WASHINGTON — Fresh off its shellacking in the 2018 midterm elections, House Republicans suffered another embarrassment on Tuesday when it was revealed that their flagship campaign group was hacked earlier this year and failed to tell senior party members about the attack.
Politico reported that unknown hackers breached the National Republican Congressional Committee, the party’s main vehicle for winning House races, and had access to the email accounts of four senior NRCC employees. The attack was detected in April, and NRCC officials alerted the FBI while launching their own internal investigation this spring. But senior Republican lawmakers, including soon-to-be House Minority Leader Kevin McCarthy (R-CA) and outgoing Speaker Paul Ryan (R-WI), weren’t briefed about the attack until this week.
“The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” a spokesman for the committee told Politico. “The cybersecurity of the committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter.”
There is no evidence that any emails stolen from the NRCC have been dumped online or weaponized against the GOP. Two years ago, of course, Russian hackers not only broke into the Democratic Party’s servers, but also published those pilfered documents to damage Hillary Clinton and influence the presidential election.
This past summer, Director of National Intelligence Dan Coats said the warning lights for future cyberattacks targeting the U.S. were “blinking red.” Microsoft said it had detected and helped block hacking attempts focused on three congressional candidates during the 2018 midterms. While Microsoft refused to name those candidates, the Daily Beast reported in July that the Russian intelligence agency behind the 2016 election interference had attacked Sen. Claire McCaskill (D-MO), who went on to lose her reelection bid.
Rolling Stone first revealed multiple other cyberattacks that took place during the 2018 campaign, as well as the FBI’s interest in probing those attacks. One Democratic candidate for Congress in southern California, Hans Keirstead, was targeted by multiple spear-phishing attempts — one of which was successful — intended to trick him into providing his password and compromising his email account. A second attack, also in southern California, took the form of distributed denial of service (DDoS) attacks that crippled the campaign website of Democratic candidate Bryan Caforio. Neither Keirstead nor Caforio advanced to the general election.
A few weeks before Election Day, the FBI, Justice Department, Department of Homeland Security and the Office of the Director of National Intelligence issued a statement saying there were “ongoing campaigns by Russia, China and other foreign actors, including Iran” such as cyberattacks targeting the 2018 and 2020 elections. The NRCC would not comment on the identity or identities of the hackers who penetrated their email system.
The NRCC rebuffed an offer made this summer by its counterpart, the Democratic Congressional Campaign Committee, to create a joint plan to prevent future hacks by foreign adversaries. The Republicans dismissed the offer as “a cheap political stunt” designed to generate bad headlines for the GOP, though the headlines the NRCC is grappling with now are surely far worse.