Protecting the 2008 U.S. Presidential Election from Cyber Attacks

During the 2008 U.S. presidential election cycle, the FBI and U.S. Secret Service determined the Obama and the McCain campaigns were being targeted by hackers likely associated with foreign governments. Within days of this discovery, Kroll was enlisted to investigate all systems and determine the extent of any potential compromise. A team of experts, led by Senior Managing Director Alan Brill, was dispatched to Obama’s campaign headquarters and to the Democratic National Committee to identify the infection, cleanse infected systems and bolster defenses. 

Our investigators determined the compromise occurred through a phishing email made to look like the outline of a meeting agenda and containing a malicious .zip file attachment. Once opened, the attachment released a virus that made its way around the network, kicking off an infection chain that compromised the computers of various senior staffers. In an NBC News article covering the attack, reporter Michael Isikoff pinpoints a passage from President Obama at a May 29, 2009, White House event announcing a new cyber security policy where he confirms the impact of the attack: “Hackers gained access to emails and a range of campaign files, from policy position papers to travel plans,” he said then.

As the investigation developed, our team identified the virus buried in the network, with the ability to keep itself hidden for months or years without being detected, proving to be a very sophisticated malware at the time. 

How Kroll Helped

Kroll experts installed hardware to cleanse the affected machines as well as remotely monitor activity across the network, giving our team the ability to detect and block further attacks. Once our team gained visibility, we were alarmed at the volume of attacks, which continued throughout the months leading to the election. “It was like a firefight,” Alan said. “This was starting every day knowing that you didn’t know what they were going to throw at you.” We recently asked Alan to recount this engagement on video:

Protecting the 2008 U.S. Presidential Election from Cyber Attacks

Kroll was able to successfully thwart all viruses attempting to pervade the campaign network. This was the first U.S. national election in which the hacking of a campaign became a prevalent issue, setting the stage for the role of cyberattacks in future elections which we still see today. 

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.


Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.

Enterprise Security Risk Management

Kroll’s Enterprise Security Risk Management practice provides expert guidance and advisory services to our global clientele as they navigate the most challenging and emerging security and threat-related issues.

Cyber Risk Assessments

Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.