A company specializing in combating phishing attacks founded by former N.S.A. “hackers” has gotten the greenlight to offer cybersecurity consulting services to campaigns and committees at low or no-cost.
Area 1 petitioned the FEC for an advisory opinion on June 12, shortly after Defending Digital Campaigns, Inc., the group founded by ex-Clinton and Romney managers Robby Mook and Matt Rhoades got FEC approval to offer low and no-cost cybersecurity services to federal campaigns and party committees. Both campaigns run by the DDC’s founders were victims of phishing attacks.
On Thursday, the FEC ruled San Francisco-based Area 1, founded by former N.S.A. staffers Blake Darche, who serves as chief security officer, and Oren Falkowitz, who serves as CEO, could offer its anti-phishing services to qualified federal candidates and committees under its “low or no cost” pricing tier, which means charging them no more than $1,337 per year.
The company had been courting public affairs business since at least last year.
That “low-to-no-cost” pricing tier for anti-phishing services is currently available to non-profits, humanitarian organizations, and startups, according to the FEC filings.
That’s the reason why the FEC determined that offering its services for that price wouldn’t constitute a corporate in-kind contribution.
Allowing campaigns and committees to access the companies’ services “would be in the ordinary course of Area 1’s business and on terms and conditions that apply to similarly situated non-political clients,” Ellen Weintraub, chairwoman of the FEC, wrote in the advisory opinion.
Last year, Darche noted how common it was for hackers to gain network access through phishing attacks. “Phishing remains the dominant method through which cyber actors gain access into computer networks 9 out of 10 times,” he stated, in a release noting that Area 1 had uncovered Chinese hacking of European think tanks, unions, government ministries and inter-governmental groups using phishing emails.
“Cyber actors continually use their imagination to find the weakest links in the digital chain, as we show here in attacking the MFA of Cyprus to gain access to the entire European Union diplomatic communications network,” said Darche.
Falkowitz added: "Our mission is to eliminate phishing.”
Area1 normally offers a “Pay Per Phish” pricing structure, “under which the client pays $10 per phish that the company catches, subject to a certain cap or maximum,” according to FEC documents.
Instead, now low-cost/no-cost pricing is available to campaigns and committees “with fewer than 5,000 employees and that provide a significant opportunity for research and development.”
Lawyers for the FEC had earlier advised against allowing the services to be made available.
Area 1 and DDC aren’t alone in the low-price cybersecurity space. Microsoft has also made a play for political business by offering its own low-cost service.
Microsoft made services like email, file sharing, collaboration on files and cloud storage available to all federal campaigns and party organizations for $5 a month per user — a 75 percent discount. That’s the same rate the company had been offering NGOs and non-profits.
“Campaigns are critically important to the democratic process, and this offering will make it simple to achieve strong security baseline defaults for a campaign’s most important communications,” the company said in its May announcement.