NRCC hid knowledge of major email breach for eight long months
6 December 2018
Malicious hackers were able to hack into email accounts of four senior members of the U.S. National Republican Congressional Committee’s (NRCC) in April this year and continued to monitor those email accounts for months as the NRCC withheld the knowledge of the hack until recently.
According to Politico, email accounts of top NRCC members were infiltrated a long time ago and the intrusions were detected in April this year by an NRCC vendor, following which NRCC launched an internal investigation, informed CrowdStrike that had helped contain the DNC hack two years ago, and hired Washington law firm Covington & Burling and Mercury Public Affairs to supervise the response to the intrusions.
NRCC investigated the breach in utmost secrecy
Despite knowing about the incident for eight long months and making efforts to catch the hackers, NRCC decided not to disclose the incident and the secrecy was such that, according to Politico, senior Republican politicians such as Speaker Paul Ryan of Wisconsin, Majority Leader Kevin McCarthy of California, Majority Whip Steve Scalise of Louisiana, and a number of other Republican leaders had no idea about the breach until recently.
“The hack was of a senior GOP congressman, so it was extremely targeted – this wasn’t someone getting in randomly and happening on some valuable data, nor was it someone trying to steal huge amounts of open sensitive consumer data. They went after the inboxes of four key congressmen and the only reason to do that is if you think you can learn something that will help you specifically.
“The countries that have proven themselves to be able to perpetuate these kinds of attacks and have the motive to do so are Russia, China, and North Korea. That doesn’t rule anyone else out, it just means they’re the most likely. These are the countries with the means, motive, and opportunity to get the most out of inside information related to US political thinking,” said Brian Vecci, Technical Evangelist at Varonis.
When contacted by Politico, NRCC officials said that they did not disclose the breach as they wanted to complete their investigation first and feared that the disclosure could impact their efforts to find the alleged hackers.
“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity. The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter,” said Ian Prior, a vice president at Mercury.
According to CrowdStrike, the breach involved only four email accounts belonging to top Republican aides and did not impact the NRCC’s internal corporate network.
Repeated cyber-attacks on politicians
This isn’t the first time that email accounts of prominent politicians have been infiltrated by unauthorised actors prior to or during elections, be it in the United States or in Europe.
In August last year, WikiLeaks published a treasure trove of over 70,000 hacked emails, out of which 21,075 carried signatures of individuals and addresses associated with Emmanuel Macron’s presidential campaign team. The database leaked by WikiLeaks also contained over 25,000 attachments and details of 4,493 unique senders.
Experts feared that the breach could have had a significant impact on the French political landscape considering that internal emails sent and received by Macron’s team over a period of five years could reveal details of controversial political, economic and international relations strategies.
On the eve of British parliamentary elections, suspected hackers had also managed to infiltrate as many as 90 email accounts belonging to MPs including Prime Minister Theresa May as well as several of her cabinet colleagues.
“Hillary Clinton’s private email server, the Democratic National Convention leaks, the Ukrainian election hack, and now Macron’s hacked emails have made cyber security a focal point for any major election. Not only must we protect the integrity of our electronic voting systems, but election data breaches are becoming all too common and can be devastating for a candidate and a nation at large,” said Ken Spinner, VP of Global Field Engineering at Varonis following the leak of Macron’s emails.
He called for political parties to focus on and invest heavily in cyber security to prevent hackers from obtaining data which they could use to disrupt government, enterprise, and the global economy. Campaign data like donor lists, strategies, demographics, sentiment, and opposition research are a gold mine for hackers and as such, thwarting them needs to be the primary goal of political parties.
“Candidates and their teams need to make sure their data has basic controls in place–data can’t be open to everyone, users shouldn’t be able to access what they’re not supposed to, and all access should be monitored and recorded. You can’t catch what you can’t see, and too many organizations are flying blind,” he added.