The Republican National Convention has had to fend off a wave of cyberattacks even before the opening gavel sounded, according to the official charged with securing the network.
And many more attacks are expected this week, either from nation-states hunting for intelligence or protesters trying to disrupt the network at the convention, said Max Everett, the consulting chief information officer for the Republican National Committee.
"There are a lot of folks who are going to try to poke around in any new network they find," said Everett.
Republican presumptive presidential candidate Donald Trump's highly charged campaign, coupled with particularly well-funded and highly motivated groups of attackers only serves to intensify the threat, security experts said.
The convention, which opens Monday afternoon, will attract some 50,000 people plus a global audience watching from afar, providing the perfect platform and smokescreen for hack attacks, said Orlando Scott-Cowley, a strategist with cybersecurity firm Mimecast.
A successful attack could impact physical security on the ground, for example, by taking connected security scanners offline. It could also affect online activity, for example, by hijacking the livestream and derailing the GOP's message.
The Secret Service has designated the conventions "national special security events" and has its work cut out, said Scott-Cowley. The professionalization of hacking has given rise to the most sophisticated and technologically well-armed adversaries authorities have ever faced.
The convention staff will have 600 to 700 people on its network, and some of them will bring in their own personal devices, which will complicate the cybersecurity challenge, said Everett.
He has spent the past year visiting Cleveland in preparation for the challenge — this is his fourth convention — and will have an onsite IT team of up to 70 people. They are using Microsoft and ForeScout software to monitor the network in real time, working with AT&T and Cisco on securing external access to the network and a firm called Dark Cubed to share real-time threat information among the firms trying to defend against cyberattacks.
"The unique things we're seeing are the typical spearphishing attacks, with people sending links in phony emails telling users they need to reset their passwords." And they're seeing "malvertising," or malware that's designed to look like an ad for people to click on on their phones.
"We have not seen any specific social engineering attacks yet, but we have seen that in the past," he said. "We have spear phishing attacks with links telling people 'you have a shipment,' and things like that."
The vast majority of the attacks so far, he said, have been "opportunistic," or hackers just trying to see what they can find. But they have seen one more sophisticated attack already, in which the attacker knew that the convention is using Microsoft Office 365, a software group designed mostly for businesses.
"Somebody took the time to see that we were using that, and sent a link saying 'click here to reset your password,'" Everett said. "The user wisely sent that one to us. That's the most sophisticated attack we've seen."
These cyberdefenders face well-funded adversaries thanks to successful hacker business models leveraging tools like ransomware to make money, and tools like botnets for hire to launch large-scale distributed denial-of-service attacks. Bitcoin greases the wheels, allowing all this illicit activity and commerce to take place anonymously.
Trump has already been widely hacked — anonymous forums purport to offer personal information about him, his contacts and properties, said Danny Rogers, CEO of cybersecurity firm Terbium Labs. Over the course of the conventions and leading up to the election, more information about the candidates, their parties and supporters will likely be leaked, particularly given how controversial both candidates are this year, he said.