A hacked Twitter account won’t likely swing an election — but we should still act like it could. Not just campaigns, either: Facebook, Twitter and the other platforms need to prepare like the important infrastructure they’ve become.
The people behind last week’s targeted Twitter hack didn’t have a political mission, other than perhaps to take the air out of some prominent people and organizations and Twitter itself. The main hacker was after cash in the form of Bitcoin, though I’m sure he quite enjoyed the disruption he caused.
Regardless of the perpetrators’ aims this time, campaigns should still take warning. Step one? Treat all digital campaign properties as potential targets for malicious actors and take the basic preventative steps that we’ve discussed before. Shared login credentials pose a particularly serious danger, since one volunteer with a grudge can have a lot of fun with access to a campaign’s data-management or online communications tools, and everyone with a login should be trained to spot attempts to use “human engineering” to get improper access. Next, VPNs, two-factor authentication, database backups…all the things your mom taught you to do before you brush your teeth in the morning.
But even the best internal cybersecurity practices wouldn’t have stopped last week’s attack. As I noted to Fast Company’s Mark Sullivan on Friday, this week’s events demonstrate the need for the platforms themselves to think as though they were a power or water company: essential infrastructure. Yes, Twitter is a little less important than indoor plumbing, but Twitter and Facebook and Instagram and Google ARE inescapable political messaging tools. I’ve argued that bans on digital political ads are an abdication of that responsibility, but a pre-election hack that disrupts voting or tarnishes a candidate could have far worse results, particularly with a man in the White House who shows few signs of going gracefully.
This time, the hackers were after money. The next time, they could be after our democracy.