Hackers took-over President Trump’s 2020 election campaign website late Tues, replacing parts of the site with a cryptocurrency scam before returning it to its original content a few minutes later.
Hackers claim to have access to ‘classified information linking the President to the origin of the Coronavirus & criminal collusion with foreign actors.’
Journalist Gabriel Lorenzo Greschler was the 1st to observe the attack while he was doing research for a climate-change article, he wrote in a tweet. The accompanying photo showed a message proclaiming “this site was seized” & “the world has had enough of the fake news spread daily by president donald j trump [sic].”
While the hacked page suggested that the threat players responsible compromised “multiple devices” that gave them “full access” to internal & secret conversations” of “trump & relatives,” there is no evidence that these statements are true, says the Trump Campaign.
The hackers seemed to advocate the ousting of President Trump in the upcoming Nov. 3 election.
They claimed that the information they obtained ‘prove’ that Trump & his Govt. are “involved” in the original of the Coronavirus, as well as engaged in “criminal involvement & co-operation with foreign actors” that “completely discredits” the President. “The US citizens have no choice,” the hackers further wrote.
After the message, attackers posted 2 addresses for Monero, a cryptocurrency often used in illegal cyber activities because it’s easy to send, yet difficult to track. Research has found that illicit Monero-mining malware is more than 4% of the XMR in circulation & has created $57 million in profits for threat players.
The addresses allow people to basically buy access to the data with cryptocurrency, giving people the option of whether or not they want the classified data shared.
“After the deadline we will compare the funds & execute the will of the world,” hackers wrote. “In both cases we will inform you.”
They signed the page with a PGP public key linked to an e-mail address at planet.gov–a domain that does not exist—as a way for people participating in the scam to identify them.
The Trump campaigned acknowledged the hack late Tues., explaining that the team is working with law enforcement to investigate the source of the attack ,& asserting that the attackers had no access to classified data.
“There was no exposure to sensitive data because none of it is actually stored on the site,” Campaign Communications Director Tim Murtaugh commented in a statement published on his Twitter page.
Does Trump Actually ‘Do’ Cybersecurity ‘Best Practices’?
Karen Walsh, Cyber Security Compliance Expert & CEO of Allegro Solutions, outlined it is possible the hack is tied to weak password policies & mis-managed account access.
“If Trump’s Twitter account is anything to go by, last week a security researcher ‘guessed’ his Twitter password as ‘maga2020!’
Many have speculated that Trump writes some tweets while staff write others, given the changes in tone that occur throughout the account.
This means that we can guess he shares the password with staffers which is not considered a best practice,” commented Walsh.
“Most likely, someone assumed that the website used some version of ‘maga2020!’ & manipulated the URL to get the login page. Most WordPress login pages are www[.]website.com/login so the manipulation did not need to be sophisticated.”
A medical professional & Twitter user responded to Murtaugh’s tweet with doubt about the Trump administration’s overall capability to provide security & protection, not just online ,but for the American people.
“If Trump can’t even secure his own campaign website, then how can he secure the country?” tweeted Dr. Eugene Gu, founder and CEO of CoolQuit. “If he cannot protect himself from the Coronavirus, how can he protect everyone else? What a joke.”
The hack is not the 1st time threat attackers have targeted President Trump during the run up to next week’s election. Earlier this month, his Twitter account was allegedly accessed by Dutch ethical hacker Victor Gevers solely by guessing his password, “maga2020!.”
About 1 year ago, Microsoft researchers observed a group of hackers tied to Iran attempting to break into accounts associated with President Trump’s 2020 re-election campaign.
More attacks are likely to come in the countdown to the final day those who are eligible can cast their vote in the 2020 election, warned Chris Krebs, Director of CISA.gov—the website for Govt’s Cybersecurity & Infrastructure Security Agency–on Twitter. Rather than targeting candidates, though, threat players will likely try to attack voting infrastructure, he observed.
“Things to keep an eye out for: this week & next are prime territory for visible, seemingly disruptive attempts to undermine confidence in voting systems,” Krebs tweeted. “Website defacements are superficial; Denial of Service attacks might deprive you of info but won’t compromise the vote itself.”
Despite no data being stored on the site, Erich Kron, Security Expert at KnowBe4, said there might likely be lingering exposure risks.
“Exposure risks may exist if the server, database or underlying infrastructure is shared with other websites or services,” he wrote.
“Once an attacker has administrative credentials, they are likely to attempt to steal everything they can, to include credentials for any other accounts & configuration files that may contain static passwords or sensitive information.
These could lead to access to other services or sites that do contain sensitive information.”