Cyber criminals running a cryptocurrency scam successfully breached the campaign website of under fire US president Donald Trump to briefly replace it with a JavaScript mock-up of an FBI warning, in the latest exploitation of the contentious US election process by cyber criminals.
The fake warning said that the attackers had compromised multiple devices with access to Trump and his relatives, and had evidence that the US government was behind the Covid-19 pandemic – this latter point a fairly widespread conspiracy theory.
The group claimed to have evidence that discredited Trump as a president and proved criminal involvement with foreign actors manipulating the election. Getting to their point, the attackers then solicited donations in the Monero cryptocurrency via two different links, the implication being whichever link attracts the most donations would either cause them to leak whatever data they claim to hold, or keep it under wraps.
Trump’s campaign director, Tim Murtaugh, said via Twitter: “Earlier this evening, the Trump campaign website was defaced and we are working with law enforcement authorities to investigate the source of the attack.
“There was no exposure to sensitive data because none of it is actually stored on the site. The website has been restored.”
Niamh Muldoon, OneLogin senior director of trust and security, said: “The US elections are fast approaching and with the commotion that this entails follows bad actors looking to leverage this for their own personal gain.
“Whether or not the cyber criminals of this attack are against Trump’s presidency or not, they are playing on the political divides to reap financial reward. If individuals want to hurt Trump’s running with the exposure of his ‘most internal and secret conversations’, they need to donate cryptocurrency. If they want to protect the president, they need to donate cryptocurrency. Either way, the bad actors win,” she said.
Historical importance
Mike Beck, global CISO at Darktrace, said the hack was no surprise whatsoever given the historical importance of the 2020 election cycle.
“Political parties and individuals will be battling attempts against their systems on a daily basis. Some attacks are more successful than others, some are advanced and others less so. This is an example of an unsophisticated scam but this does not preclude involvement from nation-state affiliates, and we shouldn’t ignore that the hackers were still able to gain access to the website and cause mischief,” he said.
A more pressing concern for Trump, and his rival Joe Biden, would be how to detect more sophisticated forms of cyber attack, said Beck.
“In this new era of deepfakes, disinformation and increasingly sophisticated hackers, governments, political parties, the media and campaign groups must all be on the leading edge of innovation to protect targeted data and minimise the impact of any attempts to disrupt their activities,” he said.
OneLogin’s Muldoon added: “It also highlights a need for Trump’s security advisors to complete a comprehensive review of all account access associated with him and his campaign to prevent further damage to his brand reputation.”
The temporarily successful hack bears some similarity to the July 2020 breach of Twitter, in which a gang of teenagers exploited insiders at the social media platform to gain access to celebrity accounts in order to scam their followers into handing over more than $100,000 of cryptocurrency.
While it is unknown if the attackers compromised any insiders at Trump’s campaign, Tom Lysemose Hansen, chief technology officer of app security specialist Promon, said the short-lived attack would have undoubtedly borne some fruit for its perpetrators, even if they only clicked on a link and did not intend to hand over any donations.
“This in itself is very dangerous and goes to show just how, at the end of the day, nobody’s accounts or websites, whether they be government-backed or personal, are ‘unhackable’. In fact, even the most secure, high profile accounts are vulnerable should the user fall victim to a phishing attack which seeks usernames and passwords,” said Hansen.
“This news also follows our recent discovery that both Trump’s and Joe Biden’s official election apps are vulnerable to a well-known and critical Android vulnerability that allows hackers to easily hijack apps and overlay fake screens which can depict anything the attacker wants, including screens that ask the user to hand over sensitive information, such as usernames and passwords,” he added.
Edgescan operations lead Michael Barragry assessed that the Trump website was possibly breached through the exploitation of an unpatched content management system (CMS), an application that allows the creation and management of digital content. Such attacks can be launched with minimal technical expertise – often malicious actors will simply use disclosed vulnerabilities and publicly available exploits, and then scan the internet for at risk instances.
It is unknown at the time of writing whether or not the person or persons responsible had an IQ of over 197, or 15% of Trump’s password, although last week Dutch researchers also claimed to have successfully hacked Trump’s Twitter account using the password maga2020, which would appear if true to be 100% of a password.