Exclusive: Hackers test defenses of Trump campaign
websites ahead of U.S. election, security staff warn
Send a link to a friend
 [September 01, 2020] By
Jack Stubbs
LONDON (Reuters) - Hackers have stepped up
efforts to knock Trump campaign and business websites offline ahead of
the U.S. election, in what a security firm working for the campaign said
could be preparation for a larger digital assault, according to emails
seen by Reuters.
The security assessment was prepared by staff at U.S. cybersecurity firm
Cloudflare, which has been hired by President Donald Trump to help
defend his campaign's websites in an election contest overshadowed by
warnings about hacking, disinformation and foreign interference.
Cloudflare is widely used by businesses and other organizations to help
defend against distributed denial-of-service (DDoS) attacks, which aim
to take down websites by flooding them with malicious traffic.
Internal Cloudflare emails sent to senior company managers - including
CEO Matthew Prince - on July 9 state that the number and severity of
attacks on Trump websites increased in the preceding two months and
reached record levels in June. The emails did not give the total number
of attacks.
"As we get closer to the election, attacks are increasing in both
numbers (and) sophistication" and succeeded in disrupting access to the
targeted websites for short periods of time between March 15 and June 6,
the assessment said.
Cloudflare did not respond directly to questions about the emails or
their contents. The company said it was providing security services to
both U.S. presidential campaigns and declined to answer further
questions about the nature or details of its work.
"We have seen an increase in cyberattacks targeting political
candidates. We will continue to work to ensure these attacks do not
disrupt free and fair elections," it said in a statement when asked
about the emails.
A spokesman for the Trump campaign did not respond to a request for
comment. The Biden campaign declined to comment on its work with
Cloudflare or any attacks on its websites.
[to top of second column] |
U.S. President Donald
Trump, first lady Melania Trump and their extended family watch
Trump campaign fireworks explode behind the Washington Monument from
the South Lawn of the White House after his acceptance speech as the
2020 Republican presidential nominee during the final event of the
Republican National Convention in Washington, U.S., August 27, 2020.
REUTERS/Kevin Lamarque/File Photo
A spokeswoman for the Trump Organization said no Trump websites had been taken
offline by cyberattacks. She did not respond to further questions about the
attacks or Trump's work with Cloudflare.
Cloudflare's security team did not comment on the identity of the hackers and
Reuters was not able to determine who was responsible for the attacks.
DDoS attacks are viewed by cybersecurity experts as a relatively crude form of
digital sabotage - easily deployed by anyone from tech-savvy teenagers to
top-end cyber criminals.
But seven of the attacks on Trump websites, including donaldjtrump.com and a
Trump-owned golf course, were judged to be more serious by the Cloudflare
security team, the emails show.
The increasing number and sophistication of attempts suggested the attackers
were "probing" the website defenses to establish what would be needed to take
them fully offline, the security assessment said.
"We therefore cannot discount the possibility that there are attackers using
this as an opportunity to collect information for more sophisticated attacks,"
it added.
The Cloudflare team said they would continue to monitor the attacks and carry
out "a further round of security hardening" to better protect the websites.
(Additional reporting by Joseph Menn in SAN FRANCISCO; Editing by Jonathan Weber
and Edward Tobin)
[© 2020 Thomson Reuters. All rights
reserved.] Copyright 2020 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
 |
