard said. "High-profile individuals, people on Twitter who have a lot of followers, or YouTubers with millions of followers."

The extra security measure likely would have protected Clinton campaign manager John Podesta's email from being hacked.

Neither Obama's campaign managers from 2008 and 2012, the Clinton Foundation or the Democratic National Committee responded to a request for comment.

This is just a problem of the past. Former Director of National Intelligence James Clapper warned Congress that Russian hackers would return in 2018 to attack the elections, as well as in 2020, and there's already been evidence of it happening.

Sen. Claire McCaskill, a Democrat from Missouri, said hackers attempted to access a staffer's emails through a phishing attack -- the same play that breached the DNC. On Wednesday, Rolling Stone reported that hackers gained access to a Congressional candidate's emails in California. And in July, Microsoft said it stopped Russian hackers from attacking three Congress members.

Attacks against political candidates and elections have become a major concern, as lawmakers fear these hacks challenge a democracy's legitimacy. These targeted attacks can also cause political chaos and sway elections in a preferred candidates' favor.

Ehrensvard said that security keys were a crucial tool for protecting elections, as it made hacking highly targeted people much more difficult. The company has been working with election campaigns around the world, noting that it recently protected a presidential election in another country, but declined to state which one.

She said that Yubico has been teaching political campaigns in the U.S. during this year's race on why they need security keys. She declined to provide more specific information.

"The people who are in election campaigns right now may actually not want to disclose what they're using, even if they're using the best," she said.

This article was originally published on CNET, titled, "Obama campaign used security keys during both elections to prevent hacks."

Featured