House GOP Campaign Committee Says It Was Hacked During 2018 CampaignDecember 4, 2018
By Dustin Volz | The Wall Street Journal
The National Republican Congressional Committee said it launched an internal investigation of the cyberhack and notified the Federal Bureau of Investigation. PHOTO: JIM BOURG/REUTERS
WASHINGTON—The campaign arm for Republican congressional candidates fell victim to a cyberattack in April by an unidentified intruder, people familiar with the matter said on Tuesday, fueling concerns that the 2018 election campaign may have been more seriously targeted by hackers than previously known.
The identity of the hacker wasn’t clear, but one person familiar with the investigation said it was believed the attack was from a foreign operator. Other people said they couldn’t attribute the source of the hack but that it was carried out by a sophisticated actor.
The hacker didn’t directly breach the network belonging to the National Republican Congressional Committee but instead maliciously accessed confidential committee emails that were being hosted by a third-party cloud-service provider through a password compromise, people familiar with the investigation said.
In a brief statement, a spokesman for the NRCC confirmed that an intrusion had taken place but declined to offer further details, citing an ongoing investigation into the breach.
“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” the spokesman said. “The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.”
The Federal Bureau of Investigation declined to comment.
The hack was first reported by Politico, which cited unnamed Republican party officials who described it as a major breach that was first detected in April by an outside vendor and exposed thousands of potentially sensitive emails to an outside intruder.
A source familiar with the attack said the emails of only a few people at the NRCC were accessed. Another person familiar with the hack said the accounts belonging to four senior staffers were compromised. There is no indication yet that the emails were made public or used maliciously, the person said.
Republican Speaker Paul Ryan, who will retire in January, and other House Republicans weren’t made aware of the breach because the NRCC didn’t want word of the incident to leak, the person said.
A House leadership aide said the top three Republicans in Congress first learned of the hack when a reporter reached out on Monday evening, but declined to comment further.
Some former officials and cybersecurity experts faulted the NRCC for not publicly disclosing the attack.
“Not disclosing the hack of their systems endangered the elections,” said Brett Bruen, a former national security official in the Obama administration and current president of the Global Situation Room, a crisis communications firm.
“The information extracted from this operation could have been of extremely high value for foreign intelligence services,” Mr. Bruen said.
The NRCC and its Democratic counterpart, the Democratic Congressional Campaign Committee, began negotiations earlier this year to collectively ban the use of hacked or stolen information in campaigns, in what would have been an unprecedented agreement.
But those talks broke down in September when House Republicans walked away from the process after accusing Democrats of violating an agreement to not discuss negotiations publicly until a pact was sealed.
Officials in both political parties were on high alert throughout the 2018 campaign season following the hack and disclosure of Democratic emails during the 2016 presidential election, which U.S. intelligence agencies concluded was part of a foreign interference operation orchestrated by Russia in an attempt to help President Trump win the election.
In that case, Russian hackers broke into the DCCC and leveraged that access to compromise the Democratic National Committee, where they spied on party operatives and stole thousands of confidential emails that were later released publicly.
But Russian trolls and hackers mostly sat on the sidelines during the 2018 midterm election. While a limited amount of disinformation was detected, Russia didn’t engage in the same widespread campaign intended to disrupt the election, according to U.S. officials and cybersecurity companies looking for evidence of Russian interference.
A fuller review by the U.S. intelligence community of election interference is expected to be delivered to the White House later this month, and portions of it may be made public.
The U.S.-based cybersecurity firm CrowdStrike has been investigating the latest breach, according to sources familiar with the matter. The firm was hired in 2016 by the DNC to investigate and help manage the alleged Russian hack of its systems.