The U.S. Federal Bureau of Investigation is investigating a cyber attack on the congressional campaign of a Democratic candidate in California, according to three people close to the campaign.
The hackers successfully infiltrated the election campaign computer of David Min, a Democratic candidate for the House of Representatives who was later defeated in the June primary for California’s 45th Congressional district.
The incident, which has not been previously reported, follows an article in Rolling Stone earlier this week that the FBI has also been investigating a cyber attack against Hans Keirstead, a California Democrat. He was defeated in a primary in the 48th Congressional district, neighboring Min’s.
Paige Hutchinson, Min’s former campaign manager, declined to comment. An FBI spokeswoman said the bureau cannot confirm or deny an investigation.
While both Min and Keirstead later lost to other primary challengers from their own party, the two closely-watched races are considered critical, competitive battlegrounds as the Democrats seek to win back Congress from Republicans in November.
It is unclear who was behind the attack against Min’s campaign, why it was carried out, and what the hackers did with any information they obtained. But details of the hack, described to Reuters by people with direct knowledge of the case, highlight the concerns of national security experts who fear that campaigns are woefully unprotected as the November mid-term elections approach.
It also illustrates how small political campaigns do not have the resources to protect themselves from cyber attacks. Few can hire computer security personnel.
“Political campaigns only exist for such a short amount of time,” said Blake Darche, a cyber security researcher and former National Security Agency analyst. “It takes years to build an effective security program at most corporations. Most political campaigns are only a single phishing email away from being breached.”
While national political parties offer training and software tools to help candidates, they typically do not provide them with financial support to hire computer security experts, even after a campaign believes it has been hit. Corporations often pay security experts more than $100,000 to investigate an attack, security experts say.
In late March, Min’s staff received a troubling notice from the facility manager where the campaign rented space in Irvine, California, said the people close to the campaign. The facility’s internet provider had identified unusual patterns of activity that could indicate a cyber attack on campaign computers.
The four-person campaign team had no in-house expertise to deal with the attack. Instead they enlisted the help of software developers with no ties to the campaign other than that they sat nearby in the same shared workspace that Min rented.
The software developers discovered that hackers had placed software into the computers of Min’s campaign manager and finance director that recorded and transmitted keystrokes. The hackers had also infected the computers with software that made it undiscoverable by the off-the-shelf anti-virus software used by the campaign staff.
The campaign immediately notified the Democratic Congressional Campaign Committee, the organization that assists the party’s candidates. The DCCC notified the FBI and gave the campaign advice on improving its security. It also provided it with secure messaging software for future use. Federal agents interviewed Min’s staff and carried off the infected computers.
Min’s tiny staff considered hiring a security firm to investigate the attack, but decided the $50,000 minimum price was unaffordable. The DCCC did not cover the costs of such a hire.
“The DCCC’s mission is to elect Democrats to Congress, and we spend the vast majority of our limited resources to do that,” a DCCC aide, who declined to named, said. “Despite that, the DCCC has gone far outside the scope of its mission to protect the committee and help campaigns protect themselves when it comes to cybersecurity.”
Ultimately, the campaign’s defense was limited to replacing the infected machines and a future commitment to using encrypted messaging apps. “Even $4,000 to replace those laptops isn’t easy to get,” said a person close to the campaign.
Reporting by Joel Schectman and Christopher Bing; Editing by Damon Darlin and Rosalba O’Brien
‘Give me a break’: CNN analyst explains why Trump defense of Rudy Giuliani was terrible
While the Senate impeachment trial against President Donald Trump paused for a dinner break, CNN analysts responded to the White House's afternoon defense of the president was by blaming the Biden family.
Political commentator Gloria Borger noted that Trump lawyer, Eric Herschmann, going after former President Barack Obama just seemed desperate.
"Give me a break," she said. "What does that have to do with any of this right now? His defense boiled down to, 'He did it, so what? He did it. He was trying to root out corruption.' But if he was concerned about rooting out corruption, why haven't we seen more of that? His defense was, 'He had a reason to do it. It's OK. Therefore it was in the national interest.' This wasn't just about Joe Biden."
State Department retaliated against NPR by kicking reporter off Mike Pompeo’s plane: report
The U.S. State Department appears to be retaliating against National Public Radio (NPR) after Secretary of State Mike Pompeo suffered a caught-on-tape meltdown following an interview with NPR "All Things Considered" co-host Mary Louise Kelly.
According to PBS "Newshour" reporter Nick Schifrin, the State Department kicked NPR diplomatic correspondent Michele Kelemen off of Pompeo's jet.
"State Department removes NPR’s Michele Kelemen from Sec. Pompeo plane--where she was scheduled for a pool radio rotation--during upcoming trip to London, Kiev," Schifrin reported.
AFP State Department correspondent Shaun Tandon blasted the move on behalf of the State Department Correspondent's Association.
Trump’s lawyers slammed by CNN’s Toobin for ‘parade of lies’ about Biden’s involvement in Ukraine
On CNN Monday, chief legal analyst Jeffrey Toobin argued that the White House team's defense in the impeachment trial was disastrously bad.
"I thought Attorney General [Pam] Bondi did an effective job of showing how sleazy the hiring of Hunter Biden was," acknowledged Toobin. However, he added "her discussion, and Eric Herschmann's discussion, of the role of Joe Biden, vice president at the time, was a parade of lies. Just outrageously false in every fact, in every insinuation ... this idea that he engineered the fire firing of [Ukrainian prosecutor] Viktor Shokin to get his son in. Since Joe Biden is the one who is running for president, that seems to be enormously important."