Trump Campaign Website Pwned By Scammers

President Trump’s campaign website was briefly and partially hacked Tuesday afternoon as unknown adversaries took over the “About” page and replaced it with what appeared to be a scam to collect cryptocurrency:

There is no indication, despite the hackers’ claims, that “full access to trump and relatives” was achieved or “most internal and secret conversations strictly classified information” were exposed. The hack seemingly took place shortly after 4 PM Pacific time. The culprits likely gained access to the web server backend and replaced the “About” page with a long stretch of obfuscated javascript producing a parody of the FBI “this site has been seized” message. 

“the world has had enough of the fake-news spreaded daily by president donald j trump,” the new site read. “it is time to allow the world to know truth.” Claiming to have inside information on the “origin of the corona virus” and other information discrediting Trump, the hackers provided two Monero addresses. Monero is a cryptocurrency that’s easy to send but quite difficult to track. For this reason it has become associated with unsavory operations such as this hack. One address was for people that wanted the “strictly classified information” released, the other for those who would prefer to keep it secret. After an unspecified deadline the totals of cryptocurrency would be compared and the higher total would determine what was done with the data.

The website was reverted back to normal in a few minutes. But it is the latest cybersecurity issue that Trump has had in the last few weeks. After all a Dutch security researcher claimed to have pwned his Twitter account not too long ago. Clearly, Trump and his minions have no clue about IT security.

UPDATE: I have a comment about this incident from Mike Beck, Global CISO at Darktrace 

This news does not come as a surprise – in the run up to elections, in this case one of the most significant in history, political parties and individuals will be battling attempts against their systems on a daily basis. Some attacks are more successful than others, some are advanced and others less so. This is an example of an “unsophisticated scam” but this does not preclude involvement from nation-state affiliates, and we shouldn’t ignore that the hackers were still able to gain access to the website and cause mischief.

The more pressing concern for the candidates is how to detect sophisticated attacks or insider threats. 

Digital campaigning is now central for reaching the electorate. As political campaigns are run increasingly within a digital context, attackers might aim to do damage in a number of ways, whether by accessing data on voters or campaign strategy that would deliver a competitive advantage to the adversary, by opportunistically digging for information that could be reputationally damaging to prominent individuals, or by disrupting the organization so as to slow productivity. 

In this new era of deepfakes, disinformation and increasingly sophisticated hackers, governments, political parties, the media and campaign groups must all be on the leading edge of innovation to protect targeted data and minimise the impact of any attempts to disrupt their activities. Cyber security AI will be a fundamental ally to not only detect these attempts early but actively stop them in their tracks, before confidence and data integrity is seriously undermined.

Leave a Reply

%d bloggers like this: