Profile picture
Andy Kroll @AndyKroll
, 11 tweets, 5 min read Read on Twitter
1/ I want to break out a few important points about this California hacking scoop of mine for @RollingStone — and what it tells us about what to expect in the 2018 midterms. rollingstone.com/politics/polit…
2/ Dr. Hans Keirstead, a Democrat who ran against Rep. Dana Rohrabacher in CA’s 48th district, faced multiple cyberattacks in the months leading up to the nonpartisan, top-two June 5 primary. Keirstead would lose by less than 150 votes. (His campaign doesn't blame the hacks.)
3/ First, he was spear-phished, akin to what happened to John Podesta on the Clinton campaign. In Podesta’s case, it was his Gmail. In Keirstead’s case, it was his company email (which he had used on the campaign). Hackers will target any account that they can find.
4/ Candidates: If you have a business, you have to fortify your email and IT on that end, too. It’s not enough to lock down your personal or campaign email accounts and other IT. Everything is a target.
5/ Then it was Keirstead’s campaign and digital infrastructure that was attacked. There was a stream of suspicious login attempts to the website and brute-force attacks on the hosting service used by the campaign. Again, multiple targets and multiple vectors.
6/ The Democratic Party seems to have learned the lessons of 2016. Documents I obtained show that senior @DCCC officials were quick to respond to Keirstead attacks. It was the @DCCC that successfully alerted the @FBI. (The campaign had previously contacted the @FBI with no luck.)
7/ The experts I interviewed say the @FBI took the attacks on Keirstead seriously based on the # of agents involved (across two states) and the data requested. In other words, it’s not just 2016 attacks the FBI is scrutinizing; it’s ongoing attacks, too.
8/ That raises the question of: Who did it? Russia? Another nation-state? Organized crime? A hacktivist with an axe to grind? Unlike the Claire McCaskill hacking attempt reported by the @dailybeast, experts say the Keirstead attacks are much harder to nail down re attribution.
9/ IP addresses, phony email accounts, failed login data: They're all useful data points, but they can all easily be manipulated or used to obscure the real source of a cyberattack. That’s why we list potential sources in the story — and don’t go further. (@FBI didn't comment.)
10/ But everyone I spoke to made this clear: The volume and sophistication of the cyberattacks on Keirstead and his campaign strongly suggest the hacker(s) had done research and had a good deal of technical savvy. Esp. when it came to the attempted cloud-server attacks.
11/ I’ll end on this note: The Keirstead campaign is not the only congressional campaign to face these kinds of attacks. I’ve heard similar reports from other campaigns, and I have no doubt these attacks will continue. Here’s what Keirstead’s former campaign manager told me:
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Andy Kroll
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!