--[ Into the Breach: An Analysis of Political Party Account Exposure

$ getent passwd aschoka
├─ name: Andrew Schoka
└── org: 780th MI BDE

Army Cyber Officer assigned to the 780th MI BDE at Ft Meade, MD, as the Team Lead for 100 Combat Support Team. Prior to that, I served several years as a Team Lead, Interactive Operator, and Technical Director with the Cyber National Mission Force. I hold a B.S. in Systems Engineering from Virginia Tech and an M.S. in Cybersecurity from Georgia Tech.


Already known to be high-value targets for both state-sponsored and criminal actors, political parties face an array of challenges in securing their organizations’ digital footprint. State-level party offices, in particular, are at a heightened degree of vulnerability, owing to varying levels of IT experience, unpredictable funding cycles, and the inherently public nature of their organizations. A major security concern for state parties is the threat of sensitive account or organizational data being publicly leaked or manipulated to undermine the organization’s political objectives. The risk of this scenario is magnified by the widespread appearance of party-affiliated account data in large-scale data breaches. This session presents a novel data- mining solution that quantifies the level of risk these organizations face due to account exposure in data breaches. Leveraging open-source web utilities to enumerate state-level party websites for provided email accounts, this tool then compares the results from 195 state-level party websites with data breach detection services provided by the HaveIBeenPwned API. The results offer a first-hand look into the scale and seriousness of the security threats facing our electoral system.