![](\"https:\/\/media.wired.com\/photos\/5a69e3ce9899195a26786998\/master\/pass\/BobLordDNC.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Issie Lapowsky| Date: Thu, 25 Jan 2018 17:59:11 +0000<\/strong><\/p>\n The Democratic National <\/span>Committee has hired Bob Lord, most recently Yahoo's head of information security, to be its chief security officer\u2014a brand new position, created in the aftermath of the historic hack by Russian operatives<\/a> of the DNC's servers during the 2016 presidential campaign.<\/p>\n This is Lord's first foray into the world of politics, having spent his career in Silicon Valley working at companies like Twitter, AOL, and Netscape. But it's far from Lord's first stint leading a cleanup crew in the wake of an extensive and deeply damaging hack. Lord was responsible for detecting two massive data breaches that occurred prior to his arrival at Yahoo, and worked with the Federal Bureau of Investigation to track down those responsible.<\/p>\n "I'll be working to protect my new colleagues at the DNC from the attackers who would prefer to keep us distracted from our mission of getting Democrats across the nation elected," Lord said in a statement. "And my job doesn\u2019t stop at the front door of the building\u2014my team and I will work with state parties to update their information security strategies and deployments to change the economics for the attackers.\u201d On Thursday, Lord was already meeting with state party chairs, leading a tutorial on security protocol for volunteers and new hires.<\/p>\n According to Raffi Krikorian, who worked with Lord at Twitter and now serves as the DNC's chief technology officer, Lord's experience dealing with the Yahoo hack was central to the committee's decision to hire him.<\/p>\n "There are very few people in the world who actually found foreign actors in their system and did something about it," Krikorian says.<\/p>\n DNC chairman Tom Perez found that background compelling as well. \u201cWhen I took this job, I made it crystal clear that our organization\u2019s cybersecurity required immediate attention and resources," Perez said in a statement to WIRED. "I\u2019m confident Bob\u2019s skills and hard work will help protect us against the sort of cyberattacks and intrusions that are unfortunately all too common in today\u2019s age."<\/p>\n The DNC is still recovering from the hack of its servers in 2016. Russian hackers penetrated the system with a barrage of phishing emails that appeared to be from Google, encouraging DNC staffers to change their passwords. According to the Associated Press<\/a><\/em>, 29 of those attempts failed. One succeeded. Internal emails which were then leaked to and published by WikiLeaks sent the committee, and arguably the country, into a chaotic spiral over Russian attempts to influence the American election.<\/p>\n 'There are very few people in the world who actually found foreign actors in their system and did something about it.'<\/p>\n Raffi Krikorian, DNC<\/p>\n It's a kind of chaos with which Lord is all too familiar. After spending four years at Twitter, where he was the company's first dedicated security hire, Lord joined Yahoo in 2015. Just a year later, he broke the news<\/a> to the world that half a billion Yahoo accounts had been exposed during a 2014 data breach. Just months later, the company disclosed<\/a> the even larger 2013 breach, which Yahoo now says affected all three billion of its users. The hackers used stolen information from the Yahoo accounts to gain entry to users' Google accounts, skim credit card information, and redirect Yahoo searches<\/a> for "erectile dysfunction medication" to a phony online pharmacy in what seemed to be a profit-making spam campaign. In March of 2017, the Department of Justice announced<\/a> it had charged two officers of the Russian Federal Security Service and two additional accomplices with computer hacking, economic espionage, and other crimes, and credited Yahoo with helping them track down the perpetrators.<\/p>\n \u201cWorking closely with Yahoo and Google, Department of Justice lawyers and the FBI were able to identify and expose the hackers responsible for the conduct described today, without unduly intruding into the privacy of the accounts that were stolen," US attorney Brian Stretch said at the time.<\/p>\n In an interview at TechCrunch Disrupt<\/a> last year, Lord described the experience of discovering the cascade of hacks as a kind of vertigo. \u201cIf you\u2019re familiar with that effect that Alfred Hitchcock perfected\u2014where things look like they\u2019re sort of telescoping out. And you can still see everything but you still have this weird parallax going on,\u201d he said. \u201cI remember feeling that when I was putting all of the different pieces together. And that\u2019s not a great feeling.\u201d<\/p>\n 'This is in my opinion one of the hardest challenges in cybersecurity.'<\/p>\n Raffi Krikorian<\/p>\n Lord's new position has clear parallels to his work securing Yahoo in the wake of the attacks. But it also differs in critical ways, says Krikorian. Unlike a major tech company, the Democratic party is essentially a nationwide network of small offices that scale up and down overnight. They also need to open their systems up to volunteers, who often work on unsecured, personal devices. "It\u2019s an absolute nightmare," Krikorian says. "This is in my opinion one of the hardest challenges in cybersecurity."<\/p>\n Krikorian's team of 25 has worked hard to convince the DNC's full-time staffers that they are constantly under attack. The tech team periodically launches phishing attacks<\/a> on its own staffers. It was a phishing attack, after all, that gave Russian operatives a window into the DNC's servers to begin with. One recent attack conducted by Krikorian's team used an email that appeared to be an ad for a Nordstrom sale\u2014it elicited more clicks than Krikorian would have hoped for.<\/p>\n Krikorian says the committee sees "interesting traffic," everyday: repeated login attempts with incorrect passwords, odd patterns in times of usage, logins from IP addresses in places other than the Washington DC area, and at least one phony Google Hangout request that was flagged by the recipient. Lord's job, Krikorian says, is to rethink all of the organization's existing systems, from its email provider to its physical infrastructure, in order to prevent history from repeating itself.<\/p>\n "I've always taken the position we probably still have someone in the system. We have to have that kind of posture," Krikorian says. "I'll never claim we\u2019re fully locked down. This is an arms race."<\/p>\n The US wasn't the only country Russia targeted. Here's their playbook for disrupting elections around the world<\/a><\/p>\n In fact, they don't just target elections; Russia has a whole toolkit at its disposal<\/a> for messing with the US<\/p>\n