WASHINGTON _ Members of Congress are vulnerable to hacking, and lawmakers fear they could be next on the Russian target list.
Congressional offices are increasingly aware of cyber threats and are upgrading security, said Meg King, who teaches Capitol Hill staffers about cybersecurity.
"A lot of people say, 'It's not the if, it's the when,'" said King, a digital security expert at the Wilson Center think tank in Washington.
The Government Accountability Office reports that information security "incidents" affecting federal government computer systems are on the rise. The number skyrocketed from 5,503 in 2006 to 77,183 last year.
There are constant attempts to penetrate congressional offices. "We're hacked here every day," said Rep. Devin Nunes, the California Republican who chairs the House Permanent Select Committee on Intelligence. "The adversaries are real," he said.
The concern was raised in Tuesday's Senate Intelligence Committee hearing, when Sen. Marco Rubio, a Republican from Florida, brought up the possibility that Russia would use cyber intrusions to discredit U.S. politicians.
"They don't limit this to elections," Rubio said. "They target individual policy makers throughout many countries in Europe, particularly those in the former Soviet sphere ... . And isn't it true that that could very well happen here in the United States?"
Rubio went on to describe what he called a hypothetical scenario in which the Kremlin uses hackers to target a U.S. politician and frame him for a crime.
"Imagine there's a U.S. senator or congressman who adopts a policy position that the Kremlin does not agree with," Rubio said. "Somehow through a phishing expedition they gain access to your personal computer network. And once they gain access to your personal computer network, they use it to fabricate and/or actually conduct ... child pornography ... (or) let's say money laundering activity. And then they call law enforcement and tip them off."
Rep. Adam Schiff of California, the top Democrat on the House Intelligence Committee, agreed that elected officials have to be concerned about being hacked by foreign intelligence services.
"With respect to Russia, any senior government official who has been critical of their active measures campaign, supportive of sanctions over their invasion of Ukraine or condemning of their bombing of civilians in Aleppo may be a prime target for hacking, a travel ban or other retaliatory steps by the Kremlin," Schiff said. "But we cannot let that fact deter us from continuing to speak out against Russia and to take measures to counter their malignant activity."
Sen. Ben Cardin, a Democrat from Maryland, has experience with Kremlin retaliation. In 2012 Cardin introduced a bill, later signed into law, that barred U.S. entry to Russian officials implicated in the death of a Russian lawyer who died in jail after exposing alleged government fraud.
"Sen. Cardin has been banned from traveling to Russia for years now," said his spokeswoman, Sue Walitsky.
Rep. Eric Swalwell, a California Democrat on the House Intelligence Committee, said that if Congress didn't respond vigorously to alleged foreign hacking then it "not only tells Russia we're open to further hacking, but it also gives a green light to other foreign adversaries."
Lawmakers have a valid concern that Russian hackers could target anti-Kremlin politicians in America, said Ed Cabrera, former chief information security officer for the Secret Service.
"It's not limited to Russian hacking activities. There are other nation-state hacking activities being done at similar levels from China and elsewhere," said Cabrera, chief cybersecurity officer for security firm Trend Micro. "Politicians should always assume, and even more so as they take a political position on a country, or call for some kind of sanctions against any country, that they would be the targets of cyber espionage or hacking activity."
Political figures are easy targets and need to be vigilant with security, he said, whether the attackers are intelligence services, cybercriminals or hacktivist groups with social or political causes.
"If there's anything we learned from the past year's hacking activity, it's that really nobody is immune," Cabrera said.
King, the cybersecurity specialist at the Wilson Center, said there were many ways that members of Congress could be targeted. Their staffers are sent "spearphishing" emails that appear legitimate, for example, or private email accounts used for campaigns can be targeted, or electronic devices used when traveling can be open to attack if they are not secure.
"This is all about user error. It's user error if somebody clicks on a spearphishing email, it's user error if somebody's private email is accessed on a device that may be connected in some way to official email," King said. "Obviously there are a lot of checks put in place to make sure those kinds of gaps don't exist, but you can't always protect everything."
