NRCC breach exposes gaps 2 years after Russia hacks

Democrats are seizing on recent revelations that the House GOP’s campaign arm was hacked earlier this year to spotlight that both parties are vulnerable to cyberattacks.

The FBI is investigating a cyber breach at the National Republican Congressional Committee (NRCC) that felt like déjà vu to many in Washington — hackers targeting political campaign groups. This time, however, the perpetrators aimed their digital tools at the GOP instead of Democrats.

“It creates more of a sense of how critical it is that we protect our infrastructure,” Sen. Roy BluntRoy Dean BluntGOP group's ad calls on Graham to push for election security: 'Are you still trying?' Exclusive: Kushner tells GOP it needs to unify behind immigration plan The Hill's Morning Report - Can Trump save GOP in North Carolina special election? MORE (R-Mo.) told The Hill this week. “The federal government has certainly had plenty of hacks of their own, so we can't say with any certainty, ‘Do this like we do it you won't have a problem,’ because we've had plenty of problems.”

ADVERTISEMENT

Four top aides at the NRCC — which was notified in April about the breach — learned that their emails had been surveilled for months, according to Politico, which first reported the intrusion.

Ian Prior, a public relations professional hired by the NRCC to oversee its response to the breach, confirmed the cyber intrusion.

“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” said Prior, a former Justice Department official, in an email to The Hill. “The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.”

Hackers likely breached a hosted email environment as a result of a password compromise, according to a source familiar with the matter.

The attack serves as a stark reminder that the targets of a cyberattack are fluid and changing. But it also has Democrats waving their fingers at Republicans for not heeding their warnings after the intelligence community concluded that Russia interfered in the 2016 presidential race. Back then Democrats told their GOP counterparts: It’s us this time, but you could be next.

“In their age-old routine of choosing party over country, Republicans swept the issue aside,” Rep. Bennie ThompsonBennie Gordon ThompsonTop Democrat demands answers from CBP on security of biometric data Hillicon Valley: 8chan owner defends platform before Congress | Facebook launches dating feature | New York City sues T-Mobile | Top NSA cyber official names ransomware as 2020 threat | Blue Dog Dems urge action on election security 8chan owner defends platform in testimony before Congress MORE (Miss.), the top Democrat on the Homeland Security Committee, said in a statement after the NRCC hack was revealed.

ADVERTISEMENT

“Now news of this hack — which was not released for months — makes it clear Republicans ignored election security at their own peril,” he said. “Democrats led on election security the entire 115th Congress and Republicans should have joined us.”

Nevertheless, Thompson and other top Democrats expected to lead key House committees next year say they will examine the matter during the 116th Congress.

“This is an issue that transcends party,” Rep. Jerrold Nadler (N.Y.), the top Democrat expected to lead the Judiciary panel, wrote on Twitter. “I hope more of my @HouseGOP colleagues will be willing to say so in the new Congress when House Judiciary and others take a close look at this systemic problem.”

Democrats are also resurfacing comments President TrumpDonald John TrumpTed Cruz knocks New York Times for 'stunning' correction on Kavanaugh report US service member killed in Afghanistan Pro-Trump website edited British reality star's picture to show him wearing Trump hat MORE made earlier this year in which he asserted that Republicans have better cybersecurity after a series of damaging attacks against Democrats, including the ones on the Democratic National Committee (DNC) and John Podesta, who was campaign manager for former Secretary of State Hillary ClintonHillary Diane Rodham ClintonTrump's economic approval takes hit in battleground states: poll This is how Democrats will ensure Trump's re-election The Hill's Morning Report - Trump takes 2020 roadshow to New Mexico MORE’s presidential bid.

“The DNC should be ashamed of themselves for allowing themselves to be hacked. They had bad defenses and they were able to be hacked,” Trump told CBS News earlier this year. “I heard they were trying to hack the Republicans too, but — and this may be wrong — but they had much stronger defenses.”

Former FBI Director James ComeyJames Brien ComeyHouse Democrats seeking Sessions's testimony in impeachment probe Justice OIG completes probe on FBI surveillance of ex-Trump campaign aide Aggrieved Trump rips Dems for 'sad' impeachment effort MORE told Congress last year that while hackers successfully breached an old Republican National Committee server during the election, their efforts to target the GOP paled in comparison to the Kremlin’s efforts to go after Democrats in 2016. While Russia-linked hackers infiltrated other Republican targets, the hackers did not leak those stolen files.

Lawmakers are still in the information-gathering stage with the NRCC hack.

The top members of the Senate Intelligence Committee — Chairman Richard BurrRichard Mauze BurrLawmakers applaud Trump's ban on flavored e-cigarettes Trump to hold campaign rally in North Carolina day before special House election Hoekstra emerges as favorite for top intelligence post MORE (R-N.C.) and Vice Chairman Mark WarnerMark Robert WarnerTop Democrat demands answers from CBP on security of biometric data 2020 Democrats raise alarm about China's intellectual property theft State probes of Google, Facebook to test century-old antitrust laws MORE (D-Va.) — voiced interest in receiving a briefing from the FBI, which is investigating the hack.

Other lawmakers have also called for more details to be released.

“There's a lot more information that has to come out on the hack, how it happened, what happened,” said Sen. James LankfordJames Paul LankfordGOP group's ad calls on Graham to push for election security: 'Are you still trying?' Manufacturing group leads coalition to urge Congress to reauthorize Ex-Im Bank GOP group calls on Republican senators to stand up to McConnell on election security in new ads MORE (R-Okla.), who noted that it has not yet been announced who’s responsible for the breach.

“There's a big difference between a domestic hacker who got into them and a foreign hacker,” he added.

Warner has been vocal about his belief that Republicans need to be more wary of a potential breach of their systems.

“The truth is that there are foreign adversaries who, for the most part, want to simply disrupt our political system. And I think there was, for a while, some hubris from some of them — Republicans saying the Democrats were just sloppy in 2016,” Warner said on Thursday. “The truth is that both political parties have been attacked by the Russians in the 2016 cycle.”

During remarks on Friday, Warner noted that cybersecurity isn’t necessarily a priority for political campaigns and committees like the NRCC, who are more focused on getting their candidates into office.

“The ultimate startup is a political campaign,” the senator said at an event for the Center for a New American Security. “And the notion that cybersecurity’s going to be on the top three when your goal is getting reelecting or electing someone isn’t going to take place.”

Officials working on election security have acknowledged that more needs to be done to secure campaigns from cyberattacks, an issue amplified after three separate Democratic candidates in California were the victims of such attacks this election cycle.

The NRCC hack has also resurfaced questions about how political groups should respond when their opponents fall victim to a cyberattack.

Earlier this year, the two parties were reportedly in talks about how both sides would work together in the face of a politically motivated cyberattack, but those discussions fell apart after Republicans refused to agree not to use hacked materials, saying leaked information would be fair game to use if it became public.

It’s unclear if any information was stolen during the NRCC hack, but no data or emails have been publicly released like they were in 2016 with the DNC and Podesta hacks.

A document dump like the ones leading up to the 2016 election would force lawmakers and operatives across the political spectrum, as well as the media, to grapple with the question of whether to utilize the publicly available information.

Warner said on Friday that he wants Congress to take action on election security sooner rather than later, saying the U.S. needs to adopt a “whole-of-society” approach to combating adversaries like Russia in cyberspace.

If not, he warned, the U.S. and its political parties will continue to be the victim of cyberattacks that interfere in the electoral process.