Account Share

 

Thread by @AndyKroll: "1/ I want to break out a few important points about this California hacking scoop of mine for @RollingStone — and what it tells us about wha […]"

, 11 tweets, 5 min read
1/ I want to break out a few important points about this California hacking scoop of mine for @RollingStone — and what it tells us about what to expect in the 2018 midterms. rollingstone.com/politics/polit…
2/ Dr. Hans Keirstead, a Democrat who ran against Rep. Dana Rohrabacher in CA’s 48th district, faced multiple cyberattacks in the months leading up to the nonpartisan, top-two June 5 primary. Keirstead would lose by less than 150 votes. (His campaign doesn't blame the hacks.)
3/ First, he was spear-phished, akin to what happened to John Podesta on the Clinton campaign. In Podesta’s case, it was his Gmail. In Keirstead’s case, it was his company email (which he had used on the campaign). Hackers will target any account that they can find.
4/ Candidates: If you have a business, you have to fortify your email and IT on that end, too. It’s not enough to lock down your personal or campaign email accounts and other IT. Everything is a target.
5/ Then it was Keirstead’s campaign and digital infrastructure that was attacked. There was a stream of suspicious login attempts to the website and brute-force attacks on the hosting service used by the campaign. Again, multiple targets and multiple vectors.
6/ The Democratic Party seems to have learned the lessons of 2016. Documents I obtained show that senior @DCCC officials were quick to respond to Keirstead attacks. It was the @DCCC that successfully alerted the @FBI. (The campaign had previously contacted the @FBI with no luck.)
7/ The experts I interviewed say the @FBI took the attacks on Keirstead seriously based on the # of agents involved (across two states) and the data requested. In other words, it’s not just 2016 attacks the FBI is scrutinizing; it’s ongoing attacks, too.
8/ That raises the question of: Who did it? Russia? Another nation-state? Organized crime? A hacktivist with an axe to grind? Unlike the Claire McCaskill hacking attempt reported by the @dailybeast, experts say the Keirstead attacks are much harder to nail down re attribution.
9/ IP addresses, phony email accounts, failed login data: They're all useful data points, but they can all easily be manipulated or used to obscure the real source of a cyberattack. That’s why we list potential sources in the story — and don’t go further. (@FBI didn't comment.)
10/ But everyone I spoke to made this clear: The volume and sophistication of the cyberattacks on Keirstead and his campaign strongly suggest the hacker(s) had done research and had a good deal of technical savvy. Esp. when it came to the attempted cloud-server attacks.
11/ I’ll end on this note: The Keirstead campaign is not the only congressional campaign to face these kinds of attacks. I’ve heard similar reports from other campaigns, and I have no doubt these attacks will continue. Here’s what Keirstead’s former campaign manager told me:
Missing some Tweet in this thread?
You can try to force a refresh.
This content can be removed from Twitter at anytime, get a PDF archive by mail!
This is a Premium feature, you will be asked to pay $30.00/year
for a one year Premium membership with unlimited archiving.
Don't miss anything from @AndyKroll,
subscribe and get alerts when a new unroll is available!
Did Thread Reader help you today?
Support us: We are indie developers! Read more about the story
Become a 💎 Premium member ($30.00/year) and get exclusive features!
Too expensive?
Make a small donation instead. Buy us a coffee ($5) or help for the server cost ($10):
Donate with 😘 Paypal or  Become a Patron 😍 on Patreon.com
Trending hashtags
Did Thread Reader help you today?
Support us: We are indie developers! Read more about the story
Become a 💎 Premium member ($30.00/year) and get exclusive features!
Too expensive?
Make a small donation instead. Buy us a coffee ($5) or help for the server cost ($10):
Donate with 😘 Paypal or  Become a Patron 😍 on Patreon.com