As the country learns more about a broad Russian hijacking of American federal agencies and private companies and now another Russian hack, which was revealed on Thursday, it can look to the Democratic National Committee for a more positive development in the effort to prevent cyberattacks: Unlike four years ago, the committee did not get hacked in 2020.
It’s worth remembering the D.N.C.’s outsized role in Russia’s interference in the 2016 election, when a spearphishing email roiled the Democratic Party in the final months of the campaign.
That March, Russian hackers broke into the personal email account of John Podesta, Hillary Clinton’s campaign chairman, unlocking a decade’s worth of emails, before dribbling them out to the public with glee. The D.N.C. chairwoman, Representative Debbie Wasserman Schultz of Florida, resigned after emails appeared to show her favoring Mrs. Clinton over Senator Bernie Sanders of Vermont.
A simultaneous Russian hack of the D.N.C.’s sister organization, the Democratic Congressional Campaign Committee, tainted congressional candidates with accusations of scandal in a dozen other races.
By the time Donald J. Trump was in the White House in January 2017, “The D.N.C.’s house was ablaze,” Sam Cornale, the committee’s executive director, said in an interview this week.
That month, Bob Lord, an unassuming, bespectacled chief security officer at Yahoo, was still mopping up the largest Russian hacks in history: a 2013 breach of more than three billion Yahoo accounts and a second breach in 2014 of 500 million Yahoo accounts. Mr. Lord, who discovered the breaches when he took over the job, helped the Federal Bureau of Investigation identify the assailants. A courtroom sketch of Alexsey Belan, one of the hackers in the Yahoo case, still hangs on his wall.
Mr. Lord left the team Yahoo affectionately calls “The Paranoids,” took a six-figure pay cut and headed to Washington in January 2017 to become the D.N.C.’s first chief information security officer.
The way he saw it, the D.N.C.’s 2016 breach wasn’t so much a cybersecurity issue as it was a problem of workflow and corporate culture.
Mr. Podesta’s aide, for instance, had asked a staff member to vet whether the infamous Russian spearphishing email was safe, and the aide responded that the email was “legitimate.” It was a typo; he later said he had meant to write “illegitimate.” By the time anyone realized what was happening, Mr. Podesta’s risotto recipes, and excerpts from Mrs. Clinton’s Wall Street speeches, were being dissected online by the news media and conspiracy theorists.
“After that, few would even pick up a flier, let alone a hose to help in 2017,” Mr. Cornale said. “Bob showed up with five fire trucks while putting on his suspenders, and ran in to the house.”
