Hackers testing defences of Trump campaign websites ahead of US election, security staff warn

US cybersecurity firm Cloudflare has been hired by US President Donald Trump to help defend his campaign's websites.
US cybersecurity firm Cloudflare has been hired by US President Donald Trump to help defend his campaign's websites.PHOTO: EPA-EFE

LONDON (REUTERS) - Hackers have stepped up efforts to knock Trump campaign and business websites offline ahead of the United States election, in what a security firm working for the campaign said could be preparation for a larger digital assault, according to e-mails seen by Reuters.

The security assessment was prepared by staff at US cyber-security firm Cloudflare, which has been hired by President Donald Trump to help defend his campaign's websites in an election contest overshadowed by warnings about hacking, disinformation and foreign interference.

Cloudflare is widely used by businesses and other organisations to help defend against distributed denial-of-service (DDoS) attacks, which aim to take down websites by flooding them with malicious traffic.

Internal Cloudflare e-mails sent to senior company managers - including chief executive officer Matthew Prince - on July 9 state that the number and severity of attacks on Trump websites increased in the preceding two months and reached record levels in June. The e-mails did not give the total number of attacks.

"As we get closer to the election, attacks are increasing in both numbers (and) sophistication" and succeeded in disrupting access to the targeted websites for short periods of time between March 15 and June 6, the assessment said.

Cloudflare did not respond directly to questions about the e-mails or their contents. The company said it was providing security services to both US presidential campaigns and declined to answer further questions about the nature or details of its work.

"We have seen an increase in cyber attacks targeting political candidates. We will continue to work to ensure these attacks do not disrupt free and fair elections," it said in a statement when asked about the e-mails.

A spokesman for the Trump campaign did not respond to a request for comment. The Biden campaign declined to comment on its work with Cloudflare or any attacks on its websites.

A spokesman for the Trump Organization said no Trump websites had been taken offline by cyber attacks. She did not respond to further questions about the attacks or Trump's work with Cloudflare.

 
 

Cloudflare's security team did not comment on the identity of the hackers and Reuters was not able to determine who was responsible for the attacks.

DDoS attacks are viewed by cyber-security experts as a relatively crude form of digital sabotage - easily deployed by anyone from tech-savvy teenagers to top-end cyber criminals.

But seven of the attacks on Trump websites, including donaldjtrump.com and a Trump-owned golf course, were judged to be more serious by the Cloudflare security team, the e-mails show.

The increasing number and sophistication of attempts suggested the attackers were "probing" the website defences to establish what would be needed to take them fully offline, the security assessment said.

 
 

"We therefore cannot discount the possibility that there are attackers using this as an opportunity to collect information for more sophisticated attacks," it added.

The Cloudflare team said they would continue to monitor the attacks and carry out "a further round of security hardening" to better protect the websites.