The House GOP Campaign Arm, National Republican Congressional Committee (NRCC), suffered a Major Hack during the 2018 Election, exposing Thousands of Sensitive Emails to an Outside Intruder.
The Email Accounts of Four Senior Aides at the NRCC were surveilled for several months. The Intrusion was Detected in April by an NRCC Vendor, who Alerted the Committee and its Cybersecurity Contractor. An Internal Investigation was Initiated and the FBI was Alerted to the Attack.
Senior House Republicans, including Speaker Paul Ryan (R-WI), House Majority Leader Kevin McCarthy (R-CA), and Majority Whip Steve Scalise (R-LA), were Not Informed of the Hack until POLITICO contacted the NRCC on Monday with Questions about the Episode. Rank-and-File House Republicans were Not told, either.
Committee Officials said they decided to Withhold the Information because they were intent on Conducting their own Investigation, and feared that revealing the Hack would Compromise efforts to find the Culprit. "We don't want to get into details about what was taken because it's an ongoing investigation," said a Senior Party Official. "Let's say they had access to four active accounts. I think you can draw from that."
The Hack became a Major Source of Consternation within the Committee as the Midterm Election unfolded. The NRCC brought on the prominent Washington Law Firm Covington and Burling as well as Mercury Public Affairs to Oversee the Response to the Hack. The NRCC Paid the Two Firms Hundreds of Thousands of Dollars to Help respond to the Intrusion. The Committee’s Chief Legal Counsel, Chris Winkelman, Devoted Hours of his time to dealing with matter.
Party Officials would Not say when the Hack began or Who was behind it, although they Privately believe it was a Foreign Agent due to the Nature of the Attack. Donor Information was Not Compromised during the Intrusion. “The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity. The cybersecurity of the Committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter,” said Ian Prior, a Vice President at Mercury.
Prior, a Former Justice Department Official and NRCC Operative, has been Working with the Committee to deal with the matter. “To protect the integrity of that investigation, the NRCC will offer no further comment on the incident,” Prior added.
None of the Information Accessed during the Hack, Thousands of Emails from Senior NRCC Aides, has appeared in Public. And there were No attempts to Threaten the NRCC or its Leadership during the Campaign with Exposure of the Information. Yet the fact that the NRCC was Hacked and Withheld that Information is likely to Prove Embarrassing at a time when Republicans are Grappling with an Election in which they Lost 40 Seats and Control of the House.
Rep. Tom Emmer (MN-6th District) will take over as NRCC Chairman this Cycle, a Selection that was Directly Approved by McCarthy. Emmer is in the Process of Hiring his own Senior Aides for the Committee, a normal Procedure when a New Chairman takes over a Party Committee. Emmer was first Briefed on the Hack on Monday Evening.
Cybersecurity remains a Pressing concern for Politicians and Political Committees. It’s not clear, however, what the NRCC could have Done to Avoid this Intrusion.
The Hack was first Detected by an MSSP, a Managed Security Services Provider that Monitors the NRCC’s Network. The MSSP informed NRCC Officials and they, in turn, Alerted Crowdstrike, a well-known Cybersecurity Firm that had already been Retained by the NRCC.
Like other Major Committees, the NRCC also had Security Procedures in place before the Election Cycle began to try to Limit the Amount of Information that could be Exposed to a Potential Hacker. It also Employed a Full-Time Cybersecurity Employee.
NYC Wins When Everyone Can Vote! Michael H. Drucker
