4chan may have brought down pro-Clinton phone lines the day before the election

Yesterday, as groups across the country hit the final stretch of their get-out-the-vote campaigns, workers at NextGen Climate noticed some problems with their automated dialer program. As the team started its morning hours, the program used to initiate and monitor voter calls was suddenly clunky, and cut out entirely for crucial hours in the afternoon.

“It was slower in the morning, and then went down for hours at a time,” says NextGen’s Suzanne Henkels. The tool suffered intermittent downtime throughout the rest of the day. Other get-out-the-vote operations like the texting campaign were unaffected, but the attack still put a significant dent in the number of calls the group was able to make on the eve of Election Day. “We obviously couldn’t make all the calls we wanted or needed to,” Henkels says.

The downtime wasn’t a coincidence. Just after midnight on Sunday night, a post on 4chan’s /pol/ board announced an impending denial-of-service attack on any tools used by the Clinton campaign, employing the same Mirai botnet code that blocked access to Twitter and Spotify last month. One of those targets was TCN, the Utah-based call center company that runs NextGen’s dialer. According to the post’s author, the company was also providing phone services to Hillary Clinton’s offices in Nevada.

“List targets here that if taken out could harm Clinton's chances of winning and I will pounce on them like a wild animal,” the post reads. “Not sleeping until after this election is over.”

It’s still unclear exactly how those attacks were performed. Since the release of the Mirai source code last month, nearly anyone is capable of launching an attack using the tool, although most of those attacks are negligible in size. Notably, the TCN attack does not appear on some public logs of Mirai-powered attacks, although it’s entirely possible the logs have yet to discover the specific botnet used in the attack.

NextGen Climate may not have been the only group slowed down by the outage. TCN has a broad range of clients, and the same dialer program is also used by progressive groups like MoveOn and Our Revolution, although it’s unclear if either group suffered similar downtime.

It’s not the first time 4chan has intervened on behalf of the Trump campaign. In October, a 4chan user used private passwords published by WikiLeaks to locate and remotely wipe an iPhone used by John Podesta, Hillary Clinton’s campaign chair. Other 4chan campaigns have spread phony “text to vote” memes in an effort to keep Clinton voters away from the polls.

Monday also saw a number of smaller attacks against both Clinton and Trump’s official campaign websites fueled by the same generation of botnets. This morning, the security firm Flashpoint reported multiple Mirai-powered denial-of-service attacks against both campaign websites, although none of the attacks were powerful enough to knock the sites offline. According to the firm, the Mirai botnet has likely been “fractured into smaller, competing botnets,” making it difficult to repeat the kind of infrastructure-damaging attacks we saw in October.

Previous Post
Next Post