Yesterday, as groups across the country hit the final stretch of their get-out-the-vote campaigns, workers at NextGen Climate noticed some problems with their automated dialer program. As the team started its morning hours, the program used to initiate and monitor voter calls was suddenly clunky, and cut out entirely for crucial hours in the afternoon.
“It was slower in the morning, and then went down for hours at a time,” says NextGen’s Suzanne Henkels. The tool suffered intermittent downtime throughout the rest of the day. The campaign still made calls throughout the weekend, and was able to switch to backup methods of calling and texting to reach the remaining voters. Still, the attack caused significant trouble for the operation on the eve of Election Day.
The downtime wasn’t a coincidence. Just after midnight on Sunday night, a post on 4chan’s /pol/ board announced an impending denial-of-service attack on any tools used by the Clinton campaign, employing the same Mirai botnet code that blocked access to Twitter and Spotify last month. One of those targets was TCN, the Utah-based call center company that runs NextGen’s dialer. According to the post’s author, the company was also providing phone services to Hillary Clinton’s offices in Nevada.
“List targets here that if taken out could harm Clinton's chances of winning and I will pounce on them like a wild animal,” the post reads. “Not sleeping until after this election is over.”
It’s still unclear exactly how those attacks were performed. Since the release of the Mirai source code last month, nearly anyone is capable of launching an attack using the tool, although most of those attacks are negligible in size. Notably, the TCN attack does not appear on some public logs of Mirai-powered attacks, although it’s entirely possible the logs have yet to discover the specific botnet used in the attack.
TCN confirmed the outage in a statement, describing the attack as “fairly sophisticated in nature.” According to the statement, “the primary impacts were a slow site and a few brief periods of unavailability.”
The statement also makes it clear that NextGen Climate was far from the only group slowed down by the outage. TCN manages calling services for 2000 different clients, with a particularly brisk business during campaign season handling “everything from inbound information IVRs, outbound surveys to volunteer outreach.”
It’s not the first time 4chan has intervened on behalf of the Trump campaign. In October, a 4chan user used private passwords published by WikiLeaks to locate and remotely wipe an iPhone used by John Podesta, Hillary Clinton’s campaign chair. Other 4chan campaigns have spread phony “text to vote” memes in an effort to keep Clinton voters away from the polls.
Monday also saw a number of smaller attacks against both Clinton and Trump’s official campaign websites fueled by the same generation of botnets. This morning, the security firm Flashpoint reported multiple Mirai-powered denial-of-service attacks against both campaign websites, although none of the attacks were powerful enough to knock the sites offline. According to the firm, the Mirai botnet has likely been “fractured into smaller, competing botnets,” making it difficult to repeat the kind of infrastructure-damaging attacks we saw in October.
11:43AM ET: Updated with more detail on NextGen Climate’s response to the dialer’s downtime.
2:35PM ET: Updated with statement from TCN.