During the 2008 U.S. presidential election cycle, the FBI and U.S. Secret Service determined the Obama and the McCain campaigns were being targeted by hackers likely associated with foreign governments. Within days of this discovery, Kroll was enlisted to investigate all systems and determine the extent of any potential compromise. A team of experts, led by Senior Managing Director Alan Brill, was dispatched to Obama’s campaign headquarters and to the Democratic National Committee to identify the infection, cleanse infected systems and bolster defenses.
Our investigators determined the compromise occurred through a phishing email made to look like the outline of a meeting agenda and containing a malicious .zip file attachment. Once opened, the attachment released a virus that made its way around the network, kicking off an infection chain that compromised the computers of various senior staffers. In an NBC News article covering the attack, reporter Michael Isikoff pinpoints a passage from President Obama at a May 29, 2009, White House event announcing a new cyber security policy where he confirms the impact of the attack: “Hackers gained access to emails and a range of campaign files, from policy position papers to travel plans,” he said then.
As the investigation developed, our team identified the virus buried in the network, with the ability to keep itself hidden for months or years without being detected, proving to be a very sophisticated malware at the time.
How Kroll Helped
Kroll experts installed hardware to cleanse the affected machines as well as remotely monitor activity across the network, giving our team the ability to detect and block further attacks. Once our team gained visibility, we were alarmed at the volume of attacks, which continued throughout the months leading to the election. “It was like a firefight,” Alan said. “This was starting every day knowing that you didn’t know what they were going to throw at you.” We recently asked Alan to recount this engagement on video: