NRCC breach exposes gaps 2 years after Russia hacks

Democrats are seizing on recent revelations that the House GOP’s campaign arm was hacked earlier this year to spotlight that both parties are vulnerable to cyberattacks.

The FBI is investigating a cyber breach at the National Republican Congressional Committee (NRCC) that felt like déjà vu to many in Washington — hackers targeting political campaign groups. This time, however, the perpetrators aimed their digital tools at the GOP instead of Democrats.

“It creates more of a sense of how critical it is that we protect our infrastructure,” Sen. Roy BluntRoy Dean BluntFive takeaways from dramatic Capitol security hearing Biden convenes bipartisan meeting on cancer research Pentagon prevented immediate response to mob, says Guard chief MORE (R-Mo.) told The Hill this week. “The federal government has certainly had plenty of hacks of their own, so we can't say with any certainty, ‘Do this like we do it you won't have a problem,’ because we've had plenty of problems.”


Four top aides at the NRCC — which was notified in April about the breach — learned that their emails had been surveilled for months, according to Politico, which first reported the intrusion.

Ian Prior, a public relations professional hired by the NRCC to oversee its response to the breach, confirmed the cyber intrusion.

“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” said Prior, a former Justice Department official, in an email to The Hill. “The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.”

Hackers likely breached a hosted email environment as a result of a password compromise, according to a source familiar with the matter.

The attack serves as a stark reminder that the targets of a cyberattack are fluid and changing. But it also has Democrats waving their fingers at Republicans for not heeding their warnings after the intelligence community concluded that Russia interfered in the 2016 presidential race. Back then Democrats told their GOP counterparts: It’s us this time, but you could be next.

“In their age-old routine of choosing party over country, Republicans swept the issue aside,” Rep. Bennie ThompsonBennie Gordon ThompsonLawmakers line up behind potential cyber breach notification legislation NAACP president accuses Trump of having operated under 'white supremacist doctrine' Lawmakers blame SolarWinds hack on 'collective failure' to prioritize cybersecurity MORE (Miss.), the top Democrat on the Homeland Security Committee, said in a statement after the NRCC hack was revealed.


“Now news of this hack — which was not released for months — makes it clear Republicans ignored election security at their own peril,” he said. “Democrats led on election security the entire 115th Congress and Republicans should have joined us.”

Nevertheless, Thompson and other top Democrats expected to lead key House committees next year say they will examine the matter during the 116th Congress.

“This is an issue that transcends party,” Rep. Jerrold Nadler (N.Y.), the top Democrat expected to lead the Judiciary panel, wrote on Twitter. “I hope more of my @HouseGOP colleagues will be willing to say so in the new Congress when House Judiciary and others take a close look at this systemic problem.”

Democrats are also resurfacing comments President TrumpDonald TrumpHouse passes voting rights and elections reform bill DEA places agent seen outside Capitol during riot on leave Georgia Gov. Kemp says he'd 'absolutely' back Trump as 2024 nominee MORE made earlier this year in which he asserted that Republicans have better cybersecurity after a series of damaging attacks against Democrats, including the ones on the Democratic National Committee (DNC) and John Podesta, who was campaign manager for former Secretary of State Hillary ClintonHillary Diane Rodham ClintonHere's who Biden is now considering for budget chief Clinton praises Dolly Parton's cold shoulder top from vaccination: 'Shall we make this a trend?' Trump was unhinged and unchanged at CPAC MORE’s presidential bid.

“The DNC should be ashamed of themselves for allowing themselves to be hacked. They had bad defenses and they were able to be hacked,” Trump told CBS News earlier this year. “I heard they were trying to hack the Republicans too, but — and this may be wrong — but they had much stronger defenses.”

Former FBI Director James ComeyJames Brien ComeyWray says FBI not systemically racist John Durham's endgame: Don't expect criminal charges Trump DOJ officials sought to block search of Giuliani records: report MORE told Congress last year that while hackers successfully breached an old Republican National Committee server during the election, their efforts to target the GOP paled in comparison to the Kremlin’s efforts to go after Democrats in 2016. While Russia-linked hackers infiltrated other Republican targets, the hackers did not leak those stolen files.

Lawmakers are still in the information-gathering stage with the NRCC hack.

The top members of the Senate Intelligence Committee — Chairman Richard BurrRichard Mauze BurrBipartisan bill would ban lawmakers from buying, selling stocks Republicans, please save your party Mellman: How the Senate decided impeachment MORE (R-N.C.) and Vice Chairman Mark WarnerMark Robert WarnerSenate Democrats offer fresh support for embattled Tanden The Hill's Morning Report - Presented by Facebook - Trump teases on 2024 run Sunday shows - Trump's reemergence, COVID-19 vaccines and variants dominate MORE (D-Va.) — voiced interest in receiving a briefing from the FBI, which is investigating the hack.

Other lawmakers have also called for more details to be released.

“There's a lot more information that has to come out on the hack, how it happened, what happened,” said Sen. James LankfordJames Paul LankfordSenate coronavirus bill delayed until Thursday GOP targets Manchin, Sinema, Kelly on Becerra CPAC, all-in for Trump, is not what it used to be MORE (R-Okla.), who noted that it has not yet been announced who’s responsible for the breach.

“There's a big difference between a domestic hacker who got into them and a foreign hacker,” he added.

Warner has been vocal about his belief that Republicans need to be more wary of a potential breach of their systems.

“The truth is that there are foreign adversaries who, for the most part, want to simply disrupt our political system. And I think there was, for a while, some hubris from some of them — Republicans saying the Democrats were just sloppy in 2016,” Warner said on Thursday. “The truth is that both political parties have been attacked by the Russians in the 2016 cycle.”

During remarks on Friday, Warner noted that cybersecurity isn’t necessarily a priority for political campaigns and committees like the NRCC, who are more focused on getting their candidates into office.

“The ultimate startup is a political campaign,” the senator said at an event for the Center for a New American Security. “And the notion that cybersecurity’s going to be on the top three when your goal is getting reelecting or electing someone isn’t going to take place.”

Officials working on election security have acknowledged that more needs to be done to secure campaigns from cyberattacks, an issue amplified after three separate Democratic candidates in California were the victims of such attacks this election cycle.

The NRCC hack has also resurfaced questions about how political groups should respond when their opponents fall victim to a cyberattack.

Earlier this year, the two parties were reportedly in talks about how both sides would work together in the face of a politically motivated cyberattack, but those discussions fell apart after Republicans refused to agree not to use hacked materials, saying leaked information would be fair game to use if it became public.

It’s unclear if any information was stolen during the NRCC hack, but no data or emails have been publicly released like they were in 2016 with the DNC and Podesta hacks.

A document dump like the ones leading up to the 2016 election would force lawmakers and operatives across the political spectrum, as well as the media, to grapple with the question of whether to utilize the publicly available information.

Warner said on Friday that he wants Congress to take action on election security sooner rather than later, saying the U.S. needs to adopt a “whole-of-society” approach to combating adversaries like Russia in cyberspace.

If not, he warned, the U.S. and its political parties will continue to be the victim of cyberattacks that interfere in the electoral process.