Obama, Romney Campaigns Subject To Repeated Hacking Attempts in 2012

Tech experts on both sides say foreign and domestic actors tried to steal policy and political secrets and influence the race through cyberattacks.

  • Share
  • Read Later
Kacper Pempel / REUTERS

Less than a month after he joined the Obama campaign in August of 2011, Ben Hagen faced a challenge he wasn’t expecting — foreign nation-states were trying to gain access to the campaign’s databases and social media accounts with extraordinarily sophisticated means, Hagen tells TIME. The sole applications security engineer inside the campaign, it was Hagen’s job to keep them out.

Obama campaign chief technology officer Harper Reed brought Hagen on so “he could sleep better at night,” the life-long security engineer recalled, “and after a few weeks I was sleeping very little.”

The hacking attempts came in varying forms and not always from overseas. There were distributed denial of service attempts linked to Anonymous, the disparate online hacking collective, and attempts to steal credit card data by organized crime. But the most feared were hyper-targeted spear phishing attempts to gain access to all areas of the campaign “consistent with the work of foreign nation states,” Hagen said.

The same was true across the aisle, where the Romney campaign was “under constant attack,” according to digital director Zac Moffatt, “four or five times a week.” Neither campaign official would confirm which nation states were responsible, but one Obama campaign staffer said she was warned about the threat from China in particular.

(MORE: Hack Attack: China and the U.S. Trade Barbs on Cyberwarfare)

News of the foreign attacks on American campaign machinery came as another political outfit, the National Republican Congressional Committee, fell under assault this week. The campaign attacks in particular appear to have been targeted at embarrassing the candidates and also gaining access to valuable data and policy information. Viewed in hindsight, the attacks present a disturbing picture of interference in core American political functions.

The 2012 campaign’s phishing attempts, which targeted everyone from senior staff on the campaign planes to field organizers in swing states, were designed to get those thought to have access to the campaign’s data or social media accounts to click on malicious code, and thereby give the attackers a way in.

The Obama staffer said phishing emails often appeared to be press releases or news reports close to her area of responsibility — and usually related to breaking political news. “They looked a lot like my real email,” she said. “They identified the people they thought would most likely click on a link,” Hagen said. “They invested a lot of time figuring out who they were talking to.”

Other attacks sought access to deeply guarded files with information on donors or strategy, consistent with foreign hacking attempts on corporations. More still were politically motivated attempts at “hacktivism.” “They were going after our public identity as well as our data,” Hagen said.

(MORE: U.S. ‘Hacker’ Crackdown Sparks Debate over Computer-Fraud Law)

There have been a spate of recent hacking attacks on widely viewed sites, including widely documented attempts by Chinese hackers on media outlets like The New York Times and The Washington Post . Two Twitter accounts belonging to the Associated Press were compromised last month, with the main @AP falsely tweeting about explosions outside the White House causing the stock market to lose over $300 billion in value before recovering. The Twitter account for the satirical website The Onion was similarly struck on Monday, resulting in confusion, rather than panic. On Sunday the NRCC’s website hit by an attack that redirected visitors from nrcc.org to a page hosting erectile dysfunction search terms. Daniel Abernathy, a web developer for the committee, tweeted that the hackers gained access via another site on their server and edited a cached file for the home page. Visitors reached the regular NRCC site if they typed “www.” in the URL.

Attacks, and allegations of attacks, on political websites and campaigns are nothing new, beginning with the most infamous hack — Watergate. In 2006, then-Connecticut Sen. Joe Lieberman accused his Democratic primary rival Ned Lamont of attacking his website and knocking it offline days prior to his primary defeat. He successfully won reelection as an independent, and months later the Federal Bureau of Investigation revealed that Lieberman’s campaign team missed signs that the website was overloaded by regular visitors, not the victim of an attack.

In 2008 both the Obama and McCain campaigns were the victims of a sophisticated hack, believed by law enforcement to be tied to foreign governments, targeting memos on national security and economic policy, apparently with the hope of getting a leg up on the new administration’s thinking. The revelation in the days following Obama’s historic victory was largely overlooked, and it was just a taste of what was to follow.

(MORE: Reuters Journalist Charged with Helping Anonymous Hack Los Angeles Times)

Following high profile attempts on government websites during the 2012 campaign, Secret Service officials warned both campaigns of cyber-threats, at times providing specific chatter related to attempts from foreign governments. These prompted intense security controls — both for individual email accounts and especially campaign Twitter and Facebook pages. Both campaigns believe their efforts were successful at keeping their systems secure.

“We required passwords at least 16 characters long, with special characters,” Hagen explained. “Campaigns are places where information is shouted or passed around on papers — you can’t do that with passwords. To share it with someone you couldn’t do it on a clean channel — you needed to encrypt it, send it, and call the other person to give them the passcode.” Hagen gained acclaim in the technology world late last year after he revealed his strategy of embarrassing Obama coders with an image of a dancing otter after he caught security flaws in their work.

The Romney campaign worked with content delivery experts at Boston-based firm Akamai to develop a system to keep the website up and running under all circumstances, especially in the final months of the campaign when the cost of going down would have been $150,000 to $200,000 an hour in lost donations.

While a handful of Democratic digital operatives poked fun at the NRCC’s misfortune on Twitter, most were just happy it wasn’t them. “This is only a growing problem,” said Hagen. “As more people with strong political beliefs become capable of doing these things, we’ll probably see more of it.”

VIDEO: Command Post: How Realistic Is a Cyberattack on Our Electrical Grid?

9 comments
DeweySayenoff
DeweySayenoff

I'm a lot less concerned about hacking attacks that expose politicians and candidates to the glare of public scrutiny than I am about the billions (yes, billions) spent by utterly anonymous people intent on forwarding their political ideology. The more truth and transparency we have in politics, the happier I am.

ZacPetit
ZacPetit

Just to be clear, DDoS attacks and "phishing" are not the same thing as "hacking." 

Hack: To use one's skill in computer programming to gain illegal or unauthorized access to a file or network.

DDoS attacks do not grant illegal or unauthorized access and phishing does not use one's skill in computer programming. 

Please understand the terminology you are using before you write an article about it in a major electronic magazine. Thanks.

forgottenlord
forgottenlord

@ZacPetit 

Most security experts would classify phishing as a type of hacking as you are gaining access to unauthorized systems even if it isn't really your tecnhical competency that's relevant (though almost all phishing attempts to have an important technical element to get the information you're grabbing back to you)

I'll agree with you on DDoS attacks which more generally fall under the general "cyber attack" category - the point is crashing the site rather than unauthorized control.

grape_crush
grape_crush like.author.displayName 1 Like

@ZacPetit > DDoS attacks and "phishing" are not the same thing as "hacking."

A concentrated DDoS attack can crash a server just as well as a virus can. Phishing is a way to get unauthorized access into secured online areas, like bank accounts or user networks. Skill level is irrelevant to the use of the term, 'tho the script kiddies are usually considered to be at the low end of the hacker food chain. There's phreaking, which is telecom hacking, and social engineer hacks that have nothing to do with putting your fingers on a keyboard. Miller's use of the work is proper.

Please know more about the subject you are opining on before falsely complaining about another's lack of knowledge. Thanks.


ZacPetit
ZacPetit

@grape_crush @ZacPetit

A concentrated DDoS attack can crash a server

Sure it can. It won't grant the perpetrator "illegal or unauthorized access," so it fails that critical part of the definition.

Phishing is a way to get unauthorized access into secured online areas

Sure it is. But it doesn't require use of "one's skill[s] in computer programming" so it fails that critical part of the definition.

I suggest carefully reading comments before replying. Thanks.

grape_crush
grape_crush

@ZacPetit@grape_crush

So...you read a one-line definition from an online dictionary and you think it encompasses the world of hacking?

At least use Wikipedia if you're going to be shallow:

http://en.wikipedia.org/wiki/Hacker_%28computer_security%29

or maybe read a little bit about hacking techniques:

http://hackerhubz.blogspot.com/2009/10/all-types-of-hacking-techniques.html

And then maybe you'll come off as being better informed about this particular topic instead of showing yourself as a pedant.


ZacPetit
ZacPetit

@Heian Even under your "correct" definition DDoS attacks are still not hacking.

Heian
Heian

...based on your definition, which you conveniently shaped to suit your opinion.

" to break into (a server, Web site, etc.) from a remote location to steal or damage data"

Dictionaries and such. A word can mean anything you want, as long as you change the definition to suit yourself. Until somebody fetches a proper definition.