During the 2008 U.S. presidential election cycle, the FBI and U.S. Secret Service determined the Obama and the McCain campaigns were being targeted by hackers likely associated with foreign governments. Within days of this discovery, Kroll was enlisted to investigate all systems and determine the extent of any potential compromise. A team of experts, led by Senior Managing Director Alan Brill, was dispatched to Obama’s campaign headquarters and to the Democratic National Committee to identify the infection, cleanse infected systems and bolster defenses.
Our investigators determined the compromise occurred through a phishing email made to look like the outline of a meeting agenda and containing a malicious .zip file attachment. Once opened, the attachment released a virus that made its way around the network, kicking off an infection chain that compromised the computers of various senior staffers. In an NBC News article covering the attack, reporter Michael Isikoff pinpoints a passage from President Obama at a May 29, 2009, White House event announcing a new cyber security policy where he confirms the impact of the attack: “Hackers gained access to emails and a range of campaign files, from policy position papers to travel plans,” he said then.
As the investigation developed, our team identified the virus buried in the network, with the ability to keep itself hidden for months or years without being detected, proving to be a very sophisticated malware at the time.
How Kroll Helped
Kroll experts installed hardware to cleanse the affected machines as well as remotely monitor activity across the network, giving our team the ability to detect and block further attacks. Once our team gained visibility, we were alarmed at the volume of attacks, which continued throughout the months leading to the election. “It was like a firefight,” Alan said. “This was starting every day knowing that you didn’t know what they were going to throw at you.” We recently asked Alan to recount this engagement on video:
Kroll was able to successfully thwart all viruses attempting to pervade the campaign network. This was the first U.S. national election in which the hacking of a campaign became a prevalent issue, setting the stage for the role of cyberattacks in future elections which we still see today.
End-to-end cyber security services provided by unrivaled experts.Cyber Risk
Kroll CyberDetectER® - Cyber Threat Detection and Response
Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.Kroll CyberDetectER® - Cyber Threat Detection and Response
24x7 Incident Reponse
Compliant notifications, reputation-saving remediation, and litigation support.24x7 Incident Reponse
Virtual CISO (vCISO) Advisory Services
Services to help teams safeguard information assets while supporting business operations.Virtual CISO (vCISO) Advisory Services
Security Risk Management
Helping clients anticipate/respond to a myriad of facility, operational, and employee security challengesSecurity Risk Management
Cyber Risk Assessments
Delivering actionable recommendations using the best technology and expertise available.Cyber Risk Assessments