DNC May Regret Dismissing Internal Information Security Weakness

The morning of Friday, July 22 WikiLeaks offered browsers the opportunity to search through roughly 19,000 emails and 8,000 attachments belonging to central leaders of the US Democratic National Committee (DNC).

The email exchanges, which spanned from January 2015 to May 2016, revealed damning evidence that DNC officials expressed preferential support for Hillary Clinton during the presidential nomination process. Aside from indicating favoritism, the emails also showed the party’s willingness to shed a negative light on Sen. Bernie Sanders to give Clinton an extra advantage.

Adding insult to injury, the leak was announced mere days before Clinton was declared the party’s official nominee at the National Democratic Convention, after which Representative Debbie Wasserman Schultz resigned as the DNC chairwoman.

But here’s the kicker: all of this scandal could’ve easily been avoided.

According to Bloomberg, DNC officials hired cyber security consultants from Good Harbor Security Risk Management back in September 2015 to check for computer network weaknesses. After conducting a two-month evaluation, the consultants named an outdated firewall and insufficient advanced malware detection technology among its chief concerns.

The consultants then advised the DNC to invest in greater protection services to ensure that sensitive information such as financial transactions and internal communications remained private. Incredulously, the DNC largely disregarded such recommendations, making its computer software system vulnerable to hackers. And hack they did.

Had they heeded the advice, the DNC would’ve discovered hackers already digging through their computer files. Instead, the hack went unnoticed until April 2016, by which time the damage was irrevocable. In fact, it’s continuing to get worse.

Less than one week after the emails were leaked, WikiLeaks posted 29 voicemails from the DNC. As of now, the FBI is working alongside the DNC-hired cyber security firm Threatconnect to locate who is responsible for the hack.