In the three years since Russian operatives breached the servers of the Democratic National Committee and threw presidential politics into a state of perpetual chaos, countries around the world have been on notice to the threat of foreign interference in elections. But as the US prepares for another presidential election next year, and as the European Union holds parliamentary elections this week, a new report reveals a range of obvious and ongoing security flaws that could leave political parties in both places vulnerable to attack.
The report, which will publish Tuesday, was compiled by SecurityScorecard, a New York–based risk analysis firm that monitors IT infrastructure for more than 1 million entities around the world. For this report, the researchers drilled down into the networks operated by 29 political parties from 11 countries during the first quarter of this year. In general, they found that smaller parties in both the EU and the US pose the biggest risks.
In the US, their analysis included the Democratic National Committee, the Republican National Committee, the Green Party, and the Libertarian Party. They found that while the DNC and the RNC have strengthened their defenses since 2016, both major parties have cybersecurity hygiene issues that could still make them targets for dedicated adversaries. Another US party, which the researchers declined to name in the report, left a searchable tool exposed, leaking voter names, dates of birth, and addresses, information that is not publicly available in most states. That flaw has since been patched, after the researchers contacted the party.