Rolling Stone has obtained "dozens of emails and forensic records" showing several cyberattacks targeted Rep. Dana Rohrabacher's (R-CA) Democratic opponent over the past year.
... Dr. Hans Keirstead, a stem-cell scientist and the CEO of a biomedical research company, finished third in California’s nonpartisan “top-two” primary on June 5th, falling 125 votes short of advancing to the general election in one of the narrowest margins of any congressional primary this year. He has since endorsed Harley Rouda, the Democrat who finished in second place and will face Rohrabacher in the November election.
(...)
Cybersecurity experts say that it’s nearly impossible to identify who was behind the hacks without the help of law enforcement or high-priced private cybersecurity firms that collect their own threat data. These experts speculate that the hackers could have been one of many actors: a nation-state (such as Russia), organized crime, so-called e-crime or a hacktivist with a specific agenda. The FBI declined to comment.
Kyle Quinn-Quesada, who was Keirstead’s campaign manager, tells Rolling Stone that the campaign is now going public about the attacks for the sake of voter awareness. “It is clear from speaking with campaign professionals around the country that the sustained attacks the Keirstead for Congress campaign faced were not unique but have become the new normal for political campaigns in 2018,” Quinn-Quesada says. He added that the Keirstead campaign did not believe the cyberattacks had an effect on the primary election results.
(...)
The hacks on Keirstead began in August 2017 with a spear-phishing attempt — a fake email intended to deceive the recipient into typing in his or her password or other confidential information — sent to Keirstead’s work email address. The phishing attempt was successful — Keirstead thought it was a legitimate Microsoft Office message and entered his password before quickly realizing the message was fake and having his company take measures to secure their email system. (Keirstead had used his work account for campaign purposes, emails show.) This was similar to the phishing attack on Hillary Clinton campaign chairman John Podesta that later resulted in the release of thousands of Podesta’s personal emails.
(...)
In December, the cyberattacks on Keirstead took a different form: a sophisticated and sustained effort to hack into the campaign’s website and hosting service.
(...)
In January, according to the campaign’s digital consultant, there were also several attempts to access the campaign’s Twitter account by unknown users. And later that same month, Keirstead’s company was briefly hacked again, according to campaign emails and interviews.
While the spear-phishing attack targeting Keirstead’s work account was successful, none of the attempts to gain unauthorized access to the campaign’s website, hosting company or Twitter account were effective, according to the campaign emails.
(...)
Two [FBI] agents based in California met with Quinn-Quesada in late January, according to the emails. ... The campaign told the two agents about the successful and attempted hacks of Keirstead’s email, website, hosting service and Twitter account. Soon afterward, an FBI special agent based in Washington contacted the campaign’s digital consulting firm, Veracity Media, and requested a meeting. A team of FBI employees visited Veracity Media’s office and collected reams of forensic data about the attempted hacks.
Ed McAndrew, a former federal cybercrime prosecutor who now leads the privacy and data security group at the law firm Ballard Spahr, tells Rolling Stone that the FBI’s request for information suggested the bureau was taking the attacks on the Keirstead campaign seriously.
(...)
Quinn-Quesada tells Rolling Stone that the FBI never told him or anyone else on the campaign if it had identified who was behind the cyberattacks.
He says the accounts he’s heard from fellow political operatives about cyberattacks and other suspicious online activity grow more common by the day. “The targets aren’t just high-profile statewide candidates or elected officials,” he says. “Individual congressional campaigns are being targeted on a regular basis.”
Full story: Documents Reveal Successful Cyberattack in California Congressional Race (Rolling Stone)