An email intrusion targeting a key Republican campaign committee allowed unknown people to steal thousands of sensitive emails from four senior aides, Politico reported Tuesday.
The attack on the National Republican Congressional Committee, the main group that works to elect Republicans to the US House of Representatives, allowed the person or group responsible to monitor the aides email accounts for several months, Politico said. The intrusion was detected in April by a managed security services provider the NRCC had retained to monitor the security of its network.
The unnamed provider informed NRCC officials, who in turn alerted security firm CrowdStrike. CrowdStrike, which was called in to investigate the Russian governments 2016 hack of the Democratic National Committee, had already been retained by the NRCC when the intrusion was discovered in April, Politico said.
None of the information obtained in the attack has appeared in public, Politico said, citing party officials. The officials said no attempts have been made to threaten the NRCC or its leadership during the recent campaign with exposure of the information. Thats in sharp contrast to the the 2016 attack on the DNC and related hacks of the Democratic Congressional Campaign Committee and the Gmail account of Hillary Clinton presidential campaign chairman John Podesta. All three resulted in politically damaging emails being released ahead of the election in November 2016.
In a statement, CrowdStrike officials wrote: "In April 2018, CrowdStrike was asked by the NRCC to perform an investigation related to unauthorized access to NRCCs emails. Prior to the incident, CrowdStrike was helping to protect NRCCs internal corporate network, which was not compromised in this incident."
A person with direct knowledge of the NRCC investigation said the attack was significantly more limited than the one that hit the DNC in 2016. Unlike the DNC hack, it didnt involve malware or any intrusion onto the committees internal network.
“This was not like the DNC case, where the network was breached,” said the person, who spoke on condition of anonymity because he wasnt authorized to speak publicly. “The issue at hand only involves unauthorized access to a handful of email accounts that were hosted by a cloud email service provider. The actors were able to get a password to the email inbox of a handful of users and as a result access those emails.”
It wasnt clear if the breached email accounts were protected by multifactor authentication, which is offered by cloud email services from both Google and Microsoft. The measure is a highly effective way to prevent unauthorized access to accounts, because it requires attackers not only to steal a password but—at a minimum—also obtain a short-lived, one-time password generated by a phone app. An even more effective form of MFA offered by Gmail, known as the Advanced Protection Program, would require attackers to steal a physical security key that must be connected to the device connecting to the account.
Despite the NRCC hack being discovered in April, senior House Republicans—including House Speaker Paul Ryan, House Majority Leader Kevin McCarthy, and Majority Whip Steve Scalise—were only informed of it on Monday. Thats when Politico contacted the NRCC with questions about the intrusions, Tuesdays report said. Rank-and-file House Republicans were also unaware of it. So far, little is publicly known about the people behind the intrusions, including whether they are working on behalf of a government.
[contf] [contfnew]
Ars Technica
[contfnewc] [contfnewc]