‘Compromised credentials’ most likely vector in Trump re-election site defacement
Make Websites Safe Again
Donald Trump’s official re-election campaign website was briefly defaced on Tuesday (October 27) in an embarrassing rather than serious lapse of security.
As-yet-unknown attackers left a message on donaldjtrump.com claiming they had compromising information on the US president, suggesting a conspiracy theory that “trump-gov is involved in the origin of the coronavirus” as well as supposedly being in cahoots with “foreign actors manipulating the 2020 elections”.
Visitors to the site were encouraged to vote on whether or not this supposed compromising material would be released by sending funds to one of two Monero cryptocurrency wallet IDs, each publicised through the defacement.
Which wallet received the most money would ostensibly determine the outcome of the vote.
Of course, the highly visible defacement on such a high-profile website didn’t stay up for long, so the exercise failed to rake in significant funds.
Gone in a flash
The defacement message – which parodied notices typically posted when the FBI seizes control of web services operated by cybercriminals – was pulled within minutes and the site quickly restored with approved content, encouragements to make campaign donations, or buy Republican Party merchandise.
A post on Twitter by the Trump re-election campaign’s director of communications, Tim Murtaugh, stated that “there was no exposure of sensitive data” because none is stored on the site.
Catch up on the latest election security news
The Trump campaign was “working with law enforcement authorities to investigate the source of the attack”, he added.
Donald Trump’s campaign website is hosted using ExpressionEngine, a content management system, and served through Cloudflare’s content delivery network.
Donald Trump’s re-election campaign website was briefly defaced on October 27
Wordfence analysis
In the wake of the short-lived attack, researchers from web security firm Wordfence offered some analysis of how the hack might have been carried out.
Since the…