Chris Krebs, head of the Department of Homeland Security’s election security division, sought to tamp down concern and called it an effort to “distract, sensationalize, and confuse” and to “undermine your confidence in our voting process.”
The hackers managed to deface the site’s “About” page for several minutes, replacing it with a screed that claimed in broken English and without evidence to have compromising information about the president and his family culled from multiple hacked devices.
“[T]he world has had enough of the fake-news spreaded daily by president donald j trump,” read the message, which also included FBI and Justice Department seals. “[I]t is time to allow the world to know truth.”
To be clear, there’s no evidence that the hackers gained access to any private campaign data or that they’re affiliated with a foreign intelligence service capable of mounting a sophisticated election interference operation.
Indeed, the fact that they were booted so quickly from the site is a strike against their technical capabilities.
Trump Communications Director Tim Murtaugh said on Twitter that law enforcement authorities are investigating the breach. He said there’s no chance hackers stole sensitive data because none is stored on the site.
The message also closed by soliciting cryptocurrency from people interested in seeing the alleged incriminating information about the president — a sign that the hackers had financial motives, rather than political ones in mind.
“I don’t think this is something people should lose any sleep over,” John Hultquist, senior director of intelligence analysis at the cybersecurity firm FireEye, told me. “It still has to be reviewed, but the most likely scenario is this is a scam to make money.”
More from Hultquist:
Yet a sitting president’s campaign site being so easily compromised is sure to give some Americans heartburn.
That’s especially true during an election in which U.S. adversaries have already launched a series of operations aimed at influencing voters and provoking mistrust in the electoral system. Most prominently, the FBI and intelligence agencies alerted last week about an alleged Iranian scheme to send threatening emails to Democratic voters posing as a far right group that supports Trump.
Election officials have sounded alarms about the dangers of campaign and government-run election sites being hijacked by hackers who deface them or hold them hostage for ransom payments. A ransomware attack briefly disabled a Georgia county election database earlier this month.
And this defacement also comes after a widespread Twitter breach compromised accounts for numerous prominent people including Democratic nominee Joe Biden. That breach also appeared to be aimed at scamming people into paying cryptocurrency — creating the amazing situation in which the digital presence of both parties' presidential nominees has been at least briefly hijacked by scammers during the campaign's final months.
CNN’s Donie O’Sullivan:
The breach also raises questions about how scrupulously the Trump campaign is managing its cybersecurity.
While it's not clear how hackers accessed the site, it's possible it was by stealing the account access of a campaign staffer or conning the staffer into giving up passwords or other secret information.
The Trump campaign didn’t respond to my questions last night about cybersecurity precautions its staff takes. A spokeswoman for the campaign previously declined to answer the same questions, saying the campaign “takes cybersecurity seriously,” but doesn’t discuss specifics about its operations.
The Biden campaign previously said it follows best practices, including requiring staff to use multi-factor authentication and complete cybersecurity training.
The breach also carried some bitter irony for Trump, who earlier this month claimed that “nobody gets hacked.”
“To get hacked, you need somebody with 197 IQ and he needs about 15 percent of your password,” Trump claimed at a rally in Arizona, mocking a C-SPAN host for falsely claiming his account was hacked.
In fact, this isn’t Trump’s first brush with hacking. His 2016 campaign site was defaced in February 2017, soon after his inauguration. Later that year, hackers stole credit card information from guests at 14 properties owned by Trump’s real estate business, including hotels in Washington, D.C., and New York City.
Facebook took down a network of accounts promoting Iranian disinformation about the U.S. election.
One of the accounts sought to amplify an alleged scheme in which Iranians posing as the Proud Boys, a far-right group, sent emails to Democratic voters threatening them if they didn't vote for Trump, Dustin Volz and Jeff Horwitz at the Wall Street Journal report. The Office of the Director of National Intelligence attributed the emails to Iran and said that Russia could also use voter data to attempt to create the appearance of election interference.
Foreign actors are exaggerating their influence over the election, Facebook says. “It’s important that we all stay vigilant, but also see these campaigns for what they are — small and ineffective,” Nathaniel Gleicher, Facebook’s head of cybersecurity policy, said in a news release. “Overstating the importance of these campaigns is exactly what these malicious actors want, and we should not take the bait.”
Gleicher specifically warned about phony claims about compromised election infrastructure.
Acting homeland security secretary Chad Wolf told CBS news the agency is on “high alert” ahead of the election. “This is a prime opportunity for any adversaries, whether it be Russia or Iran or it’s a cyber actor,” he said.
A DHS watchdog dinged CISA’s preparations for violence at polling places. CISA says the report was poorly timed.
The Cybersecurity and Infrastructure Security Agency effectively beefed up defenses against digital election threats, but not physical threats or violence that could disrupt Election Day, the report says, Raphael Satter and Christopher Bing at Reuters report.
The warning comes as civil rights groups and election officials worry about the risk of polling place violence and unrest.
Both CISA Director Chris Krebs and the National Association of State Election Directors criticized the report for casting doubt on security just a week before the election.
“I am confident that the work we have done to protect the 2020 election means your vote is secure and you should vote with confidence,” Krebs said in a message to voters.
Amy Cohen, executive director of the National Association of State Election Directors, said the report “does not fully demonstrate how far the relationship between the election community and CISA has come.”
The government's top intelligence officer will brief representatives from Florida about election threats on Friday.
The Office of the Director of National Intelligence will meet with Reps. Stephanie Murphy (D-Fla.) and Michael Waltz (R-Fla.) about a recent email campaign to intimidate voters, which U.S. intelligence has attributed to Iran.
Murphy’s office confirmed the meeting.
The emails, which spoofed the far-right Proud Boys, reached hundreds of Democratic voters in Florida.
The Miami Herald initially reported that ODNI had denied the request, citing a “lack of bandwidth.” Waltz and the intelligence office disputed that characterization.
Election pros criticized Supreme Court Justice Brett M. Kavanaugh for making misleading statements about when to expect official election results in a ruling that blocked accepting mail ballots in Wisconsin that arrive after Election Day. Here is R Street Senior Fellow Paul Rosenzweig:
Justice Elena Kagan’s dissent made a similar point:
Vermont Secretary of State Jim Condos (D) said Kavanaugh incorrectly said his state had not made changes to its election processes:
More cybersecurity news:
- The Senate Commerce Committee will hold a hearing today to examine Section 230 immunity at 10 a.m.
- The USC Election Cybersecurity Initiative will host a final workshop on the lessons from the workshops it has hosted in 50 states leading up to the election on Wednesday at 1:30 p.m.
- The Cybersecurity Coalition and the Cyber Threat Alliance will host CyberNextDC on Nov. 17-18, starting at 11 a.m.
Secure log off
A reminder of a simpler time.