NRCC breach exposes gaps 2 years after Russia hacks

Democrats are seizing on recent revelations that the House GOP’s campaign arm was hacked earlier this year to spotlight that both parties are vulnerable to cyberattacks.

The FBI is investigating a cyber breach at the National Republican Congressional Committee (NRCC) that felt like déjà vu to many in Washington — hackers targeting political campaign groups. This time, however, the perpetrators aimed their digital tools at the GOP instead of Democrats.

“It creates more of a sense of how critical it is that we protect our infrastructure,” Sen. Roy BluntRoy Dean BluntMcConnell: Senate won't override Trump veto on shutdown fight Senate immigration talks fall apart Emergency declaration option for wall tests GOP MORE (R-Mo.) told The Hill this week. “The federal government has certainly had plenty of hacks of their own, so we can't say with any certainty, ‘Do this like we do it you won't have a problem,’ because we've had plenty of problems.”


Four top aides at the NRCC — which was notified in April about the breach — learned that their emails had been surveilled for months, according to Politico, which first reported the intrusion.

Ian Prior, a public relations professional hired by the NRCC to oversee its response to the breach, confirmed the cyber intrusion.

“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” said Prior, a former Justice Department official, in an email to The Hill. “The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.”

Hackers likely breached a hosted email environment as a result of a password compromise, according to a source familiar with the matter.

The attack serves as a stark reminder that the targets of a cyberattack are fluid and changing. But it also has Democrats waving their fingers at Republicans for not heeding their warnings after the intelligence community concluded that Russia interfered in the 2016 presidential race. Back then Democrats told their GOP counterparts: It’s us this time, but you could be next.

“In their age-old routine of choosing party over country, Republicans swept the issue aside,” Rep. Bennie ThompsonBennie Gordon ThompsonHomeland Security Committee chairman: 'I would not rule out a wall in certain instances' Sunday shows preview: Shutdown negotiations continue after White House immigration proposal Last-minute deal extends program to protect chemical plants MORE (Miss.), the top Democrat on the Homeland Security Committee, said in a statement after the NRCC hack was revealed.


“Now news of this hack — which was not released for months — makes it clear Republicans ignored election security at their own peril,” he said. “Democrats led on election security the entire 115th Congress and Republicans should have joined us.”

Nevertheless, Thompson and other top Democrats expected to lead key House committees next year say they will examine the matter during the 116th Congress.

“This is an issue that transcends party,” Rep. Jerrold Nadler (N.Y.), the top Democrat expected to lead the Judiciary panel, wrote on Twitter. “I hope more of my @HouseGOP colleagues will be willing to say so in the new Congress when House Judiciary and others take a close look at this systemic problem.”

Democrats are also resurfacing comments President TrumpDonald John TrumpJuan Williams: AOC fever shows appetite for new politics Judd Gregg: Sauntering into anarchy Civil rights group marks MLK Day with call for 'Trump card' national ID MORE made earlier this year in which he asserted that Republicans have better cybersecurity after a series of damaging attacks against Democrats, including the ones on the Democratic National Committee (DNC) and John Podesta, who was campaign manager for former Secretary of State Hillary ClintonHillary Diane Rodham ClintonIdentity politics and the race for the Democratic nomination O'Rourke’s strategy: Show Americans the real Beto Conservatives pound BuzzFeed, media over Cohen report MORE’s presidential bid.

“The DNC should be ashamed of themselves for allowing themselves to be hacked. They had bad defenses and they were able to be hacked,” Trump told CBS News earlier this year. “I heard they were trying to hack the Republicans too, but — and this may be wrong — but they had much stronger defenses.”

Former FBI Director James ComeyJames Brien ComeyDems revive impeachment talk after latest Cohen bombshell Dem calls for Cohen to testify before Senate panel over explosive report The Hill’s 12:30 Report: Day 27 of the shutdown | Cohen reportedly paid company to rig online polls, boost his own image | Atlantic publishes ‘Impeach Donald Trump’ cover story MORE told Congress last year that while hackers successfully breached an old Republican National Committee server during the election, their efforts to target the GOP paled in comparison to the Kremlin’s efforts to go after Democrats in 2016. While Russia-linked hackers infiltrated other Republican targets, the hackers did not leak those stolen files.

Lawmakers are still in the information-gathering stage with the NRCC hack.

The top members of the Senate Intelligence Committee — Chairman Richard BurrRichard Mauze BurrHillicon Valley: Senate panel subpoenas Roger Stone associate | Streaming giants hit with privacy complaints in Europe | FTC reportedly discussing record fine for Facebook | PayPal offering cash advances to unpaid federal workers Senate panel subpoenas Roger Stone associate Jerome Corsi Manafort developments trigger new ‘collusion’ debate MORE (R-N.C.) and Vice Chairman Mark WarnerMark Robert WarnerGiuliani: Trump Tower Moscow talks went 'as far as October, November' 2016 Senate Dem: Trump immigration proposal a 'starting point' Washington fears new threat from 'deepfake' videos MORE (D-Va.) — voiced interest in receiving a briefing from the FBI, which is investigating the hack.

Other lawmakers have also called for more details to be released.

“There's a lot more information that has to come out on the hack, how it happened, what happened,” said Sen. James LankfordJames Paul LankfordGOP senator calls Trump immigration offer a 'straw man proposal' not meant to become law Sunday shows preview: Shutdown negotiations continue after White House immigration proposal Senate GOP blocks bill to reopen Homeland Security MORE (R-Okla.), who noted that it has not yet been announced who’s responsible for the breach.

“There's a big difference between a domestic hacker who got into them and a foreign hacker,” he added.

Warner has been vocal about his belief that Republicans need to be more wary of a potential breach of their systems.

“The truth is that there are foreign adversaries who, for the most part, want to simply disrupt our political system. And I think there was, for a while, some hubris from some of them — Republicans saying the Democrats were just sloppy in 2016,” Warner said on Thursday. “The truth is that both political parties have been attacked by the Russians in the 2016 cycle.”

During remarks on Friday, Warner noted that cybersecurity isn’t necessarily a priority for political campaigns and committees like the NRCC, who are more focused on getting their candidates into office.

“The ultimate startup is a political campaign,” the senator said at an event for the Center for a New American Security. “And the notion that cybersecurity’s going to be on the top three when your goal is getting reelecting or electing someone isn’t going to take place.”

Officials working on election security have acknowledged that more needs to be done to secure campaigns from cyberattacks, an issue amplified after three separate Democratic candidates in California were the victims of such attacks this election cycle.

The NRCC hack has also resurfaced questions about how political groups should respond when their opponents fall victim to a cyberattack.

Earlier this year, the two parties were reportedly in talks about how both sides would work together in the face of a politically motivated cyberattack, but those discussions fell apart after Republicans refused to agree not to use hacked materials, saying leaked information would be fair game to use if it became public.

It’s unclear if any information was stolen during the NRCC hack, but no data or emails have been publicly released like they were in 2016 with the DNC and Podesta hacks.

A document dump like the ones leading up to the 2016 election would force lawmakers and operatives across the political spectrum, as well as the media, to grapple with the question of whether to utilize the publicly available information.

Warner said on Friday that he wants Congress to take action on election security sooner rather than later, saying the U.S. needs to adopt a “whole-of-society” approach to combating adversaries like Russia in cyberspace.

If not, he warned, the U.S. and its political parties will continue to be the victim of cyberattacks that interfere in the electoral process.