|
Exclusive: FBI probing cyber attack on
congressional campaign in California - sources
Send a link to a friend
 [August 18, 2018]
By Joel Schectman and Christopher Bing
WASHINGTON (Reuters) - The U.S. Federal
Bureau of Investigation is investigating a cyber attack on the
congressional campaign of a Democratic candidate in California,
according to three people close to the campaign.
The hackers successfully infiltrated the election campaign computer of
David Min, a Democratic candidate for the House of Representatives who
was later defeated in the June primary for California's 45th
Congressional district.
The incident, which has not been previously reported, follows an article
in Rolling Stone earlier this week that the FBI has also been
investigating a cyber attack against Hans Keirstead, a California
Democrat. He was defeated in a primary in the 48th Congressional
district, neighboring Min's.
Paige Hutchinson, Min's former campaign manager, declined to comment. An
FBI spokeswoman said the bureau cannot confirm or deny an investigation.
While both Min and Keirstead later lost to other primary challengers
from their own party, the two closely-watched races are considered
critical, competitive battlegrounds as the Democrats seek to win back
Congress from Republicans in November.
It is unclear who was behind the attack against Min's campaign, why it
was carried out, and what the hackers did with any information they
obtained. But details of the hack, described to Reuters by people with
direct knowledge of the case, highlight the concerns of national
security experts who fear that campaigns are woefully unprotected as the
November mid-term elections approach.
It also illustrates how small political campaigns do not have the
resources to protect themselves from cyber attacks. Few can hire
computer security personnel.
"Political campaigns only exist for such a short amount of time," said
Blake Darche, a cyber security researcher and former National Security
Agency analyst. "It takes years to build an effective security program
at most corporations. Most political campaigns are only a single
phishing email away from being breached."
While national political parties offer training and software tools to
help candidates, they typically do not provide them with financial
support to hire computer security experts, even after a campaign
believes it has been hit. Corporations often pay security experts more
than $100,000 to investigate an attack, security experts say.
UNUSUAL ACTIVITY
In late March, Min's staff received a troubling notice from the facility
manager where the campaign rented space in Irvine, California, said the
people close to the campaign. The facility's internet provider had
identified unusual patterns of activity that could indicate a cyber
attack on campaign computers.
The four-person campaign team had no in-house expertise to deal with the
attack. Instead they enlisted the help of software developers with no
ties to the campaign other than that they sat nearby in the same shared
workspace that Min rented.
[to top of second column]
|
The J. Edgar Hoover Federal Bureau of Investigation (FBI) Building
is seen in Washington, U.S., February 1, 2018. REUTERS/Jim Bourg
The software developers discovered that hackers had placed software
into the computers of Min's campaign manager and finance director
that recorded and transmitted keystrokes. The hackers had also
infected the computers with software that made it undiscoverable by
the off-the-shelf anti-virus software used by the campaign staff.
The campaign immediately notified the Democratic Congressional
Campaign Committee, the organization that assists the party's
candidates. The DCCC notified the FBI and gave the campaign advice
on improving its security. It also provided it with secure messaging
software for future use. Federal agents interviewed Min's staff and
carried off the infected computers.
Min's tiny staff considered hiring a security firm to investigate
the attack, but decided the $50,000 minimum price was unaffordable.
The DCCC did not cover the costs of such a hire.
"The DCCC's mission is to elect Democrats to Congress, and we spend
the vast majority of our limited resources to do that," a DCCC aide,
who declined to named, said. "Despite that, the DCCC has gone far
outside the scope of its mission to protect the committee and help
campaigns protect themselves when it comes to cybersecurity."
Ultimately, the campaign's defense was limited to replacing the
infected machines and a future commitment to using encrypted
messaging apps. "Even $4,000 to replace those laptops isn't easy to
get," said a person close to the campaign.
(Reporting by Joel Schectman and Christopher Bing; Editing by Damon
Darlin and Rosalba O'Brien)
[© 2018 Thomson Reuters. All rights
reserved.]
Copyright 2018 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
 |
