The defacement lasted less than 30 minutes, and the hackers appeared to be looking to generate cryptocurrency.
- Oct. 27, 2020
Image President Trump during a campaign stop in Lansing, Mich., on Tuesday.Credit…Doug Mills/The New York Times
President Trump’s campaign website was briefly taken over by hackers who defaced the site on Tuesday.
The defacement lasted less than 30 minutes, but the incident came as Mr. Trump’s campaign and that of his opponent, Joseph R. Biden Jr., as well as law enforcement and intelligence agencies, have been on high alert for digital interference ahead of next week’s election.
In a statement, Tim Murtaugh, a spokesman for the Trump campaign, confirmed the website’s defacement and said it was “working with law enforcement authorities to investigate the source of the attack.” He added, “There was no exposure to sensitive data because none of it is actually stored on the site. The website has been restored.”
The F.B.I. did not immediately comment on the incident. The defacement was first noted on Twitter by Gabriel Lorenzo Greschler, a journalist at the Jewish News of Northern California, while he was researching an article on climate change.
It was not clear whether the defacement was the work of foreign hackers or cybercriminals. But in a screed posted to Mr. Trump’s website — donaldjtrump.com — the hackers claimed to have compromised “multiple devices” that gave them access to the “most internal and secret conversations” of the president and his relatives, including classified information.
The hackers also accused the Trump administration, without proof, of having a hand in the origins of the coronavirus and cooperating with “foreign actors manipulating the 2020 elections.”
The hackers appeared to be looking to generate cryptocurrency. They invited visitors to donate cryptocurrency to one of two funds — one labeled “Yes, share the data,” the other labeled “No, Do not share the data.” They solicited payments in Monero, a hard-to-trace cryptocurrency.
The hackers of President Trump’s campaign website were apparently seeking cryptocurrency.
“After the deadline, we will compare the funds and execute the will of the world,” they wrote, without specifying a deadline. The hackers also posted what they said was their encryption key, ostensibly to verify that whatever information they posted came from them. The key corresponded to an email address at a nonexistent internet site.
Though the defacement appeared to be part of a common cryptocurrency scam to get people to irreversibly donate money online, the incident took on added urgency one week before the election. Cybersecurity experts said that the incident could have been caused by tricking a website administrator into turning over their credentials, in what is known as a phishing attack, or by redirecting the campaign website to the hacker’s own server.
Intelligence agencies have been closely monitoring hacking groups, including teams backed by Iran and Russia, that have tried to break into election-related systems and have been involved in influence operations in recent weeks.
Last week, John Ratcliffe, the director of national intelligence, identified Iran and Russia as two nations responsible for disinformation and some limited intrusions into voter registration databases.
He cited threatening emails, ostensibly from the far-right group the Proud Boys, that were sent to voters in Florida and elsewhere. But the emails relied on publicly-available information; no hacking was necessary. And they were written in broken English — as was the defaced Trump website.
Last week, Mr. Trump told a campaign rally in Tucson, Ariz., “Nobody gets hacked. To get hacked you need somebody with 197 I.Q. and he needs about 15 percent of your password.”
Julian E. Barnes, Adam Goldman and David E. Sanger contributed reporting.