The brief defacement of President Trump’s campaign website Tuesday night serves as another reminder that when cybercriminals want to cast a wide net for a scam, U.S. politics present plenty of opportunities — especially in the final days of a highly fraught election season.
The front page of the site was replaced with a message claiming that hackers had compromised “multiple devices” and stolen “strictly classified information” — claims that the Trump campaign rejected. There was a call to action, too: Visitors had the choice to “vote” on whether the material should be made public, by sending the cryptocurrency Monero to online wallets marked “yes” or “no.” Any payments to those accounts would be irreversible.
It’s hardly the first time this year that scammers have used Trump’s name to reel people in. Most recently, the Republican president’s COVID-19 diagnosis was a lure; other schemes have involved naming fake ransomware after Trump. Democratic presidential nominee Joe Biden and former President Barack Obama’s accounts also were among dozens leveraged in a bitcoin scam on Twitter.
The message on Trump’s site also called upon another 2020 favorite for fraudsters: the coronavirus pandemic. The Trump administration was accused of being “involved in the origin” of the virus — the kind of comment that pops up in phishing campaigns and faked news articles that are part of scams.
Christopher Krebs, the director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, was among the expects who urged users to exercise caution.
Like I said yesterday, website defacements are noise. Don’t fall for these attempts designed to distract, sensationalize, and confuse. Ultimately they’re trying to undermine your confidence in our voting process. #keepcalmandvoteon https://t.co/5lZ7YoLYO8 pic.twitter.com/Qk9XOlFELE
— Chris Krebs #Protect2020 (@CISAKrebs) October 28, 2020
The defacement message was signed with a PGP public key that the attackers said would identify them once “the will of the world” had been expressed through Monero contributions. TechCrunch noted that the encryption key corresponded to an email address at a website that doesn’t exist — planet.gov.
Few details about the attackers or the methods of intrusion were immediately available. It’s unclear if hackers broke directly into the website or redirected its traffic to another server. The Trump campaign said it was working with law enforcement, and that no sensitive data was stored on the campaign site. Official U.S. government work is handled through .gov domains that would not have direct links to any political sites.
It’s safe to say that any Trump-related account is probably under intense pressure from potential intruders of all stripes. Last week a Dutch security researcher claimed that he had figured out the president’s Twitter password.
Monero, meanwhile, enjoys a reputation for being more private or less traceable than bitcoin, but security researchers have said the idea is debatable.
The incident also comes just weeks after the president falsely claimed “nobody gets hacked.”
Donald Trump on computer hacking: "Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15 percent of your password."
— Ira Goldman 🦆🦆🦆 (@KDbyProxy) October 19, 2020