After months of hacker meddling in the US presidential election, government officials and campaign-watchers have been bracing for the next attack to hit on Election Day. As it turns out, one arrived a day early and focused on a key get-out-the-vote tool—a phone bank service. An anonymous poster on the site 4chan Monday stated that the target was the Clinton campaign’s phone lines. But in fact TCN, the targeted phone bank service, has clients on both sides of the political aisle.
“The ironic thing is that they were probably impacting Republican calls just as much as Democrat calls,” says Jesse Bird, TCN’s chief technology officer.
Starting on Sunday night and continuing for 24 hours, hackers barraged Utah-based TCN with malicious internet traffic that overwhelmed its servers and periodically took its web-based software offline throughout much of Monday, a day many political groups consider the most important day of the election season for making get-out-the-vote phone calls. The distributed denial-of-service (or DDOS) attack didn’t actually prevent them from making calls using the phone banking service, but it did intermittently block volunteers and activists from accessing the software that listed contacts and offered calling scripts.
The 4chan post, written by someone using the pseudonym Sparky, said the politically-motivated attack used a variation of the Mirai botnet software that led to last month’s widespread outage of websites that included Spotify and Twitter. “They found the spot where they might be able to hurt us, and they pushed hard,” Bird says.”They didn’t shut down our services by any means. But they sure made my life difficult.”
On 4chan, Sparky claimed that he or she had used the botnet to attack the Clinton campaign’s TCN-hosted phone lines in Nevada. “List targets here that if taken out could harm Clinton’s chances of winning and I will pounce on them like a wild animal,” Sparky wrote. “Not sleeping until after this election is over.”
In fact, despite that hacker’s apparent intentions and early reports of the attack affecting Clinton supporters, TCN’s Bird says the 80-person firm hosts political phone banking software for dozens of clients of all political stripes. Bird declined to name any clients, citing non-disclosure agreements, but says that conservative groups are certainly on its client roster, too. “It’s kind of odd and a little awkward to be caught in something that may be politically motivated,” Bird says. “We don’t have a dog in any fight.”
NextGen Climate, an activist group focused on Climate Change, is one client of TCN whose phone banking suffered as a result of the attack. The group first started experiencing slowdowns of its calling software on Sunday evening, says NextGen organizer Cole Edwards, rendering it unusable at times during a crucial moment for motivating voters. “[TCN] would call and say we’re good again, and then it would crash five minutes later,” says Edwards. “That happened four to five times before they said, ‘We’re being attacked.’”
According to NextGen, progressive groups Our Revolution and MoveOn also use TCN’s phone banking service. A spokesperson for MoveOn, one of the largest activist groups involved in the election, confirmed that MoveOn uses the software, but declined to say whether the group’s phone banking had suffered as a result of the attack. The Clinton campaign itself tells WIRED it wasn’t aware of the attack and hadn’t been affected by it, and the Trump campaign didn’t respond to a request for comment.
The attack on TCN began Sunday night with a small flood of junk traffic from a few IP addresses, says TCN’s Bird. But by Monday afternoon it had swelled into a much larger bombardment that saturated four of TCN’s one-gigabit-per-second connections to its internet providers. Bird says that the company maintains ten times as much data capacity as it typically uses, but that all of that capacity was overwhelmed by the DDOS attack. And like other sophisticated DDOSes, the malicious traffic came in several forms, the most effective of which was domain-name system (DNS) amplification. That nasty trick involves a botnet of infected computers sending DNS requests—requests that a server look up the IP address of a certain domain name—with false return addresses, so that the pinged servers overwhelm a target at that return address with unwanted responses. “We were getting hammered with that,” says Bird. “It was tricky for us to lock that down.”
TCN responded by working to filter out the attack traffic, quadrupling its number of proxy servers designed to absorb it, and hiring the anti-DDOS security firm Cloudflare to help shield them against future attacks. Bird says the worst of its slowdowns were handled by around 3:30 pm Monday.
But Bird doesn’t downplay the effect of the attack on some of TCN’s clients. Though he says none of the site’s services ever went completely offline, the slowdown no doubt prevented many of the voter-motivating activism calls TCN’s service was meant to make possible. “For organizations that are mostly volunteer-based, that’s a big deal,” says Bird. “If volunteers get frustrated, they quit.”
That demotivation may have hit both Trump’s and Clinton’s supporters in equal measure. But it nonetheless represents another small win for hacker trolls in what’s already the most digitally chaotic election in American history.