NRCC breach exposes gaps 2 years after Russia hacks

Democrats are seizing on recent revelations that the House GOP’s campaign arm was hacked earlier this year to spotlight that both parties are vulnerable to cyberattacks.

The FBI is investigating a cyber breach at the National Republican Congressional Committee (NRCC) that felt like déjà vu to many in Washington — hackers targeting political campaign groups. This time, however, the perpetrators aimed their digital tools at the GOP instead of Democrats.

“It creates more of a sense of how critical it is that we protect our infrastructure,” Sen. Roy BluntRoy Dean BluntRisk-averse Republicans are failing the republic Senate GOP poised to go 'nuclear' on Trump picks The Hill's Morning Report - Dems contemplate big election and court reforms MORE (R-Mo.) told The Hill this week. “The federal government has certainly had plenty of hacks of their own, so we can't say with any certainty, ‘Do this like we do it you won't have a problem,’ because we've had plenty of problems.”

ADVERTISEMENT

Four top aides at the NRCC — which was notified in April about the breach — learned that their emails had been surveilled for months, according to Politico, which first reported the intrusion.

Ian Prior, a public relations professional hired by the NRCC to oversee its response to the breach, confirmed the cyber intrusion.

“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” said Prior, a former Justice Department official, in an email to The Hill. “The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.”

Hackers likely breached a hosted email environment as a result of a password compromise, according to a source familiar with the matter.

The attack serves as a stark reminder that the targets of a cyberattack are fluid and changing. But it also has Democrats waving their fingers at Republicans for not heeding their warnings after the intelligence community concluded that Russia interfered in the 2016 presidential race. Back then Democrats told their GOP counterparts: It’s us this time, but you could be next.

“In their age-old routine of choosing party over country, Republicans swept the issue aside,” Rep. Bennie ThompsonBennie Gordon ThompsonHillicon Valley: Nunes sues Twitter for 0 million | Trump links tech giants to 'Radical Left Democrats' | Facebook settles suits over ad discrimination | Dems want answers over spread of New Zealand shooting video Homeland Security chairman requests briefing from tech companies after spread of New Zealand footage Lawmakers contemplate a tough political sell: Raising their pay MORE (Miss.), the top Democrat on the Homeland Security Committee, said in a statement after the NRCC hack was revealed.

ADVERTISEMENT

“Now news of this hack — which was not released for months — makes it clear Republicans ignored election security at their own peril,” he said. “Democrats led on election security the entire 115th Congress and Republicans should have joined us.”

Nevertheless, Thompson and other top Democrats expected to lead key House committees next year say they will examine the matter during the 116th Congress.

“This is an issue that transcends party,” Rep. Jerrold Nadler (N.Y.), the top Democrat expected to lead the Judiciary panel, wrote on Twitter. “I hope more of my @HouseGOP colleagues will be willing to say so in the new Congress when House Judiciary and others take a close look at this systemic problem.”

Democrats are also resurfacing comments President TrumpDonald John TrumpTrump mocks wind power: 'When the wind doesn't blow, just turn off the television' Pentagon investigator probing whether acting chief boosted former employer Boeing Trump blasts McCain, bemoans not getting 'thank you' for funeral MORE made earlier this year in which he asserted that Republicans have better cybersecurity after a series of damaging attacks against Democrats, including the ones on the Democratic National Committee (DNC) and John Podesta, who was campaign manager for former Secretary of State Hillary ClintonHillary Diane Rodham ClintonTrump mocks wind power: 'When the wind doesn't blow, just turn off the television' Trump's approval rating stable at 45 percent Kellyanne Conway: 'I think my gender helps me with the president' MORE’s presidential bid.

“The DNC should be ashamed of themselves for allowing themselves to be hacked. They had bad defenses and they were able to be hacked,” Trump told CBS News earlier this year. “I heard they were trying to hack the Republicans too, but — and this may be wrong — but they had much stronger defenses.”

Former FBI Director James ComeyJames Brien ComeyTrump says public can see Mueller report Anderson Cooper blasts Trump over McCain attacks: 'He's punching a person who is dead' Clyburn: Trump and family 'greatest threats to democracy' in lifetime MORE told Congress last year that while hackers successfully breached an old Republican National Committee server during the election, their efforts to target the GOP paled in comparison to the Kremlin’s efforts to go after Democrats in 2016. While Russia-linked hackers infiltrated other Republican targets, the hackers did not leak those stolen files.

Lawmakers are still in the information-gathering stage with the NRCC hack.

The top members of the Senate Intelligence Committee — Chairman Richard BurrRichard Mauze BurrGOP's Tillis comes under pressure for taking on Trump Warner says there are 'enormous amounts of evidence' suggesting Russia collusion McCarthy dismisses Democrat's plans: 'Show me where the president did anything to be impeached' MORE (R-N.C.) and Vice Chairman Mark WarnerMark Robert WarnerDems request probe into spa owner suspected of trying to sell access to Trump Live video of New Zealand shooting puts tech on defensive The Hill's Morning Report — Trump readies first veto after latest clash with Senate GOP MORE (D-Va.) — voiced interest in receiving a briefing from the FBI, which is investigating the hack.

Other lawmakers have also called for more details to be released.

“There's a lot more information that has to come out on the hack, how it happened, what happened,” said Sen. James LankfordJames Paul LankfordSenate GOP poised to go 'nuclear' on Trump picks GOP senators eye 'nuclear' move to change rules on Trump nominees Senate GOP goes down to wire in showdown with Trump MORE (R-Okla.), who noted that it has not yet been announced who’s responsible for the breach.

“There's a big difference between a domestic hacker who got into them and a foreign hacker,” he added.

Warner has been vocal about his belief that Republicans need to be more wary of a potential breach of their systems.

“The truth is that there are foreign adversaries who, for the most part, want to simply disrupt our political system. And I think there was, for a while, some hubris from some of them — Republicans saying the Democrats were just sloppy in 2016,” Warner said on Thursday. “The truth is that both political parties have been attacked by the Russians in the 2016 cycle.”

During remarks on Friday, Warner noted that cybersecurity isn’t necessarily a priority for political campaigns and committees like the NRCC, who are more focused on getting their candidates into office.

“The ultimate startup is a political campaign,” the senator said at an event for the Center for a New American Security. “And the notion that cybersecurity’s going to be on the top three when your goal is getting reelecting or electing someone isn’t going to take place.”

Officials working on election security have acknowledged that more needs to be done to secure campaigns from cyberattacks, an issue amplified after three separate Democratic candidates in California were the victims of such attacks this election cycle.

The NRCC hack has also resurfaced questions about how political groups should respond when their opponents fall victim to a cyberattack.

Earlier this year, the two parties were reportedly in talks about how both sides would work together in the face of a politically motivated cyberattack, but those discussions fell apart after Republicans refused to agree not to use hacked materials, saying leaked information would be fair game to use if it became public.

It’s unclear if any information was stolen during the NRCC hack, but no data or emails have been publicly released like they were in 2016 with the DNC and Podesta hacks.

A document dump like the ones leading up to the 2016 election would force lawmakers and operatives across the political spectrum, as well as the media, to grapple with the question of whether to utilize the publicly available information.

Warner said on Friday that he wants Congress to take action on election security sooner rather than later, saying the U.S. needs to adopt a “whole-of-society” approach to combating adversaries like Russia in cyberspace.

If not, he warned, the U.S. and its political parties will continue to be the victim of cyberattacks that interfere in the electoral process.