BSidesCharm 2022 - Into the Breach: An Analysis of State Political Party Account Exposure

Targeted by both state-sponsored and criminal actors, political parties face an array of challenges in securing their organization’s digital footprint. State-level party offices are at a particularly heightened degree of vulnerability, owing to the inherently public nature of their organizations. A major security concern for state-level parity offices is the threat of sensitive organizational data being publicly leaked or manipulated to undermine the organization’s political objectives. The risk of this scenario is magnified by the widespread appearance of party-affiliated account data in large-scale data breaches. This session presents a novel data-mining solution that quantifies the level of exposure these organizations face due to account exposure in data breaches. Leveraging open-source web utilities to enumerate state-level party websites for provided email accounts, the tool compares the results from 195 state-level party websites with data breach detection services provided by the HaveIBeenPwned API. The results have dire implications for the security of our electoral system. Andrew Schoka Andrew Schoka is a Cyber Operations Officer at the Department of Defense and has spent the last six years tending the office coffee pot in different roles across government and academia. He holds an M.S. in Cybersecurity from Georgia Tech, a B.S. in Systems Engineering from Virginia Tech, and a variety of industry security certifications.