Trump’s campaign website hacked by cryptocurrency scammers

NelsonG · October 27, 2020

President Trump’s campaign website was briefly and partially hacked Tuesday afternoon as unknown adversaries took over parts of the page, replacing them with what appeared to be a scam to collect cryptocurrency. There is no indication, despite the hackers’ claims, that “full access to trump and relatives” was achieved or “most internal and secret conversations strictly classified information” were exposed.

The hack, first noted by Gabriel Lorenzo Greschler on Twitter, seemingly took place shortly before 4 PM Pacific time. The culprits likely gained access to the donaldjtrump.com web server backend and inserted a long stretch of obfuscated JavaScript producing a parody of the FBI “this site has been seized” message, which appeared over the normal content.

“the world has had enough of the fake-news spreaded daily by president donald j trump,” the new site read. “it is time to allow the world to know truth.”

Claiming to have inside information on the “origin of the corona virus” and other information discrediting Trump, the hackers provided two Monero addresses. Monero is a cryptocurrency that’s easy to send but quite difficult to track. For this reason it has become associated with unsavory operations such as this hack.

Trump says ‘nobody gets hacked’ but forgot his hotel chain was hacked — twice

One address was for people who wanted the “strictly classified information” released, the other for those who would prefer to keep it secret. After an unspecified deadline the totals of cryptocurrency would be compared and the higher total would determine what was done with the data.

The page was signed with a PGP public key corresponding to an email address at a non-existent domain (planet.gov).

The website was reverted to its original content within a few minutes of the hack taking place. There is no evidence to suggest that anything other than the one page was accessed, such as donor data; campaign communications director Tim Murtaugh confirmed the hack shortly afterwards, saying there was no exposure of sensitive data and that they are working with law enforcement.

Getting people to irreversibly send cryptocurrency to a mysterious address is a common form of scam online, usually relying on brief appearances on high visibility platforms like celebrity Twitter accounts and the like. This one is no different, and was taken down within minutes.

There is no indication that this attack was in any way state-sponsored, and while it strikes a partisan tone, one can hardly say that this is a very coherent attack against the Trump platform. Campaign and other elections-related websites are high-value targets for hackers because they are associated with entities like Trump but are not as secure as official sites like whitehouse.gov. Though the diction seems not to be that of a native English speaker, there is no other positive evidence that the hack is of foreign origin.

President Trump’s Twitter accessed by security expert who guessed password ‘maga2020!’

This is not the first time Trump has been hacked recently. His Twitter account was briefly taken over by someone who guessed his password (“maga2020!”) but was, luckily for the president, not of a mind to collect DMs or otherwise rock the boat. And of course, Trump’s hotels were hacked before as well.

Trump recently stated, mistakenly it seems, that “Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15% of your password.”